v5.3.7

Update dependencies and doc cleanup (#245)

This release updates workflow dependencies to their latest versions and standardizes table formatting across documentation files.

Workflow Dependency Updates:

• Updated actions in various workflows to their latest versions:
  • super-linter/super-linter from 8.2.1 to 8.3.0
  • PSModule/Document-PSModule from 1.0.11 to 1.0.12
  • PSModule/Install-PSModuleHelpers from 1.0.5 to 1.0.6
  • PSModule/Test-PSModule from 3.0.6 to 3.0.7

Documentation and Table Formatting Improvements:

• Standardized markdown table column alignment and spacing in multiple documentation files.
• Added a style configuration for markdown tables (MD060) in .github/linters/.markdown-lint.yml to enforce leading column style and avoid emoji width issues.

v5.3.6

Use commit SHA with version comments for all workflow action references (#239)

Standardize all GitHub Actions workflow references to use commit SHAs with version comments instead of mutable tags, ensuring deterministic builds and supply chain security.

Changes

• GitHub Actions: Updated actions/checkout, actions/download-artifact, actions/upload-artifact, actions/upload-pages-artifact, actions/configure-pages, actions/deploy-pages to SHA references
• PSModule Actions: Updated all PSModule actions (Auto-Release, Document-PSModule, GitHub-Script, Build-PSModule, Install-PSModuleHelpers, Get-PesterCodeCoverage, Get-PesterTestResults, Invoke-ScriptAnalyzer, Test-PSModule, Invoke-Pester, Publish-PSModule) to SHA references
• 13 workflow files updated in .github/workflows/

Format

# Before
uses: actions/checkout@v6

# After  
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

Dependabot supports SHA references for automated update PRs.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>🩹 [Patch]: Use commit SHA with specific version comments for all workflow action references</issue_title>
<issue_description>### Describe the change

Standardize all GitHub Actions workflow references in this repository so that every action uses a commit SHA, with a comment specifying the most specific version tag (e.g., # v1.2.3).

Why:

• Ensures deterministic builds and protects against unexpected updates or supply chain attacks.
• Improves maintainability and readability by documenting the exact version in use.

Examples:
✅ Correct:

  - name: Checkout Code
    uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v1.2.3
    with:
      persist-credentials: false

❌ Incorrect:

  - name: Checkout Code
    uses: actions/checkout@v1

Scope of change:

• Update all workflow files in .github/workflows/*. yml to reference actions by SHA with a version comment, instead of by tag.
• Use the most specific version tag in comments (e.g., v1.2.3 instead of v1).
• Affected actions may include but are not limited to: actions/checkout, actions/download-artifact, actions/upload-artifact, actions/configure-pages, actions/deploy-pages, custom PSModule actions, etc.
• Ensure CI and linting checks do not break.
• Document changes in affected files.

Security Note:
Dependabot is configured to notify and create PRs when upstream actions/workflows update. Dependabot supports SHA references, so using them does not reduce security or update capabilities.

Acceptance:

• All workflows use commit SHA with a version comment specifying the most specific tag
• No workflows reference actions by tag (e.g., @v1)
• All CI/CD checks pass
• Documentation is updated as needed</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes #238

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

v5.3.5

Bump actions/checkout from 5 to 6 (#237)

Bumps actions/checkout from 5 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

V5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695

... (truncated)

Commits

• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-...

v5.3.4

Bump actions/download-artifact from 5 to 6 (#236)

Bumps actions/download-artifact from 5 to 6.

Release notes

Sourced from actions/download-artifact's releases.

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README for download-artifact v5 changes by @​yacaovsnc in actions/download-artifact#417
• Update README with artifact extraction details by @​yacaovsnc in actions/download-artifact#424
• Readme: spell out the first use of GHES by @​danwkennedy in actions/download-artifact#431
• Bump @actions/artifact to v4.0.0
• Prepare v6.0.0 by @​danwkennedy in actions/download-artifact#438

New Contributors

• @​danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

Commits

• 018cc2c Merge pull request #438 from actions/danwkennedy/prepare-6.0.0
• 815651c Revert "Remove github.dep.yml"
• bb3a066 Remove github.dep.yml
• fa1ce46 Prepare v6.0.0
• 4a24838 Merge pull request #431 from danwkennedy/patch-1
• 5e3251c Readme: spell out the first use of GHES
• abefc31 Merge pull request #424 from actions/yacaovsnc/update_readme
• ac43a60 Update README with artifact extraction details
• de96f46 Merge pull request #417 from actions/yacaovsnc/update_readme
• 7993cb4 Remove migration guide for artifact download changes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.3.3

Bump actions/upload-artifact from 4 to 5 (#235)

Bumps actions/upload-artifact from 4 to 5.

