Skip to content

ci: bump actions/upload-artifact from 4 to 7#6

Open
dependabot[bot] wants to merge 44 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-7
Open

ci: bump actions/upload-artifact from 4 to 7#6
dependabot[bot] wants to merge 44 commits into
mainfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps actions/upload-artifact from 4 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

SuperMarioYL and others added 30 commits December 27, 2025 11:25
Auto-generated documentation version from release refs/tags/v0.0.6

- Added version 0.0.6 to versions.json
- Created versioned_docs/version-0.0.6/
- Created versioned_sidebars/version-0.0.6-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.7

- Added version 0.0.7 to versions.json
- Created versioned_docs/version-0.0.7/
- Created versioned_sidebars/version-0.0.7-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.8

- Added version 0.0.8 to versions.json
- Created versioned_docs/version-0.0.8/
- Created versioned_sidebars/version-0.0.8-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.11

- Added version 0.0.11 to versions.json
- Created versioned_docs/version-0.0.11/
- Created versioned_sidebars/version-0.0.11-sidebars.json
Auto-updated version files from release refs/tags/v0.0.11

- Updated Chart.yaml version to 0.0.11
- Updated package.json version to 0.0.11
…refresh

Backend: atomic RetryOnConflict balance read-modify-write; Deduct returns post-write balance; preserve OverdueAt across deductions; scheduler panic-recovery + jitter; apiServer.replicaCount=1 stopgap vs duplicate billing; K8s client QPS/Burst 50/100; first backend unit tests (calculateCost / Recharge / Deduct / grace / concurrent recharge).

Frontend: route-level React.lazy + Vite manualChunks (echarts split out of main bundle); top-level ErrorBoundary; shared getApiErrorMessage; drop unused @ant-design/pro-components; UI version injected from package.json; remove stray console.log.

Docs/site: emoji -> Tabler-style inline SVG icons; interactive vector ProductShowcase; corrected install docs (OCI charts/bison, /healthz, OpenCost ns/keys, replicaCount, bison-api/bison-web); 1200x630 social card + SEO meta; reduced-motion particle bg; features.md accuracy; docs/optimization-roadmap.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…billing)

Lease-based leader election (internal/leader) runs the singleton billing/auto-recharge/alert scheduler on exactly one replica; scheduler made re-startable with tests; replicaCount restored to 2; LEADER_ELECTION_ENABLED toggle; coordination.k8s.io/leases RBAC added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Auth Secret reuses existing JWT key and admin password on helm upgrade via lookup, instead of regenerating with randAlphaNum every render (which rotated the JWT key and admin password on every upgrade). Fresh installs still auto-generate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…pare

Per-IP login limiter (5 fails / 5min -> 15min lockout, 429 + Retry-After) blocks admin-password brute force; crypto/subtle constant-time username+password comparison removes the timing side channel; limiter unit tests added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
CORS_ALLOWED_ORIGINS env restricts cross-origin requests to an allowlist (echoes matching origin + Vary + Allow-Credentials); unset preserves prior wildcard behavior for backward compatibility.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…illed timestamp

ProcessBilling gates on a persisted lastBilledAt so a cycle runs only after ~the configured interval elapsed, preventing the hourly tick from over-billing when interval>1h and preventing restart re-billing. First run sets a baseline. Timestamp write is conflict-retried; round-trip test added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
SuperMarioYL and others added 14 commits June 19, 2026 12:20
CalculateDailyConsumption divides by the actual deduction-activity span (capped 7d, floored 0.5d) instead of a fixed 7 days, and fetches up to 400 records so a full week of hourly deductions isn't truncated. Recharges/out-of-window excluded. Tests added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…oad prices once

GET /teams no longer runs a discarded OpenCost query per team. Billing/report cost computation resolves the price table once per operation (loadPrices + costFromPrices) instead of reading the resource-config ConfigMap per allocation row.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
OpenCost allocation queries wrapped in a 30s TTL cache that coalesces concurrent identical queries (window/aggregate/filter), cutting duplicate dashboard/billing load. Errors not cached. Self-contained, race-tested, no new dependency.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…b build

Release workflow gains a Test & Lint Gate (go vet/fmt/build/test -race + web npm ci/lint/vitest/build) that the publish chain needs, so broken code cannot be released. Declared tslib (phantom dep of echarts-for-react, previously provided by removed pro-components) and synced package-lock so npm ci is reproducible. gofmt applied across api-server.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…nal deps

macOS-generated lockfile omits @rollup/rollup-linux-x64-gnu; npm install resolves platform binaries on the Linux runner. Matches the web-ui Dockerfile.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
When AUTH_ENABLED=true the server refuses to start with an empty/default JWT_SECRET or empty/admin ADMIN_PASSWORD, preventing forgeable tokens and the default password in production. Auth-disabled/local dev unaffected; Helm injects random persisted secrets. Config validation tests added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replaced 13 duplicated err.response.data.error extraction sites with the shared getApiErrorMessage helper across ClusterNodes/TeamDetail/TeamCreate/Login/ResourceConfig.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
AuthProvider and ThemeProvider memoize their context value with useMemo instead of allocating a new object each render, avoiding cascading consumer re-renders (incl. the antd ConfigProvider subtree).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added values.schema.json so Helm type-checks values at install time (catches e.g. string replicaCount) and kubeVersion >=1.22 so unsupported clusters fail fast.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added optional PodDisruptionBudget, HorizontalPodAutoscaler (deployment drops replicas when HPA on), and NetworkPolicy (api-server ingress from web-ui + release ns). All off by default; values.schema.json extended.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added Dependabot for gomod/npm(web-ui,website)/github-actions/docker, and .dockerignore for api-server and web-ui to shrink build context and improve reproducibility.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant