Skip to content