chore(deps): update actions/upload-artifact action to v7.0.1#5495
chore(deps): update actions/upload-artifact action to v7.0.1#5495
Conversation
thomhurst
added
dependencies
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7.0.1
This is a straightforward Renovate Bot dependency update bumping actions/upload-artifact from v7.0.0 to v7.0.1 across 3 workflow steps in .github/workflows/dotnet.yml.
Assessment: Approve
What changed: The patch bumps the pinned action tag from v7.0.0 to v7.0.1 in all three upload-artifact steps:
- Upload Diagnostic Logs
- Upload Hang Dumps
- NuGet Packages Artifacts
Review Notes
Good: All three usages are updated consistently — no mixed versions across steps.
v7.0.1 changelog summary: The patch release includes readme/documentation updates and a dependency bump in typespec/ts-http-runtime (0.3.5). No functional changes to the upload behavior are expected.
Consideration — pin by commit SHA? For stronger supply chain security, some projects pin GitHub Actions to a full commit SHA rather than a mutable tag (e.g., actions/upload-artifact@<sha> with a comment showing the version). Since Renovate is already managing version drift, this is a low-priority suggestion but worth considering if the project's threat model requires it. The current tag-based approach is acceptable for most projects.
No issues found. This dependency update is safe to merge.
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7.0.1
Straightforward Renovate Bot patch bump from v7.0.0 → v7.0.1 across 3 workflow steps in .github/workflows/dotnet.yml.
Assessment: Approve
All three upload-artifact usages (Diagnostic Logs, Hang Dumps, NuGet Packages) are updated consistently — no mixed versions.
v7.0.1 changes: Documentation/readme updates and a typespec/ts-http-runtime 0.3.5 dependency bump. No functional behavior changes expected.
Minor suggestion (not blocking): For stronger supply chain security, consider pinning to full commit SHAs instead of mutable tags (e.g. actions/upload-artifact@<sha> # v7.0.1). Renovate supports SHA pinning and can still manage updates. Since Renovate is already managing version drift, the current tag-based approach is perfectly acceptable.
No issues found — safe to merge.
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7.0.1
Straightforward Renovate Bot patch bump from v7.0.0 → v7.0.1 across 3 workflow steps in .github/workflows/dotnet.yml.
Assessment: Approve
All three upload-artifact usages (Diagnostic Logs, Hang Dumps, NuGet Packages) are updated consistently — no mixed versions.
v7.0.1 changes: Documentation/readme updates and a typespec/ts-http-runtime 0.3.5 dependency bump. No functional behavior changes expected.
Minor suggestion (not blocking): For stronger supply chain security, consider pinning to full commit SHAs instead of mutable tags (e.g. actions/upload-artifact@<sha> # v7.0.1). Renovate supports SHA pinning and can still manage updates. Since Renovate is already managing version drift, the current tag-based approach is perfectly acceptable.
No issues found — safe to merge.
Up to standards ✅🟢 Issues
|
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
6d36f07 to
bfb9def
Compare
There was a problem hiding this comment.
Code Review: chore(deps): update actions/upload-artifact action to v7.0.1
Straightforward Renovate Bot patch bump: actions/upload-artifact v7.0.0 → v7.0.1 across 3 workflow steps in .github/workflows/dotnet.yml.
All three usages updated consistently (Diagnostic Logs, Hang Dumps, NuGet Packages) — no mixed versions.
v7.0.1 changes: Readme/documentation updates and a typespec/ts-http-runtime 0.3.5 dependency bump. No functional behavior changes.
Prior suggestion (not yet addressed, non-blocking): Consider pinning to commit SHAs instead of mutable tags for stronger supply chain security (e.g. actions/upload-artifact@<sha> # v7.0.1). Renovate fully supports SHA pinning. The current tag-based approach remains acceptable.
No issues found — safe to merge.
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
bfb9def to
28dbb0c
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
28dbb0c to
c91b534
Compare
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
thomhurst
force-pushed
the
renovate/actions-upload-artifact-7.x
branch
from
c91b534 to
0fd0c17
Compare
Updated [TUnit.Core](https://github.com/thomhurst/TUnit) from 1.28.7 to 1.33.0. <details> <summary>Release notes</summary> _Sourced from [TUnit.Core's releases](https://github.com/thomhurst/TUnit/releases)._ ## 1.33.0 <!-- Release notes generated using configuration in .github/release.yml at v1.33.0 --> ## What's Changed ### Other Changes * perf: engine-wide performance optimizations by @thomhurst in thomhurst/TUnit#5520 * feat: Add TUnitSettings static API for programmatic configuration by @thomhurst in thomhurst/TUnit#5522 * perf: reduce allocations and improve hot-path performance by @thomhurst in thomhurst/TUnit#5524 * fix: enforce ParallelLimiter semaphore in TestRunner to prevent DependsOn bypass by @thomhurst in thomhurst/TUnit#5526 ### Dependencies * chore(deps): update tunit to 1.32.0 by @thomhurst in thomhurst/TUnit#5513 **Full Changelog**: thomhurst/TUnit@v1.32.0...v1.33.0 ## 1.32.0 <!-- Release notes generated using configuration in .github/release.yml at v1.32.0 --> ## What's Changed ### Other Changes * fix: auto-register correlated logging for minimal API hosts (#5503) by @thomhurst in thomhurst/TUnit#5511 * fix: cascade HookExecutorAttribute from class/assembly to hooks (#5462) by @thomhurst in thomhurst/TUnit#5512 ### Dependencies * chore(deps): update dependency polyfill to 10.3.0 by @thomhurst in thomhurst/TUnit#5508 * chore(deps): update tunit to 1.31.0 by @thomhurst in thomhurst/TUnit#5510 * chore(deps): update dependency polyfill to 10.3.0 by @thomhurst in thomhurst/TUnit#5509 **Full Changelog**: thomhurst/TUnit@v1.31.0...v1.32.0 ## 1.31.0 <!-- Release notes generated using configuration in .github/release.yml at v1.31.0 --> ## What's Changed ### Other Changes * feat(reporters): overhaul GitHub Actions step summary by @thomhurst in thomhurst/TUnit#5483 * fix: truncate large stdout/stderr in HTML report to prevent JSON serialization failure by @thomhurst in thomhurst/TUnit#5485 * feat(html-report): add failure clustering to test report by @thomhurst in thomhurst/TUnit#5490 * feat(html-report): add chevron affordance to failure cluster headers by @thomhurst in thomhurst/TUnit#5492 * feat(reporters): group GitHub summary failures by exception type by @thomhurst in thomhurst/TUnit#5491 * feat(reporters): add minimap sidebar navigator to HTML report by @thomhurst in thomhurst/TUnit#5494 * feat(html-report): add category/tag filter pills to toolbar by @thomhurst in thomhurst/TUnit#5496 * feat(html-report): omit redundant test body span from trace timeline by @thomhurst in thomhurst/TUnit#5497 * fix(tests): clear reporter env vars before each GitHubReporterTest to fix flaky CI on macOS/Windows by @thomhurst in thomhurst/TUnit#5499 * feat: add TestContext.MakeCurrent() for console output correlation by @thomhurst in thomhurst/TUnit#5502 * feat(html-report): add flaky test detection and summary section by @thomhurst in thomhurst/TUnit#5498 * fix: smarter stack trace filtering that preserves TUnit-internal traces by @thomhurst in thomhurst/TUnit#5506 * feat: add Activity baggage-based test context correlation by @thomhurst in thomhurst/TUnit#5505 ### Dependencies * chore(deps): update actions/github-script action to v9 by @thomhurst in thomhurst/TUnit#5476 * chore(deps): update tunit to 1.30.8 by @thomhurst in thomhurst/TUnit#5477 * chore(deps): update dependency polyfill to 10.2.0 by @thomhurst in thomhurst/TUnit#5482 * chore(deps): update dependency polyfill to 10.2.0 by @thomhurst in thomhurst/TUnit#5481 * chore(deps): update actions/upload-artifact action to v7.0.1 by @thomhurst in thomhurst/TUnit#5495 **Full Changelog**: thomhurst/TUnit@v1.30.8...v1.31.0 ## 1.30.8 <!