Skip to content

chore(ci): bump actions/upload-artifact from 4 to 7#3

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/upload-artifact-7
Closed

chore(ci): bump actions/upload-artifact from 4 to 7#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps actions/upload-artifact from 4 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 12, 2026

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@open-warren-bear-binary
Copy link
Copy Markdown

open-warren-bear-binary Bot commented May 12, 2026

Kelos AI Agent

Agent Status Details Updated
Review not requested
CI Fix waiting for CI
Explains 0

Commands

Command Where Description
/review PR comment Request a full AI review
/fix-ci PR comment Auto-fix CI failures (auto-triggered)
/explain <question> Line comment Explain code at a specific line
/help Any comment Show available commands

Palette initialized. Updates appear as agents run.

@dependabot
chore(ci): bump actions/upload-artifact from 4 to 7
1ecfdec 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch from 6d3b398 to 1ecfdec Compare May 12, 2026 20:24
greptile-apps[bot]
greptile-apps Bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

@Cliftonz Cliftonz mentioned this pull request May 26, 2026
Merged
2 tasks
@Cliftonz Cliftonz closed this in #14 May 26, 2026
Cliftonz added a commit that referenced this pull request May 26, 2026
@Cliftonz @claude
chore(ci): bump pinned-by-tag actions to latest majors (#14)
fca4225 
Bundles the five GitHub Actions dependabot bumps so they land as a
single CI-validated unit instead of five separate force-rebases:

- actions/upload-artifact          v4 → v7  (#3)
- actions/cache                    v4 → v5  (#4)
- github/codeql-action/*           v3 → v4  (#5)
- actions/attest-build-provenance  v2 → v4  (#6)
- peter-evans/create-pull-request  v6 → v8  (#2)

Only loose @vn tag pins are touched. SHA-pinned action references
(scorecard.yml upload-artifact v7.0.1, scorecard.yml codeql-action
v4.35.3, helm-release.yml upload-artifact v4.4.3) are left intact —
those were intentionally pinned at specific points for supply-chain
hardening and will be updated independently when their pins next roll.

actionlint passes; only pre-existing shellcheck info-level findings
in unrelated script blocks (SC2086 / SC2129) which the linter has been
emitting since before the bump.

upload-artifact v5 dropped the implicit same-name-merge behavior; our
usages already use uniquely-namespaced artifact names (matrix.platform,
env.VERSION, etc.) so no callsite needs adjustment. actions/cache v5
tightens cache-key validation but our keys are already conservative
hashes of Cargo.lock / requirements.txt etc.

Closes dependabot PRs #2, #3, #4, #5, #6.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 26, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/actions/upload-artifact-7 branch May 26, 2026 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants