Sourced from step-security/harden-runner's releases.

v2.4.1

What's Changed

Release v2.4.1 by @ varunsh-coder and @ Devils-Knight in step-security/harden-runner#309

This release

1. Shows a preview of the network events in the job summary markdown
2. Uses a fallback DNS service from Cloudflare in addition to Google DNS to improve reliability

Full Changelog: step-security/harden-runner@v2...v2.4.1

v2.4.0

What's Changed

• Release v2.4.0 by @ varunsh-coder and @ h0x0er in step-security/harden-runner#292 Adds support for wildcard domains in block mode. e.g. you can add *.data.mcr.microsoft.com:443 to the allowed list, and egress traffic will be allowed to eastus.data.mcr.microsoft.com:443 and westus.data.mcr.microsoft.com:443. Link to documentation.
• Bump actions/checkout from 3.5.0 to 3.5.2 by @ dependabot in step-security/harden-runner#277
• Bump github/codeql-action from 2.2.11 to 2.2.12 by @ dependabot in step-security/harden-runner#278
• Bump step-security/harden-runner from 2.3.0 to 2.3.1 by @ dependabot in step-security/harden-runner#282
• Added a workflow for reviewing code changes using stepsecurity code reviewer by @ boahc077 in step-security/harden-runner#290

Full Changelog: step-security/harden-runner@v2...v2.4.0

v2.3.1

What's Changed

• Release v2.3.1 by @ arjundashrath and @ varunsh-coder in step-security/harden-runner#281 Fixes #279 and #275
• Update README.md by @ varunsh-coder in step-security/harden-runner#267
• Bump step-security/harden-runner from 2.2.1 to 2.3.0 by @ dependabot in step-security/harden-runner#268
• Bump codecov/codecov-action from 3.1.1 to 3.1.2 by @ dependabot in step-security/harden-runner#273
• Bump ossf/scorecard-action from 2.1.2 to 2.1.3 by @ dependabot in step-security/harden-runner#265
• Bump actions/checkout from 3.3.0 to 3.5.0 by @ dependabot in step-security/harden-runner#261
• Bump github/codeql-action from 2.2.6 to 2.2.11 by @ dependabot in step-security/harden-runner#270

Full Changelog: step-security/harden-runner@v2...v2.3.1

• 55d479f Release v2.4.1 (#309)
• 215c5ca Merge pull request #307 from step-security/dependabot/github_actions/github/c...
• 95a625a Merge pull request #306 from step-security/dependabot/github_actions/actions/...
• 7d83e8e Bump github/codeql-action from 2.3.3 to 2.13.4
• 36ccae2 Bump actions/checkout from 3.5.2 to 3.5.3
• beefd8c Merge pull request #295 from step-security/dependabot/github_actions/github/c...
• bb523fd Merge pull request #301 from step-security/dependabot/github_actions/codecov/...
• 760976e Bump codecov/codecov-action from 3.1.2 to 3.1.4
• f702486 Merge pull request #300 from step-security/ak-codewise-dogfooding
• 1f715fe using ai-codewise int for dogfooding
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)