Skip to content

Bump step-security/harden-runner from 2.17.0 to 2.18.0#193

Merged
stephenegriffin merged 1 commit intomainfrom
dependabot/github_actions/step-security/harden-runner-2.18.0
Apr 16, 2026
Merged

Bump step-security/harden-runner from 2.17.0 to 2.18.0#193
stephenegriffin merged 1 commit intomainfrom
dependabot/github_actions/step-security/harden-runner-2.18.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026
edited
Loading

Bumps step-security/harden-runner from 2.17.0 to 2.18.0.

Release notes

Sourced from step-security/harden-runner's releases.

v2.18.0

What's Changed

Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.

Deploy on Self-Hosted VM: Added deploy-on-self-hosted-vm input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.

Full Changelog: step-security/harden-runner@v2.17.0...v2.18.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 15, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026
edited
Loading

Test Results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit c774638. ± Comparison against base commit 17201e2.

♻️ This comment has been updated with latest results.

@dependabot
Bump step-security/harden-runner from 2.17.0 to 2.18.0
c774638 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.17.0 to 2.18.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@f808768...6c3c2f2)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.18.0 branch from 12bdc60 to c774638 Compare April 16, 2026 14:10
@stephenegriffin
Copy link
Copy Markdown
Member

stephenegriffin commented Apr 16, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 16, 2026

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@stephenegriffin stephenegriffin merged commit c7bcf02 into main Apr 16, 2026
21 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/step-security/harden-runner-2.18.0 branch April 16, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenegriffin stephenegriffin stephenegriffin approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stephenegriffin