chore(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 (#13697)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 04:29:25 +02:00 · 2026-04-20 10:55:24 +02:00 · 2026-04-20 10:55:24 +02:00 · 7a6357cbf6
commit 7a6357cbf6
parent 106b887c1f
5 changed files with 6 additions and 6 deletions
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@ -16,7 +16,7 @@ jobs:
      contents: write # this is needed to push commits and branches
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
        with:
          egress-policy: audit

--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@ -26,7 +26,7 @@ jobs:
          - macos-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
        with:
          egress-policy: audit

@ -47,7 +47,7 @@ jobs:
      - test
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
        with:
          egress-policy: audit

--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -24,7 +24,7 @@ jobs:
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
        with:
          egress-policy: audit

--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@ -17,7 +17,7 @@ jobs:
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
        with:
          egress-policy: audit
      - name: Authenticate as @ohmyzsh
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -36,7 +36,7 @@ jobs:

    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
+        uses: step-security/harden-runner@6c3c2f2c1c457b00c10c4848d6f5491db3b629df # v2.18.0
        with:
          egress-policy: audit