Update versions of harden-runner and stale-branches

[RalphHightower]

Pull request type

🚨 Jekyll Precheck Verify blog(s), page(s) before merge 🚨

• title
• tags
• categories
• date

<!-
IS#9999 – Issue created independently of a Pull Request
PR#9999 – Issue created from a Pull Request
-->
Pull Request/Issue Number: N/A

Please check the type of change your PR introduces:

• New blog post(s)
• Bugfix(es)
• Code change(s)
• Jekyll change(s)
• Liquid change(s)
• Markdown change(s)
• npm package(s)
• YAML change(s)
• Build error(s)
• Feature(s)
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no api changes)
• Build related change(s)
• Documentation content change(s)
• Other (please describe):

Language(s)

• Assembler
• awk
• C/C++/C#
• HTML
• Javascript
• Jekyll
• Liquid
• Markdown
• npm package
• Ruby
• Python
• YAML

Operating System(s)

• Linux
• Unix
• Solaris
• Windows

What is the current behavior?

What is the new behavior?

Files Added

Files Modified

Files Deleted

Other information

Hardware

• ARM
• DEC PDP-8
• DEC PDP-11
• DEC VAX
• DEC VAXStation
• Intel 8080
• Intel Core
• Motorola 68000
• Raspberry Pi
• RISC/V
• Sun SPARCStation

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/crs-k/stale-branches	3761c6625fc7087355ddc5134bb6acfb36bc80b8	🟢 4.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/12 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1
actions/step-security/harden-runner	8d3c67de8e2fe68ef647c8db1e6a09f647780f40	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 14 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 4 6 existing vulnerabilities detected

Scanned Files

• .github/workflows/stale-branches.yml