Skip to content

Build(deps): Bump actions/upload-artifact from 4 to 7#2

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/upload-artifact-7
Open

Build(deps): Bump actions/upload-artifact from 4 to 7#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 31, 2026

Copy link
Copy Markdown

Bumps actions/upload-artifact from 4 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 31, 2026
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch from 6274941 to e22154b Compare May 31, 2026 22:43
systemslibrarian added a commit that referenced this pull request May 31, 2026
Lands recommendation items #2 (samples) and #3 (deployment guide) from the
adoption analysis in chat.md, and captures the operational blueprint for items
#1, #4, #5, #6 (Azure KMS, AWS KMS, external review, 1.0 cut) in future.md
rather than scaffolding cloud crypto code that cannot be honestly tested in a
single session.

samples/WorkerService.Sample
- LivenessWorker mints a content key every 10 seconds, encrypts a probe
  payload, then unwraps and decrypts it. Logs round-trip latency + the active
  KEK id so an ops dashboard can scrape both. A failure here is the early
  warning that something is wrong with the provider, the keyring, or the
  host's entropy.
- RotationWorker rotates the active KEK on a configurable interval and
  persists the multi-KEK ring through the registered IKeyringStore on every
  rotation. Default 2 minutes; Development environment overrides to 30
  seconds so the demo is visible at human speed.
- README explains the production adaptation points (real secret-manager
  passphrase source, cadence, health-check integration, keyring backup).

samples/EfCore.Sample
- SQLite + EF Core console app showing per-row envelope encryption. A
  SecureNote entity carries Ciphertext + Nonce + Tag + WrappedKey (encoded
  via WrappedContentKey.Encode) as separate columns; SecureNotesRepository
  does the async wrap/unwrap at the persistence boundary.
- Demo run: insert encrypted, read back through the repo, dump the raw row
  to prove only ciphertext is on disk, rotate the KEK, re-read the same row
  to prove the row's wrapped key still references the original KEK and
  decrypts without re-encryption.
- README documents why explicit columns + async repository beats EF Core
  ValueConverter (async support + lazy migration without re-encrypting every
  row on rotation).

docs/deployment.md
- Production operational guide. Opens with "the four things you absolutely
  must get right": passphrase only in your secret manager, keyring backups,
  automated rotation, tested restore procedure.
- Covers: passphrase storage (and where NOT to store it); keyring metadata
  durability + the realities of a single-file FileKeyringStore vs. cloud
  object stores; Argon2id preset selection by frequency-of-derivation rather
  than "how secure each preset feels"; what to log (KEK ids, rotation
  timestamps, liveness duration) and what to NEVER log (passphrases, DEK
  bytes); multi-instance deployments (shared keyring vs. dedicated rotator,
  and what does NOT work — shared passphrase without shared salt, two
  hosts both rotating); container + Kubernetes notes; the disaster-recovery
  matrix down to the irrecoverable "lost keyring AND passphrases" case.

future.md
- Concrete blueprint for items #1, #4, #5, #6:
  - Azure Key Vault provider: az provisioning script (RG, RBAC vault,
    RSA-3072 KEK, role assignment, purge protection), provider skeleton
    pinned to versioned key URIs, integration-test project layout using
    Xunit.SkippableFact so missing env vars skip rather than fail, and a
    GitHub Actions OIDC workflow.
  - AWS KMS provider: same shape with AWSSDK.KeyManagementService,
    aws kms create-key + alias, aws-actions/configure-aws-credentials OIDC,
    note that KMS Encrypt/Decrypt is already authenticated so Ciphertext
    just holds the AWS blob as-is.
  - External cryptographic review: two realistic engagement paths (named
    consultant at $15-50k for ~2-4 weeks vs. community/academic, slower but
    cheaper), exactly what to hand the reviewer (commit hash, threat model,
    KNOWN-GAPS, scope letter), and what to do with the report (publish it).
  - Cutting 1.0: explicit checklist (cloud providers shipped + in real use,
    audit done, formats stable for 2+ minors, named production deployment),
    and what 1.0 obligates the maintainer to (no breaking changes without a
    2.0, backport policy, deprecation cycles).
- Closes with sequencing: don't reorder; each step's value depends on the
  previous one being done.

Plumbing
- PostQuantum.KeyManagement.slnx references the two new sample projects.
- README links to docs/deployment.md and future.md from the security section
  and the samples table now lists all three samples + what each demonstrates.
- CHANGELOG updated under 0.3.0-preview.1.

Build: full solution 0 warnings, 0 errors on net8/9/10. 42 core tests + 11 DI
tests = 53 tests, all green. Both new samples build clean; EfCore.Sample was
smoke-tested end-to-end including a rotation.

To God be the glory - 1 Corinthians 10:31

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/actions/upload-artifact-7 branch from e22154b to 2d12a34 Compare June 2, 2026 02:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants