Bump actions/upload-artifact from 5 to 6

[dependabot]

Bumps actions/upload-artifact from 5 to 6.

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Resolves #745
Resolves #744
Resolves actions/upload-artifact#719
Resolves actions/upload-artifact#744
Resolves actions/upload-artifact#745

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the GitHub Actions upload-artifact action from v5 to v6 across multiple workflow files. This is a dependency update with no functional code changes.

---

Detailed Review

✅ Code Quality

• ✅ Code follows style guide: N/A - No application code changes, only GitHub Actions workflow configuration updates
• ✅ No commented-out code: None present
• ✅ Meaningful variable names: N/A - No new variables introduced
• ✅ DRY principle followed: The change is consistently applied across all workflow files
• ✅ Identify Defects: No bugs, logic errors, or security vulnerabilities introduced. This is a straightforward version bump of a trusted GitHub Actions action.
• ✅ Project memory configuration: No .claude/CLAUDE.md file exists in the repository

Feedback: The changes are clean and consistent. All 5 workflow files have been updated uniformly.

---

⚠️ Testing

• ⚠️ Unit tests for new functions: N/A - No new functions added
• ⚠️ Integration tests for new endpoints: N/A - No new endpoints
• ⚠️ Edge cases covered: N/A
• ⚠️ Test coverage > 80%: Cannot verify from diff alone

Feedback: While no new tests are needed for this change, the existing pytest workflows will validate that the new artifact upload action works correctly. Monitor the workflow runs after merge to ensure v6 works as expected.

---

⚠️ Documentation

• ⚠️ Readme updated if needed: Not required for internal dependency update
• ⚠️ API docs updated: N/A
• ⚠️ Inline comments for complex logic: N/A
• ❌ CHANGELOG.md updated: No CHANGELOG.md update detected in the diff
• ✅ Markdown formatting: N/A - No markdown files modified

Feedback:

• CHANGELOG.md (.github/workflows/build-distribution.yaml, pytest-darwin.yaml, pytest-linux.yaml, pytest-windows.yaml, publish-to-pypi.yaml): Consider adding an entry documenting the GitHub Actions dependency update, e.g., "Updated upload-artifact action from v5 to v6 in CI/CD workflows"

---

✅ Security

• ✅ No hardcoded credentials: None present
• ✅ Input validation implemented: N/A
• ✅ Proper error handling: N/A
• ✅ No sensitive data in logs: None detected
• ✅ No license files (.lic) or AQAAAD strings: None detected

Feedback: No security concerns. Using official GitHub Actions from the actions organization is a secure practice.

---

Files Modified

1. .github/workflows/build-distribution.yaml:46
2. .github/workflows/publish-to-pypi.yaml:44
3. .github/workflows/pytest-darwin.yaml:79
4. .github/workflows/pytest-linux.yaml:112
5. .github/workflows/pytest-windows.yaml:78

---

Recommendation

✅ APPROVE with minor suggestion

This is a clean dependency update. The only recommendation is to add a CHANGELOG.md entry to document this infrastructure change. The PR is otherwise ready to merge.

Action Items:

1. Optional: Add CHANGELOG.md entry: "Updated GitHub Actions upload-artifact from v5 to v6"
2. Monitor workflow runs post-merge to ensure v6 compatibility

---

Automated code review analyzing defects and coding standards

[github-actions]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
src/senzing_grpc
szabstractfactory.py
Project Total

This report was generated by python-coverage-comment-action

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the actions/upload-artifact GitHub Action from v5 to v6 across all workflow files. This is a dependency update with no functional code changes.

---

Code Quality

✅ Code follows style guide: The changes are workflow configuration updates only. YAML formatting is consistent with existing patterns.

✅ No commented-out code: No commented-out code present.

✅ Meaningful variable names: N/A - no new variables introduced.

✅ DRY principle followed: N/A - these are independent workflow files that appropriately reference the same action version.

✅ No defects identified: This is a straightforward dependency version bump. The v5 to v6 upgrade of actions/upload-artifact is backward compatible for the usage patterns in these files (basic artifact uploads with name and path parameters).

✅ Project memory compliance: No .claude/CLAUDE.md file found in repository to evaluate against.

---

Testing

⚠️ Unit tests for new functions: N/A - No new functions added. This is infrastructure configuration only.

⚠️ Integration tests for new endpoints: N/A - No new endpoints.

⚠️ Edge cases covered: N/A - Dependency update only.

⚠️ Test coverage > 80%: N/A - No code changes affecting coverage. The workflows themselves will test the artifact upload functionality when they run.

Note: The updated action will be tested implicitly when these workflows execute in CI/CD.

---

Documentation

✅ README updated if needed: No README update needed - this is an internal infrastructure change that doesn't affect user-facing functionality.