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

New Contributors

• @​GhadimiR made their first contribution in actions/upload-artifact#681
• @​nebuk89 made their first contribution in actions/upload-artifact#712
• @​danwkennedy made their first contribution in actions/upload-artifact#727
• @​patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in actions/upload-artifact#685

New Contributors

• @​salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578

... (truncated)

Commits

• 330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
• 03f2824 Update github.dep.yml
• 905a1ec Prepare v5.0.0
• 2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
• 9687587 Merge branch 'main' into patch-1
• 2848b2c Merge pull request #727 from danwkennedy/patch-1
• 9b51177 Spell out the first use of GHES
• cd231ca Update GHES guidance to include reference to Node 20 version
• de65e23 Merge pull request #712 from actions/nebuk89-patch-1
• 8747d8c Update README.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

v5.3.2

Bump super-linter/super-linter from 8.2.0 to 8.2.1 (#234)

Bumps super-linter/super-linter from 8.2.0 to 8.2.1.

Release notes

Sourced from super-linter/super-linter's releases.

v8.2.1

8.2.1 (2025-10-15)

🐛 Bugfixes

• biome ignore errors on unmatched files (#7089) (8d1cfd5)
• handle pull_request_target (#7088) (188a10f)
• handle schedule and workflow_dispatch events (#7098) (28cb079), closes #7095
• set CONFLICT_FOUND as expected (#7093) (07cfe7e), closes #7092
• strip workspace from the regex check path (#7110) (3b72a2d), closes #7086
• validate DEFAULT_BRANCH when using find (#7119) (7508f4c), closes #7117

⬆️ Dependency updates

• docker: bump the docker group with 2 updates (#7100) (28c5681)
• npm: bump eslint from 9.36.0 to 9.37.0 in /dependencies (#7102) (cf6cb1e)
• npm: bump renovate from 41.132.2 to 41.136.0 in /dependencies (#7107) (495692f)
• npm: bump the eslint-plugins-configs group across 1 directory with 2 updates (#7101) (b3a735d)
• npm: bump the npm group across 1 directory with 4 updates (#7108) (ce227b3)
• npm: bump typescript (#7109) (deba11c)
• python: bump the pip group across 1 directory with 7 updates (#7106) (7c02a56)

🧰 Maintenance

• add missing ruff variables to readme (#7091) (7daeceb), closes #7099
• explain who ignores VALIDATE_ALL_CODEBASE (#7111) (9150eb9), closes #7090
• github-actions: bump peter-evans/create-issue-from-file (#7103) (ec80a77)
• update rack to 3.2.3 (#7136) (2e6ad3d)
• update ruby transitive dependencies (#7115) (00a71f6)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

8.2.1 (2025-10-15)

🐛 Bugfixes

• biome ignore errors on unmatched files (#7089) (8d1cfd5)
• handle pull_request_target (#7088) (188a10f)
• handle schedule and workflow_dispatch events (#7098) (28cb079), closes #7095
• set CONFLICT_FOUND as expected (#7093) (07cfe7e), closes #7092
• strip workspace from the regex check path (#7110) (3b72a2d), closes #7086
• validate DEFAULT_BRANCH when using find (#7119) (7508f4c), closes #7117

⬆️ Dependency updates

• docker: bump the docker group with 2 updates (#7100) (28c5681)
• npm: bump eslint from 9.36.0 to 9.37.0 in /dependencies (#7102) (cf6cb1e)
• npm: bump renovate from 41.132.2 to 41.136.0 in /dependencies (#7107) (495692f)
• npm: bump the eslint-plugins-configs group across 1 directory with 2 updates (#7101) (b3a735d)
• npm: bump the npm group across 1 directory with 4 updates (#7108) (ce227b3)
• npm: bump typescript (#7109) (deba11c)
• python: bump the pip group a...

v5.3.1

🩹 [Patch]: Encode all PowerShell files using UTF8 with BOM (#231)

