🩹[Patch]: Configure Dependabot and rename Auto-Release to Release-GHRepository

[MariusStorhaug]

🩹 [Patch]: Rename Auto-Release to Release-GHRepository

This PR updates the workflow to use the renamed release action.

Changed

• Update Release.yml workflow to use PSModule/Release-GHRepository@v2 instead of the deprecated PSModule/Auto-Release@v1.9.5
• Configure Dependabot for daily schedule with 7-day cooldown

Summary

The PSModule/Auto-Release action has been renamed to PSModule/Release-GHRepository. This change updates the workflow configuration to reference the new action name and version.

[Copilot]

Pull request overview

This PR configures Dependabot to check for GitHub Actions updates daily instead of weekly, adds a 7-day cooldown period for dependency updates, and includes several GitHub Actions updates that pin actions to specific commit SHAs for enhanced security.

Changes:

• Modified Dependabot configuration to use daily checks with a 7-day cooldown period
• Updated multiple GitHub Actions to use commit SHA pinning instead of version tags
• Deleted the release configuration file

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/dependabot.yml	Changed schedule from weekly to daily and added cooldown configuration with 7-day default
.github/workflows/Linter.yml	Updated actions/checkout and super-linter/super-linter to use commit SHA pinning
.github/workflows/Auto-Release.yml	Updated actions/checkout and PSModule/Auto-Release to use commit SHA pinning
.github/workflows/Action-Test.yml	Updated multiple instances of actions/checkout and corrected Github-Script to GitHub-Script with commit SHA pinning
.github/release.yml	Removed the entire release notes configuration file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The cooldown configuration option is not a valid Dependabot configuration field according to GitHub's documentation. Dependabot does not support a cooldown mechanism to prevent duplicate PRs within a specified time period. This configuration will likely be ignored or cause validation errors.

If the goal is to reduce PR churn while checking daily, consider using the open-pull-requests-limit option instead to limit the number of concurrent open PRs, or stick with the weekly schedule. The daily schedule will attempt to open PRs for updates as they become available, which may not achieve the desired 7-day cooldown behavior described in the PR description.

Suggested change

	cooldown:
	default-days: 7
	open-pull-requests-limit: 5

[Copilot]

Pull request overview

Copilot reviewed 8 out of 12 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (2)

.github/workflows/Release.yml:6

• Changed from 'pull_request_target' to 'pull_request'. This is a significant security improvement as 'pull_request_target' runs in the context of the base repository with elevated permissions, which could be a security risk for untrusted PRs. The 'pull_request' event is safer as it runs with the PR's permissions.
  .github/workflows/Release.yml:17
• The 'paths' filter is applied to the 'closed' event type. This means that the workflow will only trigger when a PR is closed AND the PR includes changes to 'action.yml' or 'src/**'. However, the 'closed' event doesn't evaluate path filters - GitHub only evaluates path filters for push and pull_request events with certain activity types (opened, synchronize, reopened), but not for 'closed'. This may cause the workflow not to trigger when intended for closed PRs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The 'cooldown' configuration option does not exist in Dependabot's configuration schema. According to GitHub's Dependabot documentation, there is no such option. Dependabot naturally avoids creating duplicate PRs for the same dependency, so this configuration will be ignored and may cause confusion. Consider removing these lines.

Suggested change

	cooldown:
	default-days: 7