Skip to content

v2.2.0

Marketplace
Marketplace
Compare
Choose a tag to compare
@varunsh-coder varunsh-coder released this 20 Feb 16:07
· 133 commits to main since this release
v2.2.0
c8454ef
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • Release v2.2.0 by @varunsh-coder in #245
    1. Added functionality that allows for skipping Harden Runner installation if any errors arise during the installation process.
    2. Updated Harden-Runner GitHub Action to use the latest version of the Harden Runner agent, which resolves three issues:
      • Addressed a bug that allowed calls to direct IP addresses not included in the allowed list when executing code in a docker image.
      • Enhanced annotations to eliminate false positives, specifically not showing false positive calls to docker.io
      • Upgraded containerd dependency to a non-vulnerable version.
  • Bump codecov/codecov-action from 2.1.0 to 3.1.1 by @dependabot in #233
  • Bump step-security/harden-runner from 2.0.0 to 2.1.0 by @dependabot in #232
  • Bump github/codeql-action from 2.1.37 to 2.1.38 by @dependabot in #229
  • Update README.md by @varunsh-coder in #231

Full Changelog: v2...v2.2.0

Contributors

varunsh-coder and dependabot
Assets 2