diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6afdc7c299..29b4239797 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -49,4 +49,9 @@ updates: day: monday interval: weekly time: "07:00" + +- package-ecosystem: npm + directory: /docs/api/media + schedule: + interval: daily version: 2 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 6280133f16..4b81efb290 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -23,6 +23,11 @@ jobs: contents: read steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 + with: + egress-policy: audit + - name: Checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 diff --git a/.github/workflows/test-and-report.yml b/.github/workflows/test-and-report.yml index 6c05da9ecf..53fe0a28f6 100644 --- a/.github/workflows/test-and-report.yml +++ b/.github/workflows/test-and-report.yml @@ -147,6 +147,11 @@ jobs: permissions: contents: read steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 @@ -281,6 +286,11 @@ jobs: env: GENERATION_BUDGET_MS: 30000 steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0