Skip to content

Bump step-security/harden-runner from 2.19.0 to 2.19.3#135

Merged
AlphaOne1 merged 1 commit into
masterfrom
dependabot/github_actions/step-security/harden-runner-2.19.1
May 17, 2026
Merged

Bump step-security/harden-runner from 2.19.0 to 2.19.3#135
AlphaOne1 merged 1 commit into
masterfrom
dependabot/github_actions/step-security/harden-runner-2.19.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps step-security/harden-runner from 2.19.0 to 2.19.3.

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.3

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

Commits
  • ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
  • ec41b78 Default to audit mode when api-key missing with use-policy-store
  • 9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
  • 1dee3df Update agent to v1.8.5
  • a5ad31d Merge pull request #657 from devantler/fix/ubuntu-slim-user-env
  • 6e92856 build dist and trim ubuntu-slim message
  • 4e0504e Merge branch 'main' into fix/ubuntu-slim-user-env
  • 376d25a fix: detect ubuntu-slim runners early and bail out
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 4, 2026
@dependabot dependabot Bot requested a review from AlphaOne1 as a code owner May 4, 2026 23:56
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 4, 2026
@dependabot
Bump step-security/harden-runner from 2.19.0 to 2.19.3
a9d12f5 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.3.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@v2.19.0...ab7a940)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump step-security/harden-runner from 2.19.0 to 2.19.1 Bump step-security/harden-runner from 2.19.0 to 2.19.3 May 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/step-security/harden-runner-2.19.1 branch from b081401 to a9d12f5 Compare May 17, 2026 09:10
@AlphaOne1 AlphaOne1 merged commit 08eb367 into master May 17, 2026
17 checks passed
@AlphaOne1 AlphaOne1 deleted the dependabot/github_actions/step-security/harden-runner-2.19.1 branch May 17, 2026 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlphaOne1 AlphaOne1 AlphaOne1 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AlphaOne1