[action] Bump actions/upload-artifact from 4.6.2 to 5.0.0 #134
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...v5.0.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
dependabot
bot
added
dependencies
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 1 | 0 | 0 | 0.27s | |
| jscpd | yes | 2 | no | 2.49s | ||
| ✅ EDITORCONFIG | editorconfig-checker | 1 | 0 | 0 | 0.26s | |
| devskim | yes | 118 | 68 | 9.59s | ||
| ✅ REPOSITORY | dustilock | yes | no | no | 0.77s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.65s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 26.24s | |
| kics | yes | 20 | no | 11.98s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 0.74s | |
| ✅ REPOSITORY | syft | yes | no | no | 0.99s | |
| ✅ REPOSITORY | trivy | yes | no | no | 6.77s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.1s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 2.56s | |
| ✅ SPELL | cspell | 2 | 0 | 0 | 3.9s | |
| lychee | 1 | 2 | 0 | 0.6s | ||
| ✅ YAML | prettier | 1 | 1 | 0 | 0 | 0.48s |
| ✅ YAML | v8r | 1 | 0 | 0 | 3.1s | |
| ✅ YAML | yamllint | 1 | 0 | 0 | 0.47s |
Detailed Issues
⚠️ REPOSITORY / devskim - 118 errors
[16:40:24 ERR] Failed to parse Data at the root level is invalid. Line 1, position 1. as a XML document: null
[16:40:24 ERR] Failed to parse Data at the root level is invalid. Line 1, position 1. as a XML document: null
{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.67+1c44622c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS176209","name":"SuspiciousComment","fullDescription":{"text":"Suspicious comment: A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"help":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md) for additional guidance on this issue."},"shortDescription":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"id":"DS173237","name":"DoNotStoreTokensOrKeysInSourceCode","fullDescription":{"text":"Do not store tokens or keys in source code.: A token or key was found in source code. If this represents a secret, it should be moved somewhere else."},"help":{"text":"A token or key was found in source code. If this represents a secret, it should be moved somewhere else.","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS173237.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS173237.md) for additional guidance on this issue."},"shortDescription":{"text":"A token or key was found in source code. If this represents a secret, it should be moved somewhere else."},"defaultConfiguration":{"level":"error"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS173237.md","properties":{"precision":"medium","problem.severity":"warning","DevSkimSeverity":"Important","DevSkimConfidence":"Medium"}},{"id":"DS126858","name":"WeakbrokenHashAlgorithm","fullDescription":{"text":"Weak/Broken Hash Algorithm: A weak or broken hash algorithm was detected."},"help":{"text":"Consider switching to use SHA-256 or SHA-512 instead.","markdown":"Consider switching to use SHA-256 or SHA-512 instead. Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS126858.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS126858.md) for additional guidance on this issue."},"shortDescription":{"text":"A weak or broken hash algorithm was detected."},"defaultConfiguration":{"level":"error"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS126858.md","properties":{"precision":"high","problem.severity":"error","DevSkimSeverity":"Critical","DevSkimConfidence":"High"}},{"id":"DS104456","name":"UseOfRestrictedFunctions","fullDescription":{"text":"Use of restricted functions.: Use of restricted functions."},"help":{"text":"Use of restricted functions.","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS104456.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS104456.md) for additional guidance on this issue."},"shortDescription":{"text":"Use of restricted functions."},"defaultConfiguration":{"level":"error"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS104456.md","properties":{"precision":"high","problem.severity":"warning","DevSkimSeverity":"Important","DevSkimConfidence":"High"}},{"id":"DS137138","name":"InsecureUrl","fullDescription":{"text":"Insecure URL: An HTTP-based URL without TLS was detected."},"help":{"text":"Update to an HTTPS-based URL if possible.","markdown":"Update to an HTTPS-based URL if possible. Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md) for additional guidance on this issue."},"shortDescription":{"text":"An HTTP-based URL without TLS was detected."},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md","properties":{"precision":"high","problem.severity":"warning","DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"defaultConfiguration":{"level":"warning"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/rasa/scoops","revisionId":"HIDDEN_BY_MEGALINTER","branch":"(no branch)"}],"results":[{"ruleId":"DS104456","level":"error","message":{"text":"Use of restricted functions."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":78,"startColumn":38,"endLine":78,"endColumn":55,"charOffset":2917,"charLength":17,"snippet":{"text":"Invoke-Expression","rendered":{"text":"Invoke-Expression","markdown":"`Invoke-Expression`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Implementation.Scripting.PowerShell.DangeousFunction"],"DevSkimSeverity":"Important","DevSkimConfidence":"High"}},{"ruleId":"DS104456","level":"error","message":{"text":"Use of restricted functions."