✅ API docs updated: N/A - No API changes.

✅ Inline comments for complex logic: N/A - Simple version number updates.

❌ CHANGELOG.md updated: No CHANGELOG.md update detected.

• File: CHANGELOG.md (if exists in project root)
• Recommendation: Add an entry documenting this dependency update, e.g., "Updated GitHub Actions workflow to use actions/upload-artifact@v6"

✅ Markdown formatting: N/A - No markdown files modified.

---

Security

✅ No hardcoded credentials: None present.

✅ Input validation implemented: N/A - Configuration only.

✅ Proper error handling: N/A - GitHub Actions handles errors for these action invocations.

✅ No sensitive data in logs: No sensitive data introduced.

✅ No license files (.lic) or AQAAAD strings: None detected in the diff.

---

Additional Observations

Files Changed (5 workflow files):

1. .github/workflows/build-distribution.yaml:46
2. .github/workflows/publish-to-pypi.yaml:44
3. .github/workflows/pytest-darwin.yaml:79
4. .github/workflows/pytest-linux.yaml:112
5. .github/workflows/pytest-windows.yaml:78

Migration Considerations

The upgrade from v5 to v6 of actions/upload-artifact introduces some breaking changes in the action itself (primarily around artifact immutability and naming), but the usage patterns in this codebase are compatible:

• ✅ Simple name/path configuration is maintained
• ✅ No advanced features that might be affected

---

Recommendation

APPROVE with minor suggestion: This is a clean dependency update. The only improvement would be to add a CHANGELOG.md entry documenting this infrastructure update for maintainability purposes.

Action Items:

• Add CHANGELOG.md entry (optional but recommended)

---

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Overview

This PR updates GitHub Actions actions/upload-artifact from v5 to v6 across multiple workflow files. This is a dependency version bump for the artifact upload action.

---

Review Checklist Results

Code Quality

✅ Code follows style guide

• The changes are minimal YAML updates to GitHub Actions workflows
• No code style violations detected
• Consistent formatting maintained across all workflow files

✅ No commented-out code

• No commented-out code found in the diff

✅ Meaningful variable names

• N/A - Only version number changes

✅ DRY principle followed

• The same version update is consistently applied across all workflows
• Pattern is repeated but appropriate for independent workflow files

✅ Identify Defects

• No bugs or logic errors introduced
• The artifact upload action maintains backward compatibility between v5 and v6
• No edge cases, race conditions, or security vulnerabilities introduced

✅ Project memory configuration

• No .claude/CLAUDE.md file detected in the repository

Testing

⚠️ Unit tests for new functions

• N/A - This is an infrastructure change, not functional code
• No new functions added

⚠️ Integration tests for new endpoints

• N/A - No new endpoints

⚠️ Edge cases covered

• N/A - GitHub Actions dependency update

⚠️ Test coverage > 80%

• N/A - No code changes affecting test coverage
• The workflows themselves will test this change when they run

Note: These testing items are not applicable to GitHub Actions workflow updates. The workflows will be tested automatically when they execute.

Documentation

✅ README updated if needed

• No README updates needed - this is an internal workflow dependency update

✅ API docs updated

• N/A - No API changes

✅ Inline comments for complex logic

• N/A - No complex logic added

❌ CHANGELOG.md updated

• File affected: CHANGELOG.md (not updated)
• Issue: The CHANGELOG.md should document this dependency update
• Recommendation: Add an entry like:

  ### Changed
  - Updated GitHub Actions `actions/upload-artifact` from v5 to v6 in CI workflows

✅ Markdown files follow CommonMark

• No markdown files modified in this PR

Security

✅ No hardcoded credentials

• No credentials present

✅ Input validation implemented

• N/A - No input handling added

✅ Proper error handling

• N/A - GitHub Actions handles errors from the upload-artifact action

✅ No sensitive data in logs

• No sensitive data introduced

✅ No license files (.lic) or AQAAAD strings

• No license files or suspicious strings detected

---

Summary

Overall Assessment: ✅ APPROVED with minor documentation suggestion

This is a clean, straightforward dependency update that:

• Updates actions/upload-artifact from v5 to v6 consistently across 5 workflow files
• Maintains compatibility and follows GitHub's recommended upgrade path
• Introduces no security concerns or code quality issues

Files Modified:

• .github/workflows/build-distribution.yaml:46
• .github/workflows/publish-to-pypi.yaml:44
• .github/workflows/pytest-darwin.yaml:79
• .github/workflows/pytest-linux.yaml:112
• .github/workflows/pytest-windows.yaml:78

Recommendation:
The only improvement would be to add a CHANGELOG.md entry documenting this infrastructure update for future reference, though this is a minor point for a dependency bump.

Automated code review analyzing defects and coding standards