Bump super-linter/super-linter from 8.5.0 to 8.6.0

.github/linters/zizmor.yaml

@@ -2,3 +2,16 @@ rules:
   template-injection:
     ignore:
       - action.yml
+
+  secrets-outside-env:
+    # These test credentials are intentionally managed as organization-level
+    # secrets for reusable test workflows across repositories.
+    config:
+      allow:
+        - TEST_USER_PAT
+        - TEST_USER_USER_FG_PAT
+        - TEST_USER_ORG_FG_PAT
+        - TEST_APP_ENT_CLIENT_ID
+        - TEST_APP_ENT_PRIVATE_KEY
+        - TEST_APP_ORG_CLIENT_ID
+        - TEST_APP_ORG_PRIVATE_KEY

.github/workflows/Linter.yml

@@ -1,6 +1,6 @@
 name: Linter
 
-run-name: "Linter - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}"
+run-name: 'Linter - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}'
 
 on: [pull_request]
 
@@ -25,7 +25,7 @@ jobs:
           fetch-depth: 0
 
       - name: Lint code base
-        uses: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0
+        uses: super-linter/super-linter@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0
         env:
           GITHUB_TOKEN: ${{ github.token }}
           VALIDATE_BIOME_FORMAT: false

.github/workflows/TestWorkflow.yml

@@ -427,7 +427,7 @@ jobs:
       - name: Action-Test
         uses: ./
         with:
-          Token: ${{ secrets.TEST_USER_PAT }}
+          Token: ${{ secrets.TEST_USER_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
           Prerelease: ${{ inputs.Prerelease }}
           ShowRateLimit: true
           Script: |
@@ -455,7 +455,7 @@ jobs:
       - name: Action-Test
         uses: ./
         with:
-          Token: ${{ secrets.TEST_USER_USER_FG_PAT }}
+          Token: ${{ secrets.TEST_USER_USER_FG_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
           Prerelease: ${{ inputs.Prerelease }}
           ShowRateLimit: true
           Script: |
@@ -483,7 +483,7 @@ jobs:
       - name: Action-Test
         uses: ./
         with:
-          Token: ${{ secrets.TEST_USER_ORG_FG_PAT }}
+          Token: ${{ secrets.TEST_USER_ORG_FG_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
           Prerelease: ${{ inputs.Prerelease }}
           ShowRateLimit: true
           Script: |
@@ -511,8 +511,8 @@ jobs:
       - name: Action-Test
         uses: ./
         with:
-          ClientID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
-          PrivateKey: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
+          ClientID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
+          PrivateKey: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
           Prerelease: ${{ inputs.Prerelease }}
           ShowRateLimit: true
           Script: |
@@ -548,8 +548,8 @@ jobs:
       - name: Action-Test
         uses: ./
         with:
-          ClientID: '${{ secrets.TEST_APP_ORG_CLIENT_ID }}'      # Test with quotes on input
-          PrivateKey: '${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}'  # Test with quotes on input
+          ClientID: '${{ secrets.TEST_APP_ORG_CLIENT_ID }}' # Test with quotes on input # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
+          PrivateKey: '${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}' # Test with quotes on input # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
           Prerelease: ${{ inputs.Prerelease }}
           ShowRateLimit: true
           Script: |
@@ -687,7 +687,7 @@ jobs:
       - name: Action-Test with PreserveCredentials false
         uses: ./
         with:
-          Token: ${{ secrets.TEST_USER_PAT }}
+          Token: ${{ secrets.TEST_USER_PAT }} # zizmor: ignore[secrets-outside-env] test workflow uses org-level test secret intentionally
           PreserveCredentials: false
           Prerelease: ${{ inputs.Prerelease }}
           ShowRateLimit: true