-- Release notes generated using configuration in .github/release.yml at v1.30.8 --> ## What's Changed ### Other Changes * feat(mocks): migrate to T.Mock() extension syntax by @thomhurst in thomhurst/TUnit#5472 * feat: split TUnit.AspNetCore into Core + meta package by @thomhurst in thomhurst/TUnit#5474 * feat: add async Member() overloads for Task-returning member selectors by @thomhurst in thomhurst/TUnit#5475 ### Dependencies * chore(deps): update aspire to 13.2.2 by @thomhurst in thomhurst/TUnit#5464 * chore(deps): update dependency polyfill to 10.1.1 by @thomhurst in thomhurst/TUnit#5468 * chore(deps): update dependency polyfill to 10.1.1 by @thomhurst in thomhurst/TUnit#5467 * chore(deps): update tunit to 1.30.0 by @thomhurst in thomhurst/TUnit#5469 * chore(deps): update dependency microsoft.playwright to 1.59.0 by @thomhurst in thomhurst/TUnit#5473 **Full Changelog**: thomhurst/TUnit@v1.30.0...v1.30.8 ## 1.30.0 <!-- Release notes generated using configuration in .github/release.yml at v1.30.0 --> ## What's Changed ### Other Changes * perf: eliminate locks from mock invocation and verification hot paths by @thomhurst in thomhurst/TUnit#5422 * feat: TUnit0074 analyzer for redundant hook attributes on overrides by @thomhurst in thomhurst/TUnit#5459 * fix(mocks): respect generic type argument accessibility (#5453) by @thomhurst in thomhurst/TUnit#5460 * fix(mocks): skip inaccessible internal accessors when mocking Azure.Response by @thomhurst in thomhurst/TUnit#5461 * fix: apply CultureAttribute and STAThreadExecutorAttribute to hooks (#5452) by @thomhurst in thomhurst/TUnit#5463 ### Dependencies * chore(deps): update tunit to 1.29.0 by @thomhurst in thomhurst/TUnit#5446 * chore(deps): update react to ^19.2.5 by @thomhurst in thomhurst/TUnit#5457 * chore(deps): update opentelemetry to 1.15.2 by @thomhurst in thomhurst/TUnit#5456 * chore(deps): update dependency qs to v6.15.1 by @thomhurst in thomhurst/TUnit#5458 **Full Changelog**: thomhurst/TUnit@v1.29.0...v1.30.0 ## 1.29.0 <!-- Release notes generated using configuration in .github/release.yml at v1.29.0 --> ## What's Changed ### Other Changes * 🤖 Update Mock Benchmark Results by @thomhurst in thomhurst/TUnit#5420 * fix(mocks): resolve build errors when mocking Azure SDK clients by @thomhurst in thomhurst/TUnit#5440 * fix: deduplicate virtual hook overrides across class hierarchy (#5428) by @thomhurst in thomhurst/TUnit#5441 * fix(mocks): unique __argArray locals per event in RaiseEvent dispatch (#5423) by @thomhurst in thomhurst/TUnit#5442 * refactor(mocks): extract MockTypeModel.Visibility helper by @thomhurst in thomhurst/TUnit#5443 * fix(mocks): preserve nullable annotations on generated event implementations by @thomhurst in thomhurst/TUnit#5444 * fix(mocks): preserve nullability on event handler types (#5425) by @thomhurst in thomhurst/TUnit#5445 ### Dependencies * chore(deps): update tunit to 1.28.7 by @thomhurst in thomhurst/TUnit#5416 * chore(deps): update dependency polyfill to v10 by @thomhurst in thomhurst/TUnit#5417 * chore(deps): update dependency polyfill to v10 by @thomhurst in thomhurst/TUnit#5418 * chore(deps): update dependency mockolate to 2.4.0 by @thomhurst in thomhurst/TUnit#5431 * chore(deps): update mstest to 4.2.1 by @thomhurst in thomhurst/TUnit#5433 * chore(deps): update dependency microsoft.net.test.sdk to 18.4.0 by @thomhurst in thomhurst/TUnit#5435 * chore(deps): update microsoft.testing to 2.2.1 by @thomhurst in thomhurst/TUnit#5432 * chore(deps): update dependency microsoft.testing.extensions.codecoverage to 18.6.2 by @thomhurst in thomhurst/TUnit#5437 * chore(deps): update dependency @docusaurus/theme-mermaid to ^3.10.0 by @thomhurst in thomhurst/TUnit#5438 * chore(deps): update docusaurus to v3.10.0 by @thomhurst in thomhurst/TUnit#5439 **Full Changelog**: thomhurst/TUnit@v1.28.7...v1.29.0 Commits viewable in [compare view](thomhurst/TUnit@v1.28.7...v1.33.0). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 participants
This PR contains the following updates:
v7.0.0→v7.0.1Release Notes
actions/upload-artifact (actions/upload-artifact)
v7.0.1Compare Source
What's Changed
Full Changelog: actions/upload-artifact@v7...v7.0.1
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.