Bump actions/upload-artifact from 6 to 7 by dependabot[bot] · Pull Request #380 · senzing-garage/sz-sdk-go-core

dependabot · 2026-03-18T23:54:38Z

Bumps actions/upload-artifact from 6 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #764
Resolves #762
Resolves #754
Resolves actions/upload-artifact#754
Resolves actions/upload-artifact#762
Resolves actions/upload-artifact#764

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-18T23:55:12Z

🤖 Claude Code Review

PR Code Review

Summary

This PR bumps actions/upload-artifact from v6 to v7 across three workflow files.

Code Quality

✅ Style guide - Workflow files follow standard YAML conventions
✅ No commented-out code - Clean diff
✅ Meaningful variable names - N/A for this change
✅ DRY principle - The same version bump is applied consistently across all three workflow files
✅ Defects - No logic errors; this is a straightforward dependency version bump. The change is applied symmetrically in all three files (darwin, linux, windows) for both the "Store coverage file" and "Upload test log" steps

Testing

✅ Unit/integration tests - Not applicable for CI workflow changes
✅ Edge cases - N/A

Documentation

✅ README - No update needed for a CI dependency bump
✅ API docs - N/A
✅ Inline comments - N/A
✅ CHANGELOG.md - Not required for a dependency bump of this nature
✅ Markdown formatting - N/A

Security

✅ No hardcoded credentials
✅ No sensitive data
✅ No license files
⚠️ Action pinning - The actions are pinned to a major version tag (@v7) rather than a full SHA commit hash. While this is common practice and acceptable for trusted actions like actions/upload-artifact, pinning to a commit SHA (e.g., actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) provides stronger supply chain security guarantees. This is a minor concern and consistent with existing patterns in the codebase.

Verdict

Approved. This is a clean, minimal, and correct version bump. The change is consistent across all three platform workflow files. The only note is the optional security hardening of pinning to a commit SHA instead of a mutable tag, which is a low-priority suggestion given the trusted source of the action.

Automated code review analyzing defects and coding standards

github-actions · 2026-03-18T23:56:45Z

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

…ifact-7

github-actions · 2026-03-19T16:17:59Z

🤖 Claude Code Review

PR Code Review

This PR updates actions/upload-artifact from v6 to v7 across three GitHub Actions workflow files.

Code Quality

✅ Style guide: Simple version bump, no style concerns.
✅ No commented-out code: None present.
✅ Meaningful variable names: N/A.
✅ DRY principle: The change is consistent across all three workflow files.
✅ Defects: No bugs or logic errors. The upgrade from v6 to v7 is a straightforward version bump with no behavioral changes expected for these use cases (storing coverage files and test logs).

Testing

✅ Unit/integration tests: Not applicable — this is a CI workflow change only.

Documentation

✅ README: No update needed.
✅ API docs: Not applicable.
✅ Inline comments: Not applicable.
✅ CHANGELOG.md: Not required for a dependency version bump in CI infrastructure.
✅ Markdown: No markdown files changed.

Security

✅ No hardcoded credentials: None present.
✅ Input validation: Not applicable.
✅ Error handling: Not applicable.
✅ No sensitive data in logs: Not applicable.
✅ No license files: None present.

Summary

This is a clean, minimal PR that bumps `actions/upload-artifact` from v6 to v7 consistently across all three platform-specific test workflows (darwin, linux, windows). No issues found. Approved.

Automated code review analyzing defects and coding standards

github-actions · 2026-03-19T16:19:29Z

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

dependabot Bot assigned kernelsam Mar 18, 2026

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 18, 2026

dependabot Bot requested a review from a team as a code owner March 18, 2026 23:54

kernelsam approved these changes Mar 19, 2026

View reviewed changes

Merge branch 'main' into dependabot/github_actions/actions/upload-art…

2fd3afb

…ifact-7

kernelsam enabled auto-merge (squash) March 19, 2026 16:17

kernelsam merged commit 245b523 into main Mar 19, 2026
45 checks passed

kernelsam deleted the dependabot/github_actions/actions/upload-artifact-7 branch March 19, 2026 16:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/upload-artifact from 6 to 7#380

Bump actions/upload-artifact from 6 to 7#380
kernelsam merged 2 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-7

dependabot Bot commented on behalf of github Mar 18, 2026 •

edited by github-actions Bot

Loading

Uh oh!

github-actions Bot commented Mar 18, 2026

Uh oh!

github-actions Bot commented Mar 18, 2026

Uh oh!

github-actions Bot commented Mar 19, 2026

Uh oh!

github-actions Bot commented Mar 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github Mar 18, 2026 • edited by github-actions Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

Uh oh!

github-actions Bot commented Mar 18, 2026

🤖 Claude Code Review

PR Code Review

Summary

Code Quality

Testing

Documentation

Security

Verdict

Uh oh!

github-actions Bot commented Mar 18, 2026

Super-linter summary

Uh oh!

github-actions Bot commented Mar 19, 2026

🤖 Claude Code Review

PR Code Review

Code Quality

Testing

Documentation

Security

Summary

This is a clean, minimal PR that bumps actions/upload-artifact from v6 to v7 consistently across all three platform-specific test workflows (darwin, linux, windows). No issues found. Approved.

Uh oh!

github-actions Bot commented Mar 19, 2026

Super-linter summary

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot Bot commented on behalf of github Mar 18, 2026 •

edited by github-actions Bot

Loading

This is a clean, minimal PR that bumps `actions/upload-artifact` from v6 to v7 consistently across all three platform-specific test workflows (darwin, linux, windows). No issues found. Approved.