chore(deps): update step-security/harden-runner action to v2.16.1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
step-security/harden-runner	action	minor	v2.15.1 → v2.16.1	v2.17.0

---

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.16.1

Compare Source

What's Changed

Enterprise tier: Added support for direct IP addresses in the allow list
Community tier: Migrated Harden Runner telemetry to a new endpoint

Full Changelog: step-security/harden-runner@v2.16.0...v2.16.1

v2.16.0

Compare Source

What's Changed

• Updated action.yml to use node24
• Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-46g3-37rh-v698 for details.
• Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-g699-3x6g-wm3g for details.

Full Changelog: step-security/harden-runner@v2.15.1...v2.16.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 32.92%. Comparing base (dc66d2a) to head (2930283).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2004      +/-   ##
==========================================
+ Coverage   32.88%   32.92%   +0.04%     
==========================================
  Files          77       77              
  Lines        6988     6988              
==========================================
+ Hits         2298     2301       +3     
+ Misses       4506     4504       -2     
+ Partials      184      183       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.