v5.3.10

Bump actions/checkout from 6.0.0 to 6.0.1 (#247)

Bumps actions/checkout from 6.0.0 to 6.0.1.

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.3.9

Bump PSModule/GitHub-Script from 1.7.4 to 1.7.6 (#246)

Bumps PSModule/GitHub-Script from 1.7.4 to 1.7.6.

Release notes

Sourced from PSModule/GitHub-Script's releases.

v1.7.6

Bumps azure/login from v2.2.0 to v2.3.0 (#70)

Bumps azure/login from v2.2.0 to v2.3.0.

Changes

• Updated version comment to use patch-level semver (# v2.3.0 instead of # v2)
• Updated PR title and description to reference semver versions

# Before
uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2
After
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

v1.7.5

Bump super-linter/super-linter from 8.2.1 to 8.3.0 (#69)

Bumps super-linter/super-linter from 8.2.1 to 8.3.0.

... (truncated)

Commits

• 8b9d273 Bumps azure/login from v2.2.0 to v2.3.0 (#70)
• 413d904 Bump super-linter/super-linter from 8.2.1 to 8.3.0 (#69)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.3.8

Bump super-linter/super-linter from 8.3.0 to 8.3.1 (#250)

Bumps super-linter/super-linter from 8.3.0 to 8.3.1.

Release notes

Sourced from super-linter/super-linter's releases.

v8.3.1

8.3.1 (2025-12-15)

🐛 Bugfixes

• docs: ansible-lints lints the entire dir (#7272) (b721f3c), closes #7263
• handle paths with parentheses (#7273) (d29d0d4)
• rollback to python 3.13 (#7269) (10265f1)
• trivial log message bug when file does not exist (#7268) (c6a7b38)

⬆️ Dependency updates

• bundler: bump rubocop-rails in /dependencies in the rubocop group (#7251) (d8a2032)
• java: bump com.google.googlejavaformat:google-java-format (#7270) (140a2e3)
• java: bump com.puppycrawl.tools:checkstyle (#7264) (550df3c)
• java: bump the java-gradle group across 3 directories with 3 updates (#7252) (5306a0a)
• npm: bump @​modelcontextprotocol/sdk in /dependencies (#7248) (4d59852)
• npm: bump express from 5.1.0 to 5.2.1 in /dependencies (#7246) (50462d3)
• npm: bump jws from 4.0.0 to 4.0.1 in /dependencies (#7260) (cc90344)
• npm: bump next from 16.0.7 to 16.0.9 in /dependencies (#7277) (b7cedfb)
• npm: bump the npm group across 1 directory with 3 updates (#7289) (f65215e)
• npm: bump the npm group across 1 directory with 5 updates (#7271) (b4e616f)
• npm: bump the npm group across 1 directory with 7 updates (#7259) (0ab9ad4)
• npm: bump the npm group across 1 directory with 8 updates (#7266) (39e94f8)
• python: bump the pip group across 1 directory with 2 updates (#7288) (4559b6e)
• python: bump the pip group across 1 directory with 7 updates (#7265) (026d3fe)

🧰 Maintenance

• add prettier and htmlhint to the npm group (#7257) (4692c1c)
• deps: update docker dependencies (#7285) (f4d16d3), closes #7244
• fix docs typos and update next (#7284) (0df9f3c)
• update issue template and print graph (#7276) (dfb728c)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

8.3.1 (2025-12-15)

🐛 Bugfixes

• docs: ansible-lints lints the entire dir (#7272) (b721f3c), closes #7263
• handle paths with parentheses (#7273) (d29d0d4)
• rollback to python 3.13 (#7269) (10265f1)
• trivial log message bug when file does not exist (#7268) (c6a7b38)

⬆️ Dependency updates

• bundler: bump rubocop-rails in /dependencies in the rubocop group (#7251) (d8a2032)
• java: bump com.google.googlejavaformat:google-java-format (#7270) (140a2e3)
• java: bump com.puppycrawl.tools:checkstyle (#7264) (550df3c)
• java: bump the java-gradle group across 3 directories with 3 updates (#7252) (5306a0a)
• npm: bump @​modelcontextprotocol/sdk in /dependencies (#7248) (4d59852)
• npm: bump express from 5.1.0 to 5.2.1 in /dependencies (

v5.3.7

Update dependencies and doc cleanup (#245)

This release updates workflow dependencies to their latest versions and standardizes table formatting across documentation files.

