ci: bump actions/upload-artifact from 4 to 7 in the actions-all group

[dependabot]

Bumps the actions-all group with 1 update: actions/upload-artifact.

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

... (truncated)

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🎉 Thanks for your first pull request to AI Memory Module!

A maintainer will review your PR soon. Here's what happens next:

1. Automated tests will run (check the status above)
2. A maintainer will review your code
3. You may be asked to make changes
4. Once approved, your PR will be merged 🚀

Quick reminders:

• Make sure all tests pass
• Update documentation if needed
• Link the related issue with Fixes #XXX

Thanks for contributing! 🙏

[Hidden-History]

@claude Review the Dependabot PRs on the ai-memory repository for breaking changes and compatibility issues.

[github-actions]

🤖 AI Analysis (Ollama kimi-k2.5:cloud)

Code Review: actions/upload-artifact v4 → v7 Upgrade

Risk Level: 🟡 Medium (Major version jump with runner compatibility requirements)

---

🔍 Breaking Changes Analysis

This PR jumps 3 major versions (v4 → v7). Here are the cumulative breaking changes:

Version	Breaking Change	Impact
v5	Node.js 24 runtime requirement	Requires GitHub Actions Runner >= 2.317.0
v6	Node 24 default runtime	Requires GitHub Actions Runner >= 2.327.1
v7	ESM module migration	Internal only; no usage changes required

Critical Compatibility Issue: If this repository uses self-hosted runners, they must be updated to version 2.327.1 or later before merging. GitHub-hosted runners are automatically compatible.

---

🛡️ Security Assessment

✅ Positive: Upgrade includes latest security patches and dependency updates
✅ Node 24: Includes updated cryptography libraries and security fixes
⚠️ Note: v7 upgrades to ESM, which indirectly reduces attack surface by enabling modern module integrity features

---

📋 Specific Code Review

- name: Upload test results
  if: always()
  uses: actions/upload-artifact@v7  # ← Updated from v4
  with:
    name: e2e-test-results
    path: test-results-e2e.xml

Compatibility: ✅ Safe for this specific usage pattern

• Single file upload (not affected by v7's multi-file direct upload restriction)
• Explicit naming preserved (v7's archive: false feature would ignore name, but you're using default zipped behavior)
• if: always() ensures test results upload even on job failure (best practice preserved)

---

🐛 Edge Cases & Potential Issues

1. Artifact Name Collisions: If multiple jobs attempt to upload to e2e-test-results simultaneously, v4-v7 all enforce artifact immutability (first write wins). This behavior is unchanged from v4.

2. File Existence: If test-results-e2e.xml is missing, v7 provides clearer error messages than v4, but the job will still fail. The if: always() ensures this step runs, but consider adding continue-on-error: true if missing results are acceptable:

   continue-on-error: true  # Optional: if test results might not exist

3. Self-hosted Runner Failures: If merged before runner updates, jobs will fail with cryptic Node.js execution errors rather than clear version mismatch messages.

---

💡 Recommendations

Option A: Safe Merge (Current)

Proceed as-is if:

• ✅ Using GitHub-hosted runners exclusively, OR
• ✅ Self-hosted runners confirmed >= v2.327.1

Option B: Leverage v7 Features (Improvement)

Consider using v7's direct upload feature for single XML files (no zip extraction needed):

- name: Upload test results
  if: always()
  uses: actions/upload-artifact@v7
  with:
    name: e2e-test-results
    path: test-results-e2e.xml
    archive: false  # New in v7: Uploads as raw XML, not zipped

Benefits:

• Direct browser viewing of XML in GitHub UI
• No unzip step required for download
• Slightly faster (no compression overhead)

Caveat: If path ever expands to multiple files, this will break. Use only if path remains a single file.

---

✅ Merge Checklist

• Verify self-hosted runners (if any) are >= v2.327.1
• Confirm test-results-e2e.xml generation step hasn't changed (single file output)
• Consider whether archive: false is desired for easier XML access
• Run a test workflow to verify artifact upload/download functionality

Verdict: Approve with caution. The upgrade is technically sound, but verify runner infrastructure compatibility before merging.

---

Triggered by @Hidden-History