From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Feb 2026 12:23:39 +0000 (+0000)
Subject: Bump step-security/harden-runner from 2.14.1 to 2.14.2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=bc61baf776af233023eadd05a94b5a786ea89126;p=doc.git

Bump step-security/harden-runner from 2.14.1 to 2.14.2

## Release notes

Sourced from step-security/harden-runner's releases.

v2.14.2
What's Changed
Security fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See GHSA-cpmj-h4f6-r6pq for details.
Full Changelog: https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2

## Commits

5ef0c07 Merge pull request #635 from step-security/rc-34
eb43c7b update agent
See full diff in compare view

![Dependabot compatibility score](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Issue-ID: CIMAN-33
Signed-off-by: dependabot[bot] <support@github.com>
Change-Id: I0448161bb19995d18cf7d595b319e53a27783a69
GitHub-PR: https://github.com/onap/doc/pull/5
GitHub-Hash: 584c6a923d6909c9
Signed-off-by: onap.gh2gerrit <releng+onap-gh2gerrit@linuxfoundation.org>
---

diff --git a/.github/workflows/call-github2gerrit.yaml b/.github/workflows/call-github2gerrit.yaml
index 36db35d62..911ab4f35 100644
--- a/.github/workflows/call-github2gerrit.yaml
+++ b/.github/workflows/call-github2gerrit.yaml
@@ -94,7 +94,7 @@ jobs:
     timeout-minutes: 5
     steps:
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+      - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
         with:
           egress-policy: audit
 
@@ -120,7 +120,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+      - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
         with:
           egress-policy: audit
 
@@ -151,7 +151,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+      - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
         name: 'Harden runner'
         with:
           egress-policy: audit
@@ -200,7 +200,7 @@ jobs:
     steps:
       # Harden the runner used by this workflow
       # yamllint disable-line rule:line-length
-      - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+      - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
         with:
           egress-policy: audit