Merge d7dd980970 into 67cd8c4673

2026-02-11 05:39:45 +08:00 · 2026-01-26 09:58:19 +01:00
5 changed files with 7 additions and 7 deletions
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@ -13,7 +13,7 @@ jobs:
      contents: write # this is needed to push commits and branches
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@ -26,7 +26,7 @@ jobs:
          - macos-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

@ -47,7 +47,7 @@ jobs:
      - test
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -24,7 +24,7 @@ jobs:
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@ -17,7 +17,7 @@ jobs:
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit
      - name: Authenticate as @ohmyzsh
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -36,7 +36,7 @@ jobs:

    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

@ -60,6 +60,6 @@ jobs:
          retention-days: 5

      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
+        uses: github/codeql-action/upload-sarif@19b2f06db2b6f5108140aeb04014ef02b648f789 # v4.31.11
        with:
          sarif_file: results.sarif