From b1817a2b53cf6702333f030ed08ffd9a2fed77a3 Mon Sep 17 00:00:00 2001
From: Zeitsperre <10819524+Zeitsperre@users.noreply.github.com>
Date: Mon, 19 Feb 2024 13:22:35 -0500
Subject: [PATCH 1/2] harden runner does not work on container images

---
 .github/workflows/main.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 02676df0a..b183ed929 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -276,10 +276,6 @@ jobs:
     runs-on: ubuntu-latest
     container: python:3-slim
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
-        with:
-          egress-policy: audit
       - name: Coveralls Finished
         run: |
           python -m pip install --upgrade coveralls

From 1e5de6eca24dfb4c6e697ec48831e461089ec350 Mon Sep 17 00:00:00 2001
From: Zeitsperre <10819524+Zeitsperre@users.noreply.github.com>
Date: Mon, 19 Feb 2024 13:31:07 -0500
Subject: [PATCH 2/2] update CHANGES.rst

---
 CHANGES.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index b6be64884..779e9f411 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -74,6 +74,7 @@ Internal changes
 * `black`, `isort`, and `pyupgrade` code formatters no longer target Python3.8 coding style conventions. (:pull:`1565`).
 * The GitHub Workflows now include builds to run tests against both Windows and MacOS. (:pull:`1648`).
 * `prefetch` is now available as a `tox` environment modifier in order to download the testing data before launching `pytest` (e.g. `py3x-prefetch`). This is . (:pull:`1648`).
+* Removed `step-security/harden-runner` from the `finish` job as it does not work on container images lacking `sudo` access. (:pull:`1655`).
 
 v0.47.0 (2023-12-01)
 --------------------