Skip to content

v5.5.8

Choose a tag to compare

@github-actions github-actions released this 07 Jul 22:12
0506996

[Patch]: Update GitHub Actions dependencies to latest pinned versions (#358)

Consolidates the currently-passing Dependabot GitHub Actions updates into one change, so the pipeline moves to the latest action versions in a single release instead of separate bumps. It also configures Dependabot to group future GitHub Actions updates into one pull request, so this consolidated form happens automatically from now on.

Superseded Dependabot PRs: #351, #353, #354, #355 — Dependabot closes these automatically once this merges.

⚠️ Build-PSModule v5.0.0 (#350) is intentionally excluded. v5 makes moduleVersion a required input, which the current Build-Module.yml does not provide, so it fails CI (6 checks on #350's own PR too). Adopting it needs the "decide version before build" work in #342 and should ship with/after that PR. #350 stays open to track it.

Updated GitHub Actions

Action From To Bump
actions/checkout v6.0.2 v7.0.0 Major
PSModule/Publish-PSModule v2.2.4 v3.0.0 Major
super-linter/super-linter v8.6.0 v8.7.0 Minor
super-linter/super-linter/slim v8.6.0 v8.7.0 Minor

This bundle includes two major action upgrades, so it is labelled Major and cuts a major release of Process-PSModule on merge.

Changed: Dependabot groups GitHub Actions updates

.github/dependabot.yml now groups all github-actions updates into a single grouped pull request via a groups block. The github_actions label is also corrected — it was github-actions, which does not match the repository label and was silently dropped by Dependabot.

Technical Details

  • Each bump is a cherry-pick of the original Dependabot commit, preserving authorship and the Bump X from A to B messages for a clean linear history.

  • All bumps touch only uses: pins under .github/workflows/; no logic changes.

  • Dependabot grouping added:

    groups:
      github-actions:
        patterns:
          - "*"

    This groups every GitHub Actions ecosystem update (all semver levels) into one PR. To keep major bumps as separate PRs for individual review, add update-types: ["minor", "patch"] under the group — majors then continue to open on their own.

  • No linked issue: this is Dependabot-driven maintenance; the superseded PRs above are the traceability.