You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Patch]: Update GitHub Actions dependencies to latest pinned versions (#358)
Consolidates the currently-passing Dependabot GitHub Actions updates
into one change, so the pipeline moves to the latest action versions in
a single release instead of separate bumps. It also configures
Dependabot to group future GitHub Actions updates into one pull request,
so this consolidated form happens automatically from now on.
**Superseded Dependabot PRs:** #351, #353, #354, #355 — Dependabot
closes these automatically once this merges.
> ⚠️ **Build-PSModule v5.0.0 (#350) is intentionally excluded.** v5
makes `moduleVersion` a required input, which the current
`Build-Module.yml` does not provide, so it fails CI (6 checks on #350's
own PR too). Adopting it needs the "decide version before build" work in
#342 and should ship with/after that PR. #350 stays open to track it.
## Updated GitHub Actions
| Action | From | To | Bump |
| --- | --- | --- | --- |
| actions/checkout | v6.0.2 | v7.0.0 | Major |
| PSModule/Publish-PSModule | v2.2.4 | v3.0.0 | Major |
| super-linter/super-linter | v8.6.0 | v8.7.0 | Minor |
| super-linter/super-linter/slim | v8.6.0 | v8.7.0 | Minor |
This bundle includes two major action upgrades, so it is labelled
`Major` and cuts a major release of Process-PSModule on merge.
## Changed: Dependabot groups GitHub Actions updates
`.github/dependabot.yml` now groups all `github-actions` updates into a
single grouped pull request via a `groups` block. The `github_actions`
label is also corrected — it was `github-actions`, which does not match
the repository label and was silently dropped by Dependabot.
## Technical Details
- Each bump is a cherry-pick of the original Dependabot commit,
preserving authorship and the `Bump X from A to B` messages for a clean
linear history.
- All bumps touch only `uses:` pins under `.github/workflows/`; no logic
changes.
- Dependabot grouping added:
```yaml
groups:
github-actions:
patterns:
- "*"
```
This groups every GitHub Actions ecosystem update (all semver levels)
into one PR. To keep major bumps as separate PRs for individual review,
add `update-types: ["minor", "patch"]` under the group — majors then
continue to open on their own.
- No linked issue: this is Dependabot-driven maintenance; the superseded
PRs above are the traceability.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
0 commit comments