From 69e16d5f396d3927682e8a5a93d192e41027d18c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 11:49:03 +0000 Subject: [PATCH 1/2] Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/Action-Test.yml | 2 +- .github/workflows/Auto-Release.yml | 2 +- .github/workflows/Linter.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 25084f0..453d51d 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -23,7 +23,7 @@ jobs: steps: # Need to check out as part of the test, as its a local action - name: Checkout repo - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Action-Test uses: ./ diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml index a36a9f4..b083552 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Auto-Release.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Auto-Release uses: PSModule/Auto-Release@v1 diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 94f34b0..1962629 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 From d5895845ea3cfeb620da7cdd3f3d013181c4595e Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Wed, 26 Nov 2025 13:13:14 +0100 Subject: [PATCH 2/2] Bump actions/checkout from 5 to 6 with SHA pinning (#6) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dependabot bump of actions/checkout v5→v6, updated to use commit SHA pinning per repo conventions. ## Changes - **SHA pinning**: All actions now reference commit SHAs with version comments - **Security hardening**: Added `persist-credentials: false` to all `actions/checkout` usages - **Pinned super-linter**: Changed from `@latest` to specific v8 SHA ```yaml # Before uses: actions/checkout@v6 # After uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: persist-credentials: false ``` | Action | SHA | |--------|-----| | actions/checkout | `1af3b93b...` (v6) | | PSModule/Auto-Release | `eabd5330...` (v1) | | super-linter/super-linter | `2bdd90ed...` (v8) | | PSModule/GitHub-Script | `4f9c58a2...` (v1) | --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com> --- .github/workflows/Action-Test.yml | 4 +++- .github/workflows/Auto-Release.yml | 6 ++++-- .github/workflows/Linter.yml | 5 +++-- action.yml | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 453d51d..ec754ad 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -23,7 +23,9 @@ jobs: steps: # Need to check out as part of the test, as its a local action - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + with: + persist-credentials: false - name: Action-Test uses: ./ diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml index b083552..dc624c9 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Auto-Release.yml @@ -26,7 +26,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v6 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 + with: + persist-credentials: false - name: Auto-Release - uses: PSModule/Auto-Release@v1 + uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1 diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 1962629..1719852 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -19,12 +19,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6 with: fetch-depth: 0 + persist-credentials: false - name: Lint code base - uses: super-linter/super-linter@latest + uses: super-linter/super-linter@2bdd90ed3262e023ac84bf8fe35dc480721fc1f2 # v8 env: GITHUB_TOKEN: ${{ github.token }} VALIDATE_JSON_PRETTIER: false diff --git a/action.yml b/action.yml index c79e7f6..7af169d 100644 --- a/action.yml +++ b/action.yml @@ -34,7 +34,7 @@ runs: using: composite steps: - name: Template-Action - uses: PSModule/GitHub-Script@v1 + uses: PSModule/GitHub-Script@4f9c58a26940a15fb039e4065c63cc11467ab224 # v1 env: PSMOUDLE_TEMPLATE_ACTION_INPUT_Subject: ${{ inputs.Subject }} with: