Skip to content

build(deps): bump actions/upload-artifact from 4 to 7#98

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions/upload-artifact-7
Open

build(deps): bump actions/upload-artifact from 4 to 7#98
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Bumps actions/upload-artifact from 4 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 6, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 6, 2026

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 1 file

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/deploy-frontend.yml">

<violation number="1" location=".github/workflows/deploy-frontend.yml:56">
P1: `upload-artifact` is bumped to v7 but `download-artifact` on line 69 remains at v4. These companion actions should be version-aligned — bump `download-artifact` to v7 as well to avoid artifact download failures in the deploy job.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

Comment thread .github/workflows/deploy-frontend.yml

- name: Upload build artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: upload-artifact is bumped to v7 but download-artifact on line 69 remains at v4. These companion actions should be version-aligned — bump download-artifact to v7 as well to avoid artifact download failures in the deploy job.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/deploy-frontend.yml, line 56:

<comment>`upload-artifact` is bumped to v7 but `download-artifact` on line 69 remains at v4. These companion actions should be version-aligned — bump `download-artifact` to v7 as well to avoid artifact download failures in the deploy job.</comment>

<file context>
@@ -53,7 +53,7 @@ jobs:
 
       - name: Upload build artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: frontend-dist
</file context>

devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View 1 additional finding in Devin Review.

Open in Devin Review

Comment thread .github/workflows/deploy-frontend.yml

- name: Upload build artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 upload-artifact bumped to v7 but download-artifact left at v4, breaking artifact transfer between jobs

The build job uploads artifacts with actions/upload-artifact@v7 (line 56), but the deploy job still downloads with actions/download-artifact@v4 (line 69). The upload-artifact and download-artifact actions must use compatible major versions because major version bumps change the underlying artifact backend. This version mismatch will cause the deploy job to fail to retrieve the artifact uploaded by the build job, breaking the entire frontend deployment pipeline.

Prompt for agents 
The upload-artifact action was bumped to v7 but the corresponding download-artifact action at line 69 was not updated. These two actions must use compatible major versions to function correctly. Either revert upload-artifact back to v4 to match the existing download-artifact@v4, or bump download-artifact to v7 as well (at .github/workflows/deploy-frontend.yml line 69: change `actions/download-artifact@v4` to `actions/download-artifact@v7`).
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@dependabot dependabot Bot changed the title chore(deps): bump actions/upload-artifact from 4 to 7 build(deps): bump actions/upload-artifact from 4 to 7 Apr 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch 6 times, most recently from d3f9d02 to 447d768 Compare April 10, 2026 00:06
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch 2 times, most recently from 4eee816 to 74e573e Compare April 17, 2026 23:27
propel-code-bot[bot]
propel-code-bot Bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@propel-code-bot propel-code-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency update review found no issues; changes appear safe to merge.

Status: No Issues Found | Risk: Low

Review Details

📁 1 files reviewed | 💬 0 comments

Instruction Files 
├── AGENTS.md
└── CLAUDE.md

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch 3 times, most recently from 08ea8c2 to 2f56438 Compare April 18, 2026 04:00
@dependabot
chore(deps): bump actions/upload-artifact from 4 to 7
e0d5d36 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch from 2f56438 to e0d5d36 Compare April 18, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@propel-code-bot propel-code-bot[bot] propel-code-bot[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants