Skip to content

chore(deps): bump actions/upload-artifact from 4 to 7#2

Merged
birdnamoo merged 1 commit into
mainfrom
dependabot/github_actions/actions/upload-artifact-7
Apr 27, 2026
Merged

chore(deps): bump actions/upload-artifact from 4 to 7#2
birdnamoo merged 1 commit into
mainfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps actions/upload-artifact from 4 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 27, 2026

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

birdnamoo added a commit that referenced this pull request Apr 27, 2026
@birdnamoo
ci: add push/PR build-test-scan workflow
a89fa7a 
The existing nuget-publish.yml only runs on Directory.Build.props changes,
which means routine pushes and Dependabot PRs received no build verification.
This adds a dedicated CI workflow that:

- Runs on push to main and PRs targeting main
- Skips release commits (Directory.Build.props) to avoid double-trigger with
  the publish workflow, which runs the same pipeline before pack/push
- Skips docs-only changes (markdown, docs/, claudedocs/, etc.)
- Restores, scans for vulnerable transitive packages, builds Release, runs tests
- 15-minute timeout and per-ref concurrency cancellation to keep runner usage
  bounded

This unblocks safe automatic verification of the currently-open Dependabot
PRs (#2-#9) once they are rebased or refreshed.
@birdnamoo
Copy link
Copy Markdown
Contributor

birdnamoo commented Apr 27, 2026

사전 분석

Type: Major bump (v4 → v7). GitHub Actions runtime change (Node 20 → Node 24).

Risk: 🟢 Low. Used in nuget-publish.yml for nupkg artifact upload (single ItemGroup, no glob expansion edge cases).

Release notes summary:

  • v5: BREAKING — Node 24 support added; minimum runner v2.327.1 (GitHub-hosted runners auto-satisfy this).
  • v6: Default runtime moves to Node 24.
  • v7: Module migrated to ESM; new archive: false option for direct single-file uploads (opt-in; not used here).

Our usage (nuget-publish.yml:84-88): basic path: nupkg/*.nupkg upload with retention-days: 7. No reliance on archive behaviour, glob multi-file semantics, or removed flags. Safe to upgrade.

Verification status: Predates ci.yml. Comment @dependabot rebase to run automated verification.

Recommended sequence: Hold until 0.6.1 publishes successfully. Merging now would change the actions used by the pending 0.6.1 retry — better to keep that retry running on the exact configuration that 0.6.0 published with, then upgrade afterwards.

This was referenced Apr 27, 2026
Merged
Merged
@birdnamoo
Copy link
Copy Markdown
Contributor

birdnamoo commented Apr 27, 2026

@dependabot rebase

@dependabot
chore(deps): bump actions/upload-artifact from 4 to 7
06fd84f 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch from 4a548fa to 06fd84f Compare April 27, 2026 07:12
@birdnamoo birdnamoo merged commit 2f6e543 into main Apr 27, 2026
1 check passed
@birdnamoo birdnamoo deleted the dependabot/github_actions/actions/upload-artifact-7 branch April 27, 2026 07:18
@birdnamoo birdnamoo mentioned this pull request Apr 27, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@birdnamoo