Workflow Dependency Updates:

• Updated actions in various workflows to their latest versions:
  • super-linter/super-linter from 8.2.1 to 8.3.0
  • PSModule/Document-PSModule from 1.0.11 to 1.0.12
  • PSModule/Install-PSModuleHelpers from 1.0.5 to 1.0.6
  • PSModule/Test-PSModule from 3.0.6 to 3.0.7

Documentation and Table Formatting Improvements:

• Standardized markdown table column alignment and spacing in multiple documentation files.
• Added a style configuration for markdown tables (MD060) in .github/linters/.markdown-lint.yml to enforce leading column style and avoid emoji width issues.

v5.3.6

Use commit SHA with version comments for all workflow action references (#239)

Standardize all GitHub Actions workflow references to use commit SHAs with version comments instead of mutable tags, ensuring deterministic builds and supply chain security.

Changes

• GitHub Actions: Updated actions/checkout, actions/download-artifact, actions/upload-artifact, actions/upload-pages-artifact, actions/configure-pages, actions/deploy-pages to SHA references
• PSModule Actions: Updated all PSModule actions (Auto-Release, Document-PSModule, GitHub-Script, Build-PSModule, Install-PSModuleHelpers, Get-PesterCodeCoverage, Get-PesterTestResults, Invoke-ScriptAnalyzer, Test-PSModule, Invoke-Pester, Publish-PSModule) to SHA references
• 13 workflow files updated in .github/workflows/

Format

# Before
uses: actions/checkout@v6

# After  
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

Dependabot supports SHA references for automated update PRs.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>🩹 [Patch]: Use commit SHA with specific version comments for all workflow action references</issue_title>
<issue_description>### Describe the change

Standardize all GitHub Actions workflow references in this repository so that every action uses a commit SHA, with a comment specifying the most specific version tag (e.g., # v1.2.3).

Why:

• Ensures deterministic builds and protects against unexpected updates or supply chain attacks.
• Improves maintainability and readability by documenting the exact version in use.

Examples:
✅ Correct:

  - name: Checkout Code
    uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v1.2.3
    with:
      persist-credentials: false

❌ Incorrect:

  - name: Checkout Code
    uses: actions/checkout@v1

Scope of change:

• Update all workflow files in .github/workflows/*. yml to reference actions by SHA with a version comment, instead of by tag.
• Use the most specific version tag in comments (e.g., v1.2.3 instead of v1).
• Affected actions may include but are not limited to: actions/checkout, actions/download-artifact, actions/upload-artifact, actions/configure-pages, actions/deploy-pages, custom PSModule actions, etc.
• Ensure CI and linting checks do not break.
• Document changes in affected files.

Security Note:
Dependabot is configured to notify and create PRs when upstream actions/workflows update. Dependabot supports SHA references, so using them does not reduce security or update capabilities.

Acceptance:

• All workflows use commit SHA with a version comment specifying the most specific tag
• No workflows reference actions by tag (e.g., @v1)
• All CI/CD checks pass
• Documentation is updated as needed</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes #238

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

v5.3.5

Bump actions/checkout from 5 to 6 (#237)

Bumps actions/checkout from 5 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

V5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695

... (truncated)

Commits

• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-...

v5.3.4

Bump actions/download-artifact from 5 to 6 (#236)

Bumps actions/download-artifact from 5 to 6.

Release notes

Sourced from actions/download-artifact's releases.

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README for download-artifact v5 changes by @​yacaovsnc in actions/download-artifact#417
• Update README with artifact extraction details by @​yacaovsnc in actions/download-artifact#424
• Readme: spell out the first use of GHES by @​danwkennedy in actions/download-artifact#431
• Bump @actions/artifact to v4.0.0
• Prepare v6.0.0 by @​danwkennedy in actions/download-artifact#438

New Contributors

• @​danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

Commits

• 018cc2c Merge pull request #438 from actions/danwkennedy/prepare-6.0.0
• 815651c Revert "Remove github.dep.yml"
• bb3a066 Remove github.dep.yml
• fa1ce46 Prepare v6.0.0
• 4a24838 Merge pull request #431 from danwkennedy/patch-1
• 5e3251c Readme: spell out the first use of GHES
• abefc31 Merge pull request #424 from actions/yacaovsnc/update_readme
• ac43a60 Update README with artifact extraction details
• de96f46 Merge pull request #417 from actions/yacaovsnc/update_readme
• 7993cb4 Remove migration guide for artifact download changes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.3.3

Bump actions/upload-artifact from 4 to 5 (#235)

Bumps actions/upload-artifact from 4 to 5.

