From 8d923fc586097ea6c45fbbb80df1e70eb546848d Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Fri, 11 Aug 2023 22:52:59 -0700
Subject: build(deps): bump step-security/harden-runner from 2.5.0 to 2.5.1

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
---
 .github/workflows/build-extra.yml     | 10 +++++-----
 .github/workflows/build.yml           |  2 +-
 .github/workflows/codeql-analysis.yml |  2 +-
 .github/workflows/profile-checks.yml  |  2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index 0a9628d31..1e277cbcf 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -84,7 +84,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -110,7 +110,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -132,7 +132,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -150,7 +150,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a53260e64..cb2c15759 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
       SHELL: /bin/bash
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         egress-policy: block
         allowed-endpoints: >
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 4b9aaa7d6..497db02fd 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -75,7 +75,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         disable-sudo: true
         egress-policy: block
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml
index 8d4e5ba28..c44012768 100644
--- a/.github/workflows/profile-checks.yml
+++ b/.github/workflows/profile-checks.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
+      uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
       with:
         disable-sudo: true
         egress-policy: block
-- 
cgit v1.2.3-54-g00ecf


From 7facc386cd085c7bf401d4742b9f9c6267caa3cd Mon Sep 17 00:00:00 2001
From: Varun Sharma <varunsh@stepsecurity.io>
Date: Fri, 11 Aug 2023 23:23:08 -0700
Subject: Update allowed endpoints

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
---
 .github/workflows/build-extra.yml     | 21 +++++++++++++++++++++
 .github/workflows/codeql-analysis.yml |  2 ++
 2 files changed, 23 insertions(+)

diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index 1e277cbcf..a36997838 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -58,8 +58,12 @@ jobs:
       with:
         egress-policy: block
         allowed-endpoints: >
+          archive.ubuntu.com:80
           azure.archive.ubuntu.com:80
           github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          security.ubuntu.com:80
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
     - name: update package information
       run: sudo apt-get update -qy
@@ -88,8 +92,12 @@ jobs:
       with:
         egress-policy: block
         allowed-endpoints: >
+          archive.ubuntu.com:80
           azure.archive.ubuntu.com:80
           github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          security.ubuntu.com:80
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
     - name: update package information
       run: sudo apt-get update -qy
@@ -114,8 +122,12 @@ jobs:
       with:
         egress-policy: block
         allowed-endpoints: >
+          archive.ubuntu.com:80
           azure.archive.ubuntu.com:80
           github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          security.ubuntu.com:80
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
     - name: update package information
       run: sudo apt-get update -qy
@@ -136,8 +148,13 @@ jobs:
       with:
         egress-policy: block
         allowed-endpoints: >
+          archive.ubuntu.com:80
           azure.archive.ubuntu.com:80
           github.com:443
+          packages.microsoft.com:443
+          ppa.launchpad.net:80
+          ppa.launchpadcontent.net:443
+          security.ubuntu.com:80
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
     - name: update package information
       run: sudo apt-get update -qy
@@ -154,8 +171,12 @@ jobs:
       with:
         egress-policy: block
         allowed-endpoints: >
+          archive.ubuntu.com:80
           azure.archive.ubuntu.com:80
           github.com:443
+          packages.microsoft.com:443
+          ppa.launchpadcontent.net:443
+          security.ubuntu.com:80
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
     - name: update package information
       run: sudo apt-get update -qy
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 497db02fd..0f9c0f740 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -81,8 +81,10 @@ jobs:
         egress-policy: block
         allowed-endpoints: >
           api.github.com:443
+          files.pythonhosted.org:443
           github.com:443
           objects.githubusercontent.com:443
+          pypi.org:443
           uploads.github.com:443
 
     - name: Checkout repository
-- 
cgit v1.2.3-54-g00ecf