Description

This pull request updates several PowerShell script files across the project. The main change is the addition of a Unicode Byte Order Mark (BOM) at the beginning of each file, which can help ensure proper encoding and compatibility, especially on Windows systems. No functional code changes have been made.

v5.3.0

🚀[Feature]: Use local PSScriptAnalyzer files (#228)

The workflow now uses Invoke-ScriptAnalyzer@v4, enabling automatic discovery of local PSScriptAnalyzer configuration files. This allows projects to maintain custom linting rules in their repository without requiring centralized settings management. The upgrade also streamlines workflow configuration by removing deprecated parameters and improving checkout efficiency.

Updated to PSScriptAnalyzer v4

Upgraded the PSModule/Invoke-ScriptAnalyzer action from v3 to v4 in linting workflows (Lint-SourceCode.yml and Test-Module.yml). This version automatically discovers and uses local .powershell-psscriptanalyzer.psd1 configuration files from the .github/linters/ directory, providing better support for repository-specific linting rules.

Removed Deprecated Settings Parameter

The Settings parameter has been removed from both Lint-SourceCode and Lint-Module workflow steps. PSScriptAnalyzer now automatically discovers local configuration files, eliminating the need to explicitly specify settings profiles.

Workflow Configuration Improvements

• Added a Checkout repository step to the Lint-Module job to ensure the codebase (including local configuration files) is available before linting
• Removed fetch-depth: 0 from checkout steps to use shallow clones, reducing workflow execution time
• Removed unused Name parameter from test workflow

Custom Linting Configuration Support

Added a .powershell-psscriptanalyzer.psd1 configuration file in the test repository (tests/srcWithManifestTestRepo/.github/linters/) demonstrating how projects can define custom code style rules, including formatting preferences, line length limits, and rule exclusions.

v5.2.1

📖Docs: Update README.md with new use cases (#227)

Description

This pull request updates the workflow configuration in the README.md to enhance automation and permissions, and to use the latest workflow version. The most important changes are:

Workflow triggers and scheduling:

• Added workflow_dispatch and a nightly scheduled run (cron: '0 0 * * *') to allow manual and automated executions of the workflow.

Permissions:

• Expanded required permissions to include statuses, pages, and id-token in addition to contents and pull-requests.

Workflow version:

• Updated the referenced workflow from version v2 to v5 for the Process-PSModule job.

v5.2.0

🚀[Feature]: Linting and Documentation Improvements with Conditional Summary Option (#226)

This pull request introduces improvements to the linting workflows and documentation, adds new configuration options for linter summary reporting, and updates test scripts for better visibility. The main focus is on allowing users to optionally display the super-linter summary even when no issues are found, and on clarifying documentation and prompts related to repository operations.

Workflow and Linter Enhancements:

• Added ShowSummaryOnSuccess option for both documentation and codebase linting workflows, allowing the super-linter summary to be displayed even on successful runs. Updated the workflows to post the summary conditionally based on this setting. (.github/workflows/Build-Docs.yml, .github/workflows/workflow.yml, [1] [2] [3] [4] [5]
• Extended the settings parsing logic to support the new ShowSummaryOnSuccess option for both Build.Docs and Linter configurations. (.github/workflows/Get-Settings.yml, [1] [2]

Documentation Updates:

• Updated README.md to document the new ShowSummaryOnSuccess options for both documentation and linter workflows, including example configuration and explanation of its usage. (README.md, [1] [2] [3] [4] [5]
• Added a new section to .github/copilot-instructions.md for process-related Copilot instructions.

Prompt and Command Improvements:

• Clarified execution steps in .github/prompts/pr.prompt.md to specify changing directory to the root of the attached git folder, and updated references to GitHub MCP tool commands to use simplified names. [1] [2]

Test Script Output Improvements:

• Changed test setup and teardown scripts (BeforeAll.ps1, AfterAll.ps1) in both test repositories to use Write-Warning instead of Write-Host for better visibility of important messages. (tests/srcTestRepo/tests/BeforeAll.ps1, [1] [2]; tests/srcTestRepo/tests/AfterAll.ps1, [3] [4]; tests/srcWithManifestTestRepo/tests/BeforeAll.ps1, [5]; tests/srcWithManifestTestRepo/tests/AfterAll.ps1, [6]