Skip to content

Comments

build(deps): update step-security/harden-runner action to v2.14.2#259

Merged
james-d-elliott merged 2 commits intomasterfrom
renovate-step-security-harden-runner-2.14.x
Feb 14, 2026
Merged

build(deps): update step-security/harden-runner action to v2.14.2#259
james-d-elliott merged 2 commits intomasterfrom
renovate-step-security-harden-runner-2.14.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 14, 2026

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action patch v2.14.1v2.14.2

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.14.2

Compare Source

What's Changed

Security fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See GHSA-cpmj-h4f6-r6pq for details.

Full Changelog: step-security/harden-runner@v2.14.1...v2.14.2

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 14, 2026
@renovate renovate bot requested a review from a team as a code owner February 14, 2026 02:28
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 14, 2026
@renovate renovate bot enabled auto-merge (squash) February 14, 2026 02:28
@codecov
Copy link

codecov bot commented Feb 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 1.26%. Comparing base (7455a8f) to head (f628441).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files 
@@          Coverage Diff           @@
##           master    #259   +/-   ##
======================================
  Coverage    1.26%   1.26%           
======================================
  Files          49      49           
  Lines        2206    2206           
======================================
  Hits           28      28           
  Misses       2160    2160           
  Partials       18      18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renovate
Copy link
Contributor Author

renovate bot commented Feb 14, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@james-d-elliott james-d-elliott merged commit 4a9a2aa into master Feb 14, 2026
10 checks passed
@james-d-elliott james-d-elliott deleted the renovate-step-security-harden-runner-2.14.x branch February 14, 2026 04:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@james-d-elliott james-d-elliott james-d-elliott approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@james-d-elliott