chore(deps): update actions/upload-artifact action to v7#5015
Conversation
thomhurst
added
dependencies
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7
This is a straightforward Renovate bot dependency update upgrading actions/upload-artifact from v6 to v7 across two workflow files. The changes are correct and complete.
What's Changed
- 14 occurrences of
actions/upload-artifactupdated from v6 → v7 across:.github/workflows/dotnet.yml(3 uses): pinned format@v6.0.0→@v7.0.0.github/workflows/speed-comparison.yml(11 uses): floating format@v6→@v7
Assessment: ✅ Looks Good
The update is consistent and covers all occurrences. actions/upload-artifact v7 moves from Node 20 to Node 20 (same runtime) but drops support for some older action runner versions and includes reliability improvements — a safe upgrade.
Minor Observation (Pre-existing, Not Introduced Here)
There's an inconsistency in version pinning strategy between the two files:
dotnet.ymluses fully-pinned versions (@v7.0.0) — more reproducible and securespeed-comparison.ymluses floating major versions (@v7) — easier to get patches automatically but less deterministic
This isn't introduced by this PR, but it may be worth standardizing across both files in a future cleanup. The pinned-version approach (@v7.0.0) is generally preferred for security-sensitive CI workflows since it prevents unexpected behaviour from upstream patches.
Safe to merge.
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
0633c88 to
6f2a703
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7
This is a straightforward Renovate bot dependency update upgrading actions/upload-artifact from v6 to v7 across two workflow files.
Summary of Changes
- 14 occurrences updated across two workflow files:
.github/workflows/dotnet.yml(3 uses): pinned format@v6.0.0→@v7.0.0.github/workflows/speed-comparison.yml(11 uses): floating format@v6→@v7
Assessment: ✅ Looks Good
The update is consistent and covers all occurrences. No issues to flag.
Follow-up from Previous Review
My prior comment noted a pre-existing inconsistency in version pinning strategy between the two files (@v7.0.0 vs @v7). That inconsistency is still present but is out of scope for this PR. Standardizing to pinned versions (e.g. @v7.0.0) in speed-comparison.yml would improve reproducibility and security, and is worth a dedicated cleanup PR.
Safe to merge.
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
6f2a703 to
01adc66
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7
This is a Renovate bot dependency update upgrading actions/upload-artifact from v6 to v7.
Summary
- 14 occurrences updated across two workflow files:
.github/workflows/dotnet.yml(3 uses): pinned format@v6.0.0→@v7.0.0.github/workflows/speed-comparison.yml(11 uses): floating format@v6→@v7
Assessment: ✅ Looks Good
The update is consistent and complete — all occurrences have been updated. No regressions expected; v7 maintains Node 20 as the runtime and brings reliability fixes.
Ongoing Note (Pre-existing)
As noted in prior reviews, there's a pre-existing inconsistency in version pinning strategy between the two files (@v7.0.0 in dotnet.yml vs @v7 in speed-comparison.yml). This is out of scope for this PR but remains worth a dedicated cleanup to standardize on pinned versions for better reproducibility and security.
Safe to merge.
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
01adc66 to
cf7c2b5
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7
This is the fourth review pass on this Renovate bot PR. No new changes have been introduced since the last review.
Summary
- 14 occurrences of
actions/upload-artifactupdated from v6 → v7 across two workflow files:.github/workflows/dotnet.yml(3 uses): pinned format@v6.0.0→@v7.0.0.github/workflows/speed-comparison.yml(11 uses): floating format@v6→@v7
Assessment: ✅ Looks Good
The update is correct, consistent, and complete. v7 retains Node 20 as the runtime and brings reliability fixes with no breaking changes to the usage patterns seen here.
Recurring Note (Pre-existing, Not Introduced by This PR)
All three prior reviews flagged the same pre-existing inconsistency: dotnet.yml uses fully-pinned versions (@v7.0.0) while speed-comparison.yml uses floating major versions (@v7). Standardizing on pinned versions across all workflow files would improve reproducibility and reduce supply-chain risk, but that is a separate concern from this PR.
Safe to merge.
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
cf7c2b5 to
f7b71ec
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
temporarily deployed
to
Pull Requests
GitHub Actions
Inactive
Updated [TUnit](https://github.com/thomhurst/TUnit) from 1.17.36 to 1.18.0. <details> <summary>Release notes</summary> _Sourced from [TUnit's releases](https://github.com/thomhurst/TUnit/releases)._ ## 1.18.0 <!-- Release notes generated using configuration in .github/release.yml at v1.18.0 --> ## What's Changed ### Other Changes * refactor: convert 15 manual assertions to [GenerateAssertion] by @thomhurst in thomhurst/TUnit#5029 * Fix invisible chart labels on benchmark pages by @Copilot in thomhurst/TUnit#5033 * docs: fix position of `--results-directory` in documentation by @vbreuss in thomhurst/TUnit#5038 * fix: IsEquivalentTo falls back to Equals() for types with no public members by @thomhurst in thomhurst/TUnit#5041 * perf: make test metadata creation fully synchronous by @thomhurst in thomhurst/TUnit#5045 * perf: eliminate <>c display class from generated TestSource classes by @thomhurst in thomhurst/TUnit#5047 * perf: generate per-class helper to reduce JIT compilations by ~18,000 by @thomhurst in thomhurst/TUnit#5048 * perf: consolidate per-method TestSource into per-class TestSource (~27k fewer JITs) by @thomhurst in thomhurst/TUnit#5049 * perf: eliminate per-class TestSource .ctor JITs via delegate registration by @thomhurst in thomhurst/TUnit#5051 * feat: rich HTML test reports by @thomhurst in thomhurst/TUnit#5044 ### Dependencies * chore(deps): update tunit to 1.17.54 by @thomhurst in thomhurst/TUnit#5028 * chore(deps): update dependency polyfill to 9.13.0 by @thomhurst in thomhurst/TUnit#5035 * chore(deps): update dependency polyfill to 9.13.0 by @thomhurst in thomhurst/TUnit#5036 **Full Changelog**: thomhurst/TUnit@v1.17.54...v1.18.0 ## 1.17.54 <!-- Release notes generated using configuration in .github/release.yml at v1.17.54 --> ## What's Changed ### Other Changes * docs: restructure, deduplicate, and clean up documentation by @thomhurst in thomhurst/TUnit#5019 * docs: trim, deduplicate, and restructure sidebar by @thomhurst in thomhurst/TUnit#5020 * fix: add newline to github reporter summary to fix rendering by @robertcoltheart in thomhurst/TUnit#5023 * docs: consolidate hooks, trim duplication, and restructure sidebar by @thomhurst in thomhurst/TUnit#5024 * Redesign mixed tests template by @thomhurst in thomhurst/TUnit#5026 * feat: add IsAssignableFrom<T>() and IsNotAssignableFrom<T>() assertions by @thomhurst in thomhurst/TUnit#5027 ### Dependencies * chore(deps): update tunit to 1.17.36 by @thomhurst in thomhurst/TUnit#5018 * chore(deps): update actions/upload-artifact action to v7 by @thomhurst in thomhurst/TUnit#5015 * chore(deps): update dependency microsoft.testing.extensions.codecoverage to 18.5.1 by @thomhurst in thomhurst/TUnit#5025 **Full Changelog**: thomhurst/TUnit@v1.17.36...v1.17.54 Commits viewable in [compare view](thomhurst/TUnit@v1.17.36...v1.18.0). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 participants
This PR contains the following updates:
v6→v7v6.0.0→v7.0.0Release Notes
actions/upload-artifact (actions/upload-artifact)
v7Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot.