build(deps): Bump actions/upload-artifact from 4.6.2 to 7.0.0#3117
Conversation
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Spamoor Trace Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.50.
| Benchmark suite | Current: dc62b13 | Previous: 9af0f90 | Ratio |
|---|---|---|---|
SpamoorSmoke - evm_for_ctx (avg) |
91.73333333333333 us |
34.20161290322581 us |
2.68 |
This comment was automatically generated by workflow using github-action-benchmark.
|
The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).
|
|
Claude finished @julienrbrt's task in 2m 17s —— View job Code Review:
|
| Version | Key Change | Impact |
|---|---|---|
| v5 | Node.js 24 preliminary support | None for existing usage |
| v6 | Default Node.js 24, min runner v2.327.1 | GitHub-hosted runners auto-update; self-hosted runners may need attention |
| v7 | ESM upgrade, new archive: false direct upload |
Additive only — no breaking changes for name+path patterns used here |
All existing usages in this repo use the standard name + path pattern, which is fully compatible with v7.
Observations
Minor: SHA pinning inconsistency (pre-existing)
benchmark.yml uses SHA-pinned references with tag comments (security best practice), while test.yml uses floating tags (@v7.0.0, @v8.0.0). This inconsistency predates this PR.
# benchmark.yml (secure ✓)
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
# test.yml (less secure)
uses: actions/upload-artifact@v7.0.0For stronger supply chain security, test.yml should also pin to commit SHAs. Fix this →
Benchmark Regression Alert
The performance alert (SpamoorSmoke - evm_for_ctx: 2.68x regression) is unrelated to this PR. This is a GitHub Actions workflow-only change with no impact on application logic or benchmark behavior. The regression likely reflects CI runner variance or was present in the base commit.
Verdict
✅ Safe to merge. The usage patterns in this repo are fully compatible with v7.0.0. No action required.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3117 +/- ##
==========================================
- Coverage 60.78% 60.75% -0.04%
==========================================
Files 113 113
Lines 11675 11675
==========================================
- Hits 7097 7093 -4
- Misses 3775 3779 +4
Partials 803 803
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
julienrbrt
deleted the
dependabot/github_actions/main/actions/upload-artifact-7.0.0
branch
1 participant
Bumps actions/upload-artifact from 4.6.2 to 7.0.0.
Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEddc45eddocs: update README to correct action name for Node.js 24 support615b319chore: release v6.0.0 for Node.js 24 support017748bMerge pull request #744 from actions/fix-storage-blob38d4c79chore: rebuild distDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)