Potential fix for code scanning alert no. 7: Use of a broken or weak cryptographic hashing algorithm on sensitive data (#4353)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Makefile

@@ -6,7 +6,7 @@ endif
 DOCKER_USER ?= $(shell echo ${DOCKER_IMAGE_NAME} | cut -d / -f1)
 VERSION ?= dev
 COMMIT_SHA = $(shell git rev-parse HEAD)
-RUNNER_VERSION ?= 2.330.0
+RUNNER_VERSION ?= 2.331.0
 TARGETPLATFORM ?= $(shell arch)
 RUNNER_NAME ?= ${DOCKER_USER}/actions-runner
 RUNNER_TAG  ?= ${VERSION}

controllers/actions.summerwind.net/multi_githubclient.go

@@ -2,7 +2,7 @@ package actionssummerwindnet
 
 import (
 	"context"
-	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"sort"
@@ -176,7 +176,7 @@ func (c *MultiGitHubClient) initClientForSecret(secret *corev1.Secret, dependent
 
 	sort.SliceStable(ks, func(i, j int) bool { return ks[i] < ks[j] })
 
-	hash := sha1.New()
+	hash := sha256.New()
 	for _, k := range ks {
 		hash.Write(secret.Data[k])
 	}

runner/Makefile

@@ -6,7 +6,7 @@ DIND_ROOTLESS_RUNNER_NAME ?= ${DOCKER_USER}/actions-runner-dind-rootless
 OS_IMAGE ?= ubuntu-22.04
 TARGETPLATFORM ?= $(shell arch)
 
-RUNNER_VERSION ?= 2.330.0
+RUNNER_VERSION ?= 2.331.0
 RUNNER_CONTAINER_HOOKS_VERSION ?= 0.8.0
 DOCKER_VERSION ?= 28.0.4
 

runner/VERSION

@@ -1,2 +1,2 @@
-RUNNER_VERSION=2.330.0
+RUNNER_VERSION=2.331.0
 RUNNER_CONTAINER_HOOKS_VERSION=0.8.0

test/e2e/e2e_test.go

@@ -36,7 +36,7 @@ var (
 
 	testResultCMNamePrefix = "test-result-"
 
-	RunnerVersion               = "2.330.0"
+	RunnerVersion               = "2.331.0"
 	RunnerContainerHooksVersion = "0.8.0"
 )