Bump actions/upload-artifact from 4.3.1 to 4.5.0 #2651

dependabot · 2025-01-02T10:51:06Z

Bumps actions/upload-artifact from 4.3.1 to 4.5.0.

Release notes

Sourced from actions/upload-artifact's releases.

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

Exclude hidden files by default by @joshmgross in actions/upload-artifact#598

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

... (truncated)

Commits

6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
92b01eb Undo indirect dependency updates from #627
8448086 Merge pull request #627 from actions/robherley/v4.4.2
b1d4642 add explicit relative and absolute symlinks to workflow
d50e660 bump version
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5d5d22a...6f51ac0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

* Fix vt hash (#2654) * fix vt3 and added debug logs * fix file read * Bump quark-engine from 24.12.1 to 25.1.1 in /requirements (#2650) Bumps [quark-engine](https://github.com/quark-engine/quark-engine) from 24.12.1 to 25.1.1. - [Release notes](https://github.com/quark-engine/quark-engine/releases) - [Commits](quark-engine/quark-engine@v24.12.1...v25.1.1) --- updated-dependencies: - dependency-name: quark-engine dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.1.0 to 4.2.2 (#2652) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.0...v4.2.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump mobsfscan in /integrations/malware_tools_analyzers/requirements (#2634) Bumps [mobsfscan](https://github.com/MobSF/mobsfscan) from 0.3.9 to 0.4.5. - [Release notes](https://github.com/MobSF/mobsfscan/releases) - [Commits](MobSF/mobsfscan@0.3.9...0.4.5) --- updated-dependencies: - dependency-name: mobsfscan dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-ses from 4.2.0 to 4.3.1 in /requirements (#2643) Bumps [django-ses](https://github.com/django-ses/django-ses) from 4.2.0 to 4.3.1. - [Release notes](https://github.com/django-ses/django-ses/releases) - [Changelog](https://github.com/django-ses/django-ses/blob/main/CHANGES.md) - [Commits](django-ses/django-ses@v4.2.0...v4.3.1) --- updated-dependencies: - dependency-name: django-ses dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump ossf/scorecard-action from 2.3.0 to 2.4.0 (#2648) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@483ef80...62b2cac) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump thug in /integrations/malware_tools_analyzers/requirements (#2644) Bumps [thug](https://github.com/buffer/thug) from 4.9 to 6.10. - [Release notes](https://github.com/buffer/thug/releases) - [Commits](buffer/thug@v4.9...v6.10) --- updated-dependencies: - dependency-name: thug dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * reverting Thug and adding disclaimer * More logs + fix investigation status on job removal (#2653) * More logs + fix investigation status on job removal * Retry insert if path already exists * Fix datamodel generic job serializer (#2662) * fix job serializer data model generic * fix job serializer data model generic * Bump fangfrisch in /integrations/malware_tools_analyzers/requirements (#2660) Bumps [fangfrisch](https://github.com/rseichter/fangfrisch) from 1.6.0 to 1.9.0. - [Release notes](https://github.com/rseichter/fangfrisch/releases) - [Changelog](https://github.com/rseichter/fangfrisch/blob/master/CHANGELOG.rst) - [Commits](rseichter/fangfrisch@1.6.0...1.9.0) --- updated-dependencies: - dependency-name: fangfrisch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/upload-artifact from 4.3.1 to 4.5.0 (#2651) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5d5d22a...6f51ac0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump elasticsearch-dsl from 8.15.0 to 8.17.0 in /requirements (#2646) Bumps [elasticsearch-dsl](https://github.com/elasticsearch/elasticsearch-dsl-py) from 8.15.0 to 8.17.0. - [Release notes](https://github.com/elasticsearch/elasticsearch-dsl-py/releases) - [Changelog](https://github.com/elastic/elasticsearch-dsl-py/blob/main/Changelog.rst) - [Commits](elastic/elasticsearch-dsl-py@v8.15.0...v8.17.0) --- updated-dependencies: - dependency-name: elasticsearch-dsl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github/codeql-action from 2.22.11 to 3.28.0 (#2645) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.11 to 3.28.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v2.22.11...v3.28.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump gunicorn in /integrations/malware_tools_analyzers/requirements (#2638) Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 22.0.0 to 23.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@22.0.0...23.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump gunicorn from 22.0.0 to 23.0.0 in /integrations/tor_analyzers (#2637) Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 22.0.0 to 23.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@22.0.0...23.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump gunicorn from 22.0.0 to 23.0.0 in /integrations/pcap_analyzers (#2633) Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 22.0.0 to 23.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@22.0.0...23.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-python from 5.1.0 to 5.3.0 (#2632) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.1.0...v5.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * bump and changelog --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Cristina Ascari <95929371+cristinaascari@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Simone Berni <simone.berni2@studio.unibo.it>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jan 2, 2025

mlodic merged commit 89dc8ac into develop Jan 7, 2025
11 checks passed

dependabot bot deleted the dependabot/github_actions/develop/actions/upload-artifact-4.5.0 branch January 7, 2025 13:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/upload-artifact from 4.3.1 to 4.5.0 #2651

Bump actions/upload-artifact from 4.3.1 to 4.5.0 #2651

dependabot bot commented on behalf of github Jan 2, 2025

Bump actions/upload-artifact from 4.3.1 to 4.5.0 #2651

Bump actions/upload-artifact from 4.3.1 to 4.5.0 #2651

Conversation

dependabot bot commented on behalf of github Jan 2, 2025

v4.5.0

What's Changed

New Contributors

v4.4.3

What's Changed

v4.4.2

What's Changed

v4.4.1

What's Changed

New Contributors

v4.4.0

Notice: Breaking Changes ⚠️

What's Changed