From 13c38e0cb5af863f3884a3babb5decf596d3a240 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 19 Feb 2025 23:20:31 +0000
Subject: [PATCH] Bump the sast group across 1 directory with 2 updates

Bumps the sast group with 2 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `step-security/harden-runner` from 2.10.4 to 2.11.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/cb605e52c26070c328afc4562f0b4ada7618a84e...4d991eb9b905ef189e4c376166672c3f2f230481)

Updates `actions/dependency-review-action` from 4.3.4 to 4.5.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/5a2ce3f5b92ee19cbb1541a4984c76d921601d7c...3b139cfc5fae8b618d3eae3675e383bb1769c019)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sast
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sast
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/dependabot-addons.yml | 6 +++---
 .github/workflows/prettier.yml          | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/dependabot-addons.yml b/.github/workflows/dependabot-addons.yml
index e5b3fe8..7455e34 100644
--- a/.github/workflows/dependabot-addons.yml
+++ b/.github/workflows/dependabot-addons.yml
@@ -14,7 +14,7 @@ jobs:
       issues: write
       repository-projects: write
     steps:
-      - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
           disable-sudo: true
@@ -30,11 +30,11 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           disable-sudo: true
           egress-policy: audit
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-      - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+      - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
         with:
           comment-summary-in-pr: always
diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml
index 981c1f6..4478986 100644
--- a/.github/workflows/prettier.yml
+++ b/.github/workflows/prettier.yml
@@ -43,7 +43,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      - uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
           disable-sudo: true