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":76,"startColumn":47,"endLine":76,"endColumn":64,"charOffset":2807,"charLength":17,"snippet":{"text":"Invoke-Expression","rendered":{"text":"Invoke-Expression","markdown":"`Invoke-Expression`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Implementation.Scripting.PowerShell.DangeousFunction"],"DevSkimSeverity":"Important","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":40,"startColumn":37,"endLine":40,"endColumn":41,"charOffset":1523,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":39,"startColumn":44,"endLine":39,"endColumn":48,"charOffset":1480,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":37,"startColumn":56,"endLine":37,"endColumn":60,"charOffset":1419,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":36,"startColumn":48,"endLine":36,"endColumn":52,"charOffset":1357,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":34,"startColumn":46,"endLine":34,"endColumn":50,"charOffset":1282,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkver.ps1"},"region":{"startLine":33,"startColumn":44,"endLine":33,"endColumn":48,"charOffset":1211,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS104456","level":"error","message":{"text":"Use of restricted functions."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/describe.ps1"},"region":{"startLine":24,"startColumn":40,"endLine":24,"endColumn":57,"charOffset":686,"charLength":17,"snippet":{"text":"Invoke-Expression","rendered":{"text":"Invoke-Expression","markdown":"`Invoke-Expression`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Implementation.Scripting.PowerShell.DangeousFunction"],"DevSkimSeverity":"Important","DevSkimConfidence":"High"}},{"ruleId":"DS104456","level":"error","message":{"text":"Use of restricted functions."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkurls.ps1"},"region":{"startLine":53,"startColumn":38,"endLine":53,"endColumn":55,"charOffset":1763,"charLength":17,"snippet":{"text":"Invoke-Expression","rendered":{"text":"Invoke-Expression","markdown":"`Invoke-Expression`"}},"sourceLanguage":"powershell"}}}],"properties":{"tags":["Implementation.Scripting.PowerShell.DangeousFunction"],"DevSkimSeverity":"Important","DevSkimConfidence":"High"}},{"ruleId":"DS104456","level":"error","message":{"text":"Use of restricted functions."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"bin/checkurls.ps1"},"region":{"startLine":51,"startColumn":47,
(Truncated to 10000 characters out of 155175)
⚠️ COPYPASTE / jscpd - 2 errors
Clone found (powershell):
- bin/describe.ps1 [11:1 - 24:36] (13 lines, 122 tokens)
bin/formatjson.ps1 [10:1 - 23:38]
Clone found (powershell):
- bin/checkhashes.ps1 [58:1 - 68:2] (10 lines, 114 tokens)
bin/checkver.ps1 [72:1 - 82:2]
┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ powershell │ 12 │ 467 │ 2681 │ 2 │ 23 (4.93%) │ 236 (8.8%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ bash │ 2 │ 9 │ 25 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ python │ 9 │ 1916 │ 15333 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ ini │ 2 │ 58 │ 220 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markdown │ 5 │ 64 │ 865 │ 0 │ 0 (0%) │ 0 (0%) │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total: │ 30 │ 2514 │ 19124 │ 2 │ 23 (0.91%) │ 236 (1.23%) │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 2 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (0.91%) over threshold (0.5%)
Error: ERROR: jscpd found too many duplicates (0.91%) over threshold (0.5%)
at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:612:13)
at /node-deps/node_modules/@jscpd/finder/dist/index.js:110:18
at Array.forEach (<anonymous>)
at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:22
at async /node-deps/node_modules/jscpd/dist/jscpd.js:351:5
⚠️ REPOSITORY / kics - 20 errors
MLLLLLM MLLLLLLLLL LLLLLLL KLLLLLLLLLLLLLLLL LLLLLLLLLLLLLLLLLLLLLLL
MMMMMMM MMMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMML KLMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMM MMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMM MMMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMM LMMMMMMMMML MMMMMMMK LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM
MMMMMMM MMMMMMMMMLM MMMMMMMK LMMMMMMMM LMMMMMML
MMMMMMMLMMMMMMMML MMMMMMMK MMMMMMML LMMMMMMMMLLLLLLLLLLLLLMLL
MMMMMMMMMMMMMMMM MMMMMMMK MMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMML
MMMMMMMMMMMMMMMMMM MMMMMMMK MMMMMMM LMMMMMMMMMMMMMMMMMMMMMMMML
MMMMMMM KLMMMMMMMMML MMMMMMMK LMMMMMMM MMMMMMMML
MMMMMMM LMMMMMMMMMM MMMMMMMK LMMMMMMMMLL MMMMMMML
MMMMMMM LMMMMMMMMMLL MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
MMMMMMM MMMMMMMMMMML MMMMMMMK MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMM LLMMMMMMMMML MMMMMMMK LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML
MMMMMMM MMMMMMMMMML MMMMMMMK KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK
Scanning with Keeping Infrastructure as Code Secure v2.1.14
Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 20
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9
[1]: .github/workflows/debug-matrix.yml:75
074: steps:
075: - uses: crazy-max/ghaction-dump-context@v2.3.0
076:
[2]: .github/workflows/mega-linter.yml:118
117: # More info at https://megalinter.io/flavors/
118: uses: oxsecurity/megalinter@v9 # changed from v7 by @rasa
119:
[3]: .github/workflows/issue_comment.yml:12
011: - name: Pull Request Validation
012: uses: Ash258/Scoop-GithubActions@stable
013: if: startsWith(github.event.comment.body, '/verify')
[4]: .github/workflows/pull_request.yml:12
011: - name: Pull Request Validation
012: uses: Ash258/Scoop-GithubActions@stable
013: env:
[5]: .github/workflows/black.yml:51
050: if: steps.black.outputs.changes == 'true'
051: uses: ad-m/github-push-action@master
052: with:
[6]: .github/workflows/dependabot.yml:36
035: steps:
036: - uses: dependabot/fetch-metadata@v2.4.0
037: id: dependabot-metadata
[7]: .github/workflows/update-readme.yml:27
026:
027: - uses: EndBug/add-and-commit@v9
028: with:
[8]: .github/workflows/codeql.yml:37
036: # Initializes the CodeQL tools for scanning.