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

New Contributors

• @​GhadimiR made their first contribution in actions/upload-artifact#681
• @​nebuk89 made their first contribution in actions/upload-artifact#712
• @​danwkennedy made their first contribution in actions/upload-artifact#727
• @​patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in actions/upload-artifact#685

New Contributors

• @​salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578

... (truncated)

Commits

• 330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
• 03f2824 Update github.dep.yml
• 905a1ec Prepare v5.0.0
• 2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
• 9687587 Merge branch 'main' into patch-1
• 2848b2c Merge pull request #727 from danwkennedy/patch-1
• 9b51177 Spell out the first use of GHES
• cd231ca Update GHES guidance to include reference to Node 20 version
• de65e23 Merge pull request #712 from actions/nebuk89-patch-1
• 8747d8c Update README.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.3.2

Bump super-linter/super-linter from 8.2.0 to 8.2.1 (#234)

Bumps super-linter/super-linter from 8.2.0 to 8.2.1.

Release notes

Sourced from super-linter/super-linter's releases.

v8.2.1

8.2.1 (2025-10-15)

🐛 Bugfixes

• biome ignore errors on unmatched files (#7089) (8d1cfd5)
• handle pull_request_target (#7088) (188a10f)
• handle schedule and workflow_dispatch events (#7098) (28cb079), closes #7095
• set CONFLICT_FOUND as expected (#7093) (07cfe7e), closes #7092
• strip workspace from the regex check path (#7110) (3b72a2d), closes #7086
• validate DEFAULT_BRANCH when using find (#7119) (7508f4c), closes #7117

⬆️ Dependency updates

• docker: bump the docker group with 2 updates (#7100) (28c5681)
• npm: bump eslint from 9.36.0 to 9.37.0 in /dependencies (#7102) (cf6cb1e)
• npm: bump renovate from 41.132.2 to 41.136.0 in /dependencies (#7107) (495692f)
• npm: bump the eslint-plugins-configs group across 1 directory with 2 updates (#7101) (b3a735d)
• npm: bump the npm group across 1 directory with 4 updates (#7108) (ce227b3)
• npm: bump typescript (#7109) (deba11c)
• python: bump the pip group across 1 directory with 7 updates (#7106) (7c02a56)

🧰 Maintenance

• add missing ruff variables to readme (#7091) (7daeceb), closes #7099
• explain who ignores VALIDATE_ALL_CODEBASE (#7111) (9150eb9), closes #7090
• github-actions: bump peter-evans/create-issue-from-file (#7103) (ec80a77)
• update rack to 3.2.3 (#7136) (2e6ad3d)
• update ruby transitive dependencies (#7115) (00a71f6)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

8.2.1 (2025-10-15)

🐛 Bugfixes

• biome ignore errors on unmatched files (#7089) (8d1cfd5)
• handle pull_request_target (#7088) (188a10f)
• handle schedule and workflow_dispatch events (#7098) (28cb079), closes #7095
• set CONFLICT_FOUND as expected (#7093) (07cfe7e), closes #7092
• strip workspace from the regex check path (#7110) (3b72a2d), closes #7086
• validate DEFAULT_BRANCH when using find (#7119) (7508f4c), closes #7117

⬆️ Dependency updates

• docker: bump the docker group with 2 updates (#7100) (28c5681)
• npm: bump eslint from 9.36.0 to 9.37.0 in /dependencies (#7102) (cf6cb1e)
• npm: bump renovate from 41.132.2 to 41.136.0 in /dependencies (#7107) (495692f)
• npm: bump the eslint-plugins-configs group across 1 directory with 2 updates (#7101) (b3a735d)
• npm: bump the npm group across 1 directory with 4 updates (#7108) (ce227b3)
• npm: bump typescript (#7109) (deba11c)
• python: bump the pip group a...

v5.3.1

🩹 [Patch]: Encode all PowerShell files using UTF8 with BOM (#231)

Description

This pull request updates several PowerShell script files across the project. The main change is the addition of a Unicode Byte Order Mark (BOM) at the beginning of each file, which can help ensure proper encoding and compatibility, especially on Windows systems. No functional code changes have been made.