chore(deps): bump step-security/harden-runner from 2.4.0 to 2.10.2

[dependabot]

Bumps step-security/harden-runner from 2.4.0 to 2.10.2.

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.2

What's Changed

1. Fixes low-severity command injection weaknesses The advisory is here: GHSA-g85v-wf27-67xc

2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

v2.10.1

What's Changed

Release v2.10.1 by @​varunsh-coder in step-security/harden-runner#463 Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: step-security/harden-runner@v2...v2.10.1

v2.10.0

What's Changed

Release v2.10.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: step-security/harden-runner@v2...v2.10.0

v2.9.1

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #440 This release includes two changes:

1. Updated markdown displayed in the job summary by the Harden-Runner Action.
2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in step-security/harden-runner#435 This release includes:

• Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
• Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
• README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
• Dependency Update: Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

v2.8.1

What's Changed

... (truncated)

Commits

• 0080882 Merge pull request #476 from step-security/rc-16
• 4a3a88b Update dist
• 556aae6 Merge pull request #480 from h0x0er/jatin/cleanup
• 6c39b84 chore: clean the code
• 40401cf Update for isdocker
• 806ab1c Update check for isdocker
• 2846811 update dist
• df8a07c Merge pull request #475 from h0x0er/fix-execSync
• 30636fb bug fixes
• 91182cc Merge pull request #463 from step-security/rc-14
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

PR-Codex overview

This PR updates the version of the step-security/harden-runner action across multiple workflow files to improve security and functionality.

Detailed summary

• Updated step-security/harden-runner from v2.4.0 to v2.10.2 in:
  • .github/workflows/scorecards.yml
  • .github/workflows/deploy-bots.yml
  • .github/workflows/sonarcloud.yml
  • .github/workflows/codeql-analysis.yml
  • .github/workflows/contracts-testing.yml
  • .github/workflows/dependency-review.yml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

The following labels could not be found: Type: Security Patch.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• chore(deps):

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for veascan ready!

Name	Link
🔨 Latest commit	beae97f
🔍 Latest deploy log	https://app.netlify.com/sites/veascan/deploys/673c37cf6221ad0008c62f3d
😎 Deploy Preview	https://deploy-preview-360--veascan.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.