037: - uses: github/codeql-action/init@v3
038: # Override language selection by uncommenting this and choosing your languages
[9]: .github/workflows/issue.yml:12
011: - name: Verify Issue
012: uses: Ash258/Scoop-GithubActions@stable
013: if: github.event.action == 'opened' || (github.event.action == 'labeled' && contains(github.event.issue.labels.*.name, 'verify'))
[10]: .github/workflows/mega-linter.yml:209
208: - name: Create Pull Request with applied fixes
209: uses: peter-evans/create-pull-request@v7.0.8 # changed from v5 by @rasa
210: id: cpr
[11]: .github/workflows/mega-linter.yml:231
230: - name: Commit and push applied linter fixes
231: uses: stefanzweifel/git-auto-commit-action@v6.0.1 # changed from v4 by @rasa
232: if: env.APPLY_FIXES_IF_COMMIT == 'true'
[12]: .github/workflows/clean-logs.yml:145
144: if: github.event_name == 'schedule'
145: uses: rasa/delete-workflow-runs@main
146: # was Mattraks/delete-workflow-runs@main
[13]: .github/workflows/clean-logs.yml:157
156: if: github.event_name != 'schedule'
157: uses: rasa/delete-workflow-runs@main
158: # was Mattraks/delete-workflow-runs@main
[14]: .github/workflows/excavator.yml:14
013: - name: Excavate
014: uses: ScoopInstaller/GithubActions@main
015: env:
[15]: .github/workflows/toc.yml:57
056:
057: - uses: stefanzweifel/git-auto-commit-action@v6.0.1
058: with:
[16]: .github/workflows/debug-matrix.yml:104
103: continue-on-error: true
104: uses: MinoruSekine/setup-scoop@main
105: with:
[17]: .github/workflows/codeql.yml:58
057: # Perform CodeQL Analysis
058: - uses: github/codeql-action/analyze@v3
059:
[18]: .github/workflows/codeql.yml:44
043: # If this step fails, then you should remove it and run the build manually (see below).
044: - uses: github/codeql-action/autobuild@v3
045:
[19]: .github/workflows/clean-logs.yml:141
140: # uses: rasa/ghaction-dump-context@master
141: - uses: crazy-max/ghaction-dump-context@v2.3.0
142:
[20]: .github/workflows/debug-rasa.yml:61
060:
061: - uses: crazy-max/ghaction-dump-context@v2.3.0
062:
Results Summary:
CRITICAL: 0
HIGH: 0
MEDIUM: 0
LOW: 20
INFO: 0
TOTAL: 20
A new version 'v2.1.15' of KICS is available, please consider updating
⚠️ SPELL / lychee - 2 errors
[404] https://megalinter.io/flavors/ | Network error: Not Found
[404] https://megalinter.io/configuration/ | Network error: Not Found
📝 Summary
---------------------
🔍 Total............4
✅ Successful.......1
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........1
❓ Unknown..........0
🚫 Errors...........2
Errors in .github/workflows/mega-linter.yml
[404] https://megalinter.io/configuration/ | Network error: Not Found
[404] https://megalinter.io/flavors/ | Network error: Not Found
See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps actions/upload-artifact from 4.6.2 to 5.0.0.
Release notes
Sourced from actions/upload-artifact's releases.
Commits
330a01cMerge pull request #734 from actions/danwkennedy/prepare-5.0.003f2824Updategithub.dep.yml905a1ecPreparev5.0.02d9f9cdMerge pull request #725 from patrikpolyak/patch-19687587Merge branch 'main' into patch-12848b2cMerge pull request #727 from danwkennedy/patch-19b51177Spell out the first use of GHEScd231caUpdate GHES guidance to include reference to Node 20 versionde65e23Merge pull request #712 from actions/nebuk89-patch-18747d8cUpdate README.mdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)