🩹[Patch]: Update dependabot schedule and pin actions to SHA (#19)

MariusStorhaug · web-flow · commit 40cd161e3f83 · 2026-01-22T16:16:00.000+01:00
Dependabot now checks for updates daily with a 7-day cooldown period,
reducing noise while maintaining timely security updates. All GitHub
Actions are pinned to specific commit SHAs with version comments for
enhanced security and reproducibility.

## Dependabot Configuration

Updated the schedule from `weekly` to `daily` with a `cooldown` of 7
days. This means Dependabot will check for updates daily but will wait 7
days after a new version is released before creating a PR, helping to
avoid early adoption of potentially unstable releases.

```yaml
schedule:
  interval: daily
cooldown:
  default-days: 7
```

## Pinned Actions

All actions are now pinned to specific commit SHAs with version tag
comments for traceability:

| Action | Version | Commit SHA |
|--------|---------|------------|
| `actions/checkout` | v6.0.1 |
`8e8c483db84b4bee98b60c0593521ed34d9990e8` |
| `super-linter/super-linter` | v8.3.2 |
`d5b0a2ab116623730dd094f15ddc1b6b25bf7b99` |
| `PSModule/Auto-Release` | v1.9.5 |
`eabd533035e2cb9822160f26f2eda584bd012356` |
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,8 +5,8 @@
 
 version: 2
 updates:
-  - package-ecosystem: github-actions # See documentation for possible values
-    directory: / # Location of package manifests
+  - package-ecosystem: github-actions
+    directory: /
     labels:
       - dependencies
       - github-actions
diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml
@@ -31,4 +31,4 @@ jobs:
           persist-credentials: false
 
       - name: Auto-Release
-        uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1
+        uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1.9.5
diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml
@@ -29,6 +29,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
           VALIDATE_BIOME_FORMAT: false
+          VALIDATE_JSCPD: false
           VALIDATE_JSON_PRETTIER: false
           VALIDATE_MARKDOWN_PRETTIER: false
           VALIDATE_YAML_PRETTIER: false
