chore(deps): bump step-security/harden-runner from 2.19.2 to 2.19.4

[dependabot]

Bumps step-security/harden-runner from 2.19.2 to 2.19.4.

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

• Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

• Default to audit mode when api-key missing with use-policy-store by @​varunsh-coder in step-security/harden-runner#665

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

Commits

• 9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
• 485dce8 Update agent to v1.8.6
• ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
• ec41b78 Default to audit mode when api-key missing with use-policy-store
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated security hardening tools used in the continuous integration pipeline to the latest patch version.

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🤖 Hi @dependabot[bot], I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[coderabbitai]

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key(s) in object: 'pre_merge_checks'

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: a0ecb3eb-aa60-4244-bd08-ebe4c8d14d05

📥 Commits

Reviewing files that changed from the base of the PR and between 0c4ad85 and 0e7d8f3.

📒 Files selected for processing (1)

• .github/workflows/on-schedule-inactivity.yaml

---

📝 Walkthrough

Walkthrough

The inactivity-check workflow's step-security/harden-runner action is bumped from commit 9ca718d3 (v2.19.2) to commit 9af89fc7 (v2.19.4). No workflow logic, permissions, or execution flow changes.

Changes

Runner Hardening Action Dependency

Layer / File(s)	Summary
Harden-runner action version bump .github/workflows/on-schedule-inactivity.yaml	The step-security/harden-runner action reference is pinned to a newer commit version (v2.19.2 → v2.19.4) without changes to workflow logic or permissions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🔒 A patch bump here, security grows,
Runner hardened, the inactivity flows,
One line changed, the workflow stays true,
Dependencies fresh—and so do you! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: a dependency bump of step-security/harden-runner from v2.19.2 to v2.19.4.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/step-security/harden-runner-2.19.4

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🤖 I'm sorry @dependabot[bot], but I was unable to process your request. Please see the logs for more details.