v1.0.13

🩹[Patch]: Update GitHub Actions security and linting configuration (#36)

This update improves the security posture of GitHub Actions workflows by addressing zizmor linting warnings. All action references are now pinned to specific commit hashes, permissions follow the principle of least privilege, and insecure workflow triggers have been replaced with safer alternatives.

Security improvements

Pinned action references

All GitHub Actions are now pinned to specific commit SHA hashes instead of mutable tags, preventing supply chain attacks:

• actions/checkout → de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2)
• actions/upload-artifact → ea165f8d65b6e75b540449e92b4886f43607fa02 (v4.6.2)
• super-linter/super-linter → d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 (v8.3.2)
• super-linter/super-linter/slim → 2bdd90ed3262e023ac84bf8fe35dc480721fc1f2 (v8.2.1)
• PSModule/Auto-Release → eabd533035e2cb9822160f26f2eda584bd012356 (v1.9.5)
• PSModule/Install-PSModuleHelpers → d60d63e4be477d1ca0c67c6085101fb109bce8f1 (v1.0.6)

Workflow trigger security

Changed pull_request_target to pull_request in Auto-Release workflow to prevent potential code injection attacks from forked repositories.

Least privilege permissions

Moved statuses: write permission from workflow-level to job-level in Action-Test workflow, applying it only to the ActionTestDefault job that actually requires it for the linter.

Credential persistence

Added persist-credentials: false to checkout steps to prevent credential persistence in artifacts.

Linting configuration

• Enabled VALIDATE_GITHUB_ACTIONS_ZIZMOR in Linter workflow (previously disabled)
• Updated dependabot schedule to daily with 7-day cooldown for better dependency management