Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1#180

Open
dependabot[bot] wants to merge 24 commits into
main from
dependabot/github_actions/actions/upload-artifact-7.0.1
Open

chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 #180
dependabot[bot] wants to merge 24 commits into
main from
dependabot/github_actions/actions/upload-artifact-7.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps actions/upload-artifact from 7.0.0 to 7.0.1.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 10, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 10, 2026

mergify Bot commented Apr 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 CI must pass

Wonderful, this rule succeeded.

All CI checks must pass. Release-plz PRs are exempt because they only bump versions and changelogs (code was already tested on main), and GITHUB_TOKEN-triggered force-pushes suppress CI.

  • check-success = coverage
  • check-success = quality
  • check-success = test-cross-platform (macos-latest, macOS)
  • check-success = test-cross-platform (ubuntu-latest, Linux)
  • check-success = test-cross-platform (windows-latest, Windows)
  • check-success = test-features (default)
  • check-success = test-features (minimal)

🟢 Do not merge outdated PRs

Wonderful, this rule succeeded.

Make sure PRs are within 3 commits of the base branch before merging

  • #commits-behind <= 3

@dosubot dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Apr 10, 2026

dosubot Bot commented Apr 10, 2026

Copy link
Copy Markdown
Contributor

Related Documentation

2 document(s) may need updating based on files changed in this PR:

Gold Digger

Automated Release Management
View Suggested Changes 
@@ -76,7 +76,7 @@
 
 ## Integration with Existing Release Workflows
 
-Release Please creates release PRs with updated version numbers and changelogs. When a release PR is merged, it creates a git tag for the new version. The existing release workflow (`.github/workflows/release.yml`) is configured to trigger on these tags, handling artifact building, signing, and publishing. The workflow uses cargo-dist v0.31.0 for distribution and pins all GitHub Actions to specific commit SHAs (`actions/checkout@v6.0.2`, `actions/upload-artifact@v7.0.0`, `actions/download-artifact@v8`) for improved security and reproducibility. Build artifacts include attestations generated via `actions/attest-build-provenance@v4`, which provide cryptographically verifiable build provenance for supply chain security. This ensures that the release process is fully automated from commit to published release [source](https://github.com/EvilBit-Labs/gold_digger/issues/57#issuecomment-3203749857).
+Release Please creates release PRs with updated version numbers and changelogs. When a release PR is merged, it creates a git tag for the new version. The existing release workflow (`.github/workflows/release.yml`) is configured to trigger on these tags, handling artifact building, signing, and publishing. The workflow uses cargo-dist v0.31.0 for distribution and pins all GitHub Actions to specific commit SHAs (`actions/checkout@v6.0.2`, `actions/upload-artifact@v7.0.1`, `actions/download-artifact@v8`) for improved security and reproducibility. Build artifacts include attestations generated via `actions/attest-build-provenance@v4`, which provide cryptographically verifiable build provenance for supply chain security. This ensures that the release process is fully automated from commit to published release [source](https://github.com/EvilBit-Labs/gold_digger/issues/57#issuecomment-3203749857).
 
 ```yaml
 name: Release

[Accept] [Decline]

Gold Digger Release Process
View Suggested Changes 
@@ -147,7 +147,7 @@
 
 The release workflow follows security best practices:
 
-- **Pinned Action Commits**: All GitHub Actions are pinned to specific commit SHAs rather than floating version tags, ensuring reproducibility and protecting against supply chain attacks. Examples include `actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd` (v6.0.2), `actions/upload-artifact@v7.0.0`, and `actions/download-artifact@v8`.
+- **Pinned Action Commits**: All GitHub Actions are pinned to specific commit SHAs rather than floating version tags, ensuring reproducibility and protecting against supply chain attacks. Examples include `actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd` (v6.0.2), `actions/upload-artifact@v7.0.1`, and `actions/download-artifact@v8`.
 
 - **Build Provenance**: The `actions/attest-build-provenance@v4` step creates verifiable attestations for all artifacts, providing cryptographic proof of the build environment and process.

[Accept] [Decline]

Note: You must be authenticated to accept/decline updates.

How did I do? Any feedback?

codecov Bot commented Apr 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@dosubot dosubot Bot added size:XS This PR changes 0-9 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Apr 14, 2026

Copy link
Copy Markdown
Member

@dependabot recreate
dependabot[bot] reacted with thumbs up emoji 

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v7...v7.0.1)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
 dependency-version: 7.0.1
 dependency-type: direct:production
 update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7.0.1 branch from 85f23bc to 76965b8 Compare April 25, 2026 03:41
mergify Bot added 16 commits April 28, 2026 22:43
mergify Bot and others added 7 commits June 3, 2026 12:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@unclesp1d3r unclesp1d3r Awaiting requested review from unclesp1d3r unclesp1d3r is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

AltStyle によって変換されたページ (->オリジナル) /