Skip to content

chore(deps): update github artifact actions (major) #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update github artifact actions (major) #216

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 15, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/download-artifact action major v6.0.0v7.0.0
actions/upload-artifact action major v5.0.0v6.0.0

Release Notes

actions/download-artifact (actions/download-artifact)

v7.0.0

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@​v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed
New Contributors

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

actions/upload-artifact (actions/upload-artifact)

v6.0.0

Compare Source

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 15, 2025
edited
Loading

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 4 0 0 0.14s
✅ COPYPASTE jscpd yes no no 1.22s
✅ DOCKERFILE hadolint 1 0 0 0.11s
✅ JSON jsonlint 3 0 0 0.19s
✅ JSON prettier 3 0 0 0.4s
✅ JSON v8r 3 0 0 2.89s
✅ MARKDOWN markdownlint 1 0 0 0.41s
✅ MARKDOWN markdown-table-formatter 1 0 0 0.23s
✅ PYTHON bandit 1 0 0 2.1s
✅ PYTHON black 1 0 0 0.81s
✅ PYTHON flake8 1 0 0 0.48s
✅ PYTHON isort 1 0 0 0.24s
✅ PYTHON mypy 1 0 0 3.86s
✅ PYTHON pylint 1 0 0 2.93s
✅ PYTHON pyright 1 0 0 1.88s
✅ PYTHON ruff 1 0 0 0.04s
✅ REPOSITORY checkov yes no no 23.77s
✅ REPOSITORY dustilock yes no no 0.02s
✅ REPOSITORY gitleaks yes no no 0.3s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 37.49s
✅ REPOSITORY kics yes no no 3.88s
✅ REPOSITORY secretlint yes no no 2.09s
✅ REPOSITORY syft yes no no 2.28s
✅ REPOSITORY trivy yes no no 11.68s
✅ REPOSITORY trivy-sbom yes no no 0.1s
✅ REPOSITORY trufflehog yes no no 4.07s
✅ YAML prettier 6 0 0 0.68s
✅ YAML v8r 6 0 0 6.58s
✅ YAML yamllint 6 0 0 0.66s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.2.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/major-github-artifact-actions branch from d14bb2e to 789c5a9 Compare December 31, 2025 16:11
@renovate renovate bot force-pushed the renovate/major-github-artifact-actions branch from 789c5a9 to a22c900 Compare February 2, 2026 19:13
@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags:v1.2.3-beta.123 (debian 13.3)

36 known vulnerabilities found (CRITICAL: 3 HIGH: 3 MEDIUM: 30 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libssl3t64 CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow-without-test-image:pr-216 (debian 13.3)

36 known vulnerabilities found (CRITICAL: 3 HIGH: 3 MEDIUM: 30 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libssl3t64 CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026

Trivy image scan report

ghcr.io/chgl/github-reusable-workflow:pr-216 (debian 13.3)

36 known vulnerabilities found (CRITICAL: 3 HIGH: 3 MEDIUM: 30 LOW: 0)

Show detailed table of vulnerabilities
Package ID Severity Installed Version Fixed Version
libssl3t64 CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
libssl3t64 CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15467 CRITICAL 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69419 HIGH 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-11187 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15468 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-15469 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-66199 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-68160 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69418 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69420 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2025-69421 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2026-22795 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2
openssl-provider-legacy CVE-2026-22796 MEDIUM 3.5.4-1~deb13u1 3.5.4-1~deb13u2

No Misconfigurations found

Python

No Vulnerabilities found

No Misconfigurations found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants