🩹[Patch]: Configure Dependabot for daily schedule with 7-day cooldown

[MariusStorhaug]

Improves dependency management by configuring Dependabot to check daily while preventing excessive update noise through a 7-day cooldown period. This ensures timely security updates while reducing PR churn.

• Related to PSModule workflow standardization

Dependabot configuration

Changed the update schedule from weekly to daily with a 7-day cooldown period. This provides faster detection of security vulnerabilities while avoiding duplicate PRs for the same dependency within a week.

schedule:
  interval: daily
cooldown:
  default-days: 7

Release configuration cleanup

Removed the deprecated .github/release.yml file as release notes are now managed through the Auto-Release action's automated process.

Action pinning

Pinned all GitHub Actions to specific commit SHAs for improved security and reproducibility:

• actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2)
• super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 (v8.3.2)
• PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 (v1.9.5)
• PSModule/Install-PSModuleHelpers@d60d63e4be477d1ca0c67c6085101fb109bce8f1 (v1.0.6)
• PSModule/Invoke-Pester@882994cbe1ff07c3fc8afdac52404c940f99b331 (v4.2.2)

[Copilot]

Pull request overview

This PR aims to configure Dependabot to check for updates daily while implementing a 7-day cooldown period. However, the PR includes several changes beyond what's described in the title and description.

Changes:

• Modified .github/dependabot.yml to use daily scheduling and attempted to add a cooldown configuration
• Updated GitHub Actions to pinned versions with commit hashes (actions/checkout, super-linter/super-linter, PSModule/Auto-Release)
• Deleted .github/release.yml file that configures automated release notes

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/dependabot.yml	Changed schedule from weekly to daily and added cooldown configuration (invalid option)
.github/workflows/Linter.yml	Updated actions/checkout to v6.0.2 and super-linter to v8.3.2 with commit hash pinning
.github/workflows/Auto-Release.yml	Updated actions/checkout to v6.0.2 and PSModule/Auto-Release to v1.9.5 with commit hash pinning
.github/workflows/Action-Test-outputs.yml	Updated actions/checkout to v6.0.2 with commit hash pinning
.github/workflows/Action-Test-Src-WithManifest.yml	Updated actions/checkout to v6.0.2 with commit hash pinning
.github/workflows/Action-Test-Src-Default.yml	Updated actions/checkout to v6.0.2 with commit hash pinning
.github/release.yml	Deleted release notes configuration file (not mentioned in PR description)

Comments suppressed due to low confidence (1)

.github/release.yml:1

• The deletion of the .github/release.yml file is not mentioned in the PR description, which only references changes to .github/dependabot.yml. This file configures automatically generated release notes for GitHub releases. Its removal will affect how release notes are generated and categorized (breaking changes, new features, etc.). If this deletion is intentional, it should be documented in the PR description. If it's accidental, the file should be restored.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The cooldown configuration option does not exist in GitHub's Dependabot configuration schema. According to GitHub's documentation (as of my knowledge cutoff in January 2025), Dependabot supports options like schedule, open-pull-requests-limit, target-branch, reviewers, assignees, labels, milestone, versioning-strategy, commit-message, rebase-strategy, ignore, allow, insecure-external-code-execution, registries, and groups, but not cooldown. This configuration will likely be ignored or cause Dependabot to fail validation. If you want to delay updates, you should use the schedule option with interval: weekly or use the ignore option with update-types to skip certain updates temporarily.

Suggested change

	cooldown:
	default-days: 7

[Copilot]

The updates to GitHub Actions (actions/checkout, super-linter/super-linter, PSModule/Auto-Release) are not mentioned in the PR description. The PR description states only changes to the Dependabot configuration schedule and cooldown settings. These action updates appear to be actual dependency updates that should either be in a separate PR or explicitly mentioned in the description if they're part of demonstrating the new Dependabot configuration.