Skip to content

Bump actions/upload-artifact from 6 to 7#454

Merged
kernelsam merged 2 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-7
Mar 19, 2026
Merged

Bump actions/upload-artifact from 6 to 7#454
kernelsam merged 2 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 19, 2026
edited by github-actions Bot
Loading

Copy link
Copy Markdown
Contributor

Bumps actions/upload-artifact from 6 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #764
Resolves #762
Resolves #754
Resolves actions/upload-artifact#754
Resolves actions/upload-artifact#762
Resolves actions/upload-artifact#764

@dependabot
Bump actions/upload-artifact from 6 to 7
3cd9527 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 19, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 19, 2026 01:45
@github-actions

github-actions Bot commented Mar 19, 2026

Copy link
Copy Markdown

🤖 Claude Code Review

PR Code Review

This PR bumps actions/upload-artifact from v6 to v7 across 5 workflow files.

Code Quality

  • ✅ Change is consistent across all affected files
  • ✅ No commented-out code
  • ✅ DRY principle: all 5 occurrences updated uniformly
  • ✅ No logic errors or defects — this is a straightforward dependency version bump
  • ✅ CLAUDE.md contains no environment-specific content

Testing

  • ✅ No application code changed; no unit/integration tests required
  • ✅ CI workflows themselves serve as the validation mechanism

Documentation

  • CHANGELOG.md not updated — dependency bumps should typically be noted in the changelog for traceability

Security

  • ✅ No hardcoded credentials
  • ✅ No sensitive data
  • ✅ No license files checked in
  • ✅ Pinning to a major version tag (@v7) is acceptable, though pinning to a full SHA is a more security-hardened practice (not required here)

Summary

This is a clean, minimal PR. The only minor gap is the missing CHANGELOG entry. The version bump from v6 to v7 is consistent across all 5 workflow files.

Automated code review analyzing defects and coding standards

@github-actions

github-actions Bot commented Mar 19, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@github-actions

github-actions Bot commented Mar 19, 2026
edited
Loading

Copy link
Copy Markdown

Coverage report

Click to see where and how coverage changed

FileStatementsMissingCoverageCoverage
(new stmts)		Lines missing
  src/senzing_core
  _helpers.py
Project Total  

This report was generated by python-coverage-comment-action

@kernelsam kernelsam enabled auto-merge (squash) March 19, 2026 16:16
@github-actions

github-actions Bot commented Mar 19, 2026

Copy link
Copy Markdown

🤖 Claude Code Review

PR Code Review

This PR upgrades actions/upload-artifact from v6 to v7 across 5 workflow files.

Code Quality

  • ✅ Change is consistent across all affected files
  • ✅ No commented-out code
  • ✅ DRY principle: all instances updated uniformly
  • ✅ No logic errors, edge cases, or security concerns introduced
  • ✅ CLAUDE.md content is appropriate for general developer use

Testing

  • ✅ No application code changed; no new unit/integration tests required
  • ✅ The CI workflows themselves serve as validation

Documentation

  • CHANGELOG.md not updated — dependency/CI upgrades should be noted. Check if the project convention requires changelog entries for CI tooling changes.

Security

  • ✅ No hardcoded credentials
  • ✅ No sensitive data
  • ✅ No license files checked in
  • ✅ Upgrading to a newer action version is a positive security practice (reduces exposure to vulnerabilities in older versions)

Summary

Straightforward, low-risk maintenance PR. The only minor concern is whether a CHANGELOG entry is expected for this type of change per project conventions.

Automated code review analyzing defects and coding standards

@github-actions

github-actions Bot commented Mar 19, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
CHECKOV Pass ✅
GITHUB_ACTIONS Pass ✅
GITHUB_ACTIONS_ZIZMOR Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JSCPD Pass ✅
PRE_COMMIT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

@kernelsam kernelsam merged commit e76a613 into main Mar 19, 2026
80 checks passed
@kernelsam kernelsam deleted the dependabot/github_actions/actions/upload-artifact-7 branch March 19, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kernelsam kernelsam kernelsam approved these changes

Assignees

@kernelsam kernelsam

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelsam @senzingdevops