v5.5.8
[Patch]: Update GitHub Actions dependencies to latest pinned versions (#358)
Consolidates the currently-passing Dependabot GitHub Actions updates into one change, so the pipeline moves to the latest action versions in a single release instead of separate bumps. It also configures Dependabot to group future GitHub Actions updates into one pull request, so this consolidated form happens automatically from now on.
Superseded Dependabot PRs: #351, #353, #354, #355 — Dependabot closes these automatically once this merges.
⚠️ Build-PSModule v5.0.0 (#350) is intentionally excluded. v5 makesmoduleVersiona required input, which the currentBuild-Module.ymldoes not provide, so it fails CI (6 checks on #350's own PR too). Adopting it needs the "decide version before build" work in #342 and should ship with/after that PR. #350 stays open to track it.
Updated GitHub Actions
| Action | From | To | Bump |
|---|---|---|---|
| actions/checkout | v6.0.2 | v7.0.0 | Major |
| PSModule/Publish-PSModule | v2.2.4 | v3.0.0 | Major |
| super-linter/super-linter | v8.6.0 | v8.7.0 | Minor |
| super-linter/super-linter/slim | v8.6.0 | v8.7.0 | Minor |
This bundle includes two major action upgrades, so it is labelled Major and cuts a major release of Process-PSModule on merge.
Changed: Dependabot groups GitHub Actions updates
.github/dependabot.yml now groups all github-actions updates into a single grouped pull request via a groups block. The github_actions label is also corrected — it was github-actions, which does not match the repository label and was silently dropped by Dependabot.
Technical Details
-
Each bump is a cherry-pick of the original Dependabot commit, preserving authorship and the
Bump X from A to Bmessages for a clean linear history. -
All bumps touch only
uses:pins under.github/workflows/; no logic changes. -
Dependabot grouping added:
groups: github-actions: patterns: - "*"
This groups every GitHub Actions ecosystem update (all semver levels) into one PR. To keep major bumps as separate PRs for individual review, add
update-types: ["minor", "patch"]under the group — majors then continue to open on their own. -
No linked issue: this is Dependabot-driven maintenance; the superseded PRs above are the traceability.