Update dependencies for harden-runner and stale-branches

[RalphHightower]

Pull request type

🚨 Jekyll Precheck Verify blog(s), page(s) before merge 🚨

• title
• tags
• categories
• date

<!-
IS#9999 – Issue created independently of a Pull Request
PR#9999 – Issue created from a Pull Request
-->
Pull Request/Issue Number: N/A

Please check the type of change your PR introduces:

• New blog post(s)
• Bugfix(es)
• Code change(s)
• Jekyll change(s)
• Liquid change(s)
• Markdown change(s)
• npm package(s)
• YAML change(s)
• Build error(s)
• Feature(s)
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no api changes)
• Build related change(s)
• Documentation content change(s)
• Other (please describe):

Language(s)

• Assembler
• awk
• C/C++/C#
• HTML
• Javascript
• Jekyll
• Liquid
• Markdown
• npm package
• Ruby
• Python
• YAML

Operating System(s)

• Linux
• Unix
• Solaris
• Windows

What is the current behavior?

What is the new behavior?

Files Added

Files Modified

Files Deleted

Other information

Hardware

• ARM
• DEC PDP-8
• DEC PDP-11
• DEC VAX
• DEC VAXStation
• Intel 8080
• Intel Core
• Motorola 68000
• Raspberry Pi
• RISC/V
• Sun SPARCStation

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/crs-k/stale-branches	e876b957ab08f0bad43c8cc271a22cdd7604bd09	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 2 Found 2/10 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 23 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST 🟢 8 SAST tool detected but not run on all commits
actions/step-security/harden-runner	a5ad31d6a139d249332a2605b85202e8c0b78450	🟢 8.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 6 project has 2 contributing companies or organizations -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 12 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected

Scanned Files

• .github/workflows/stale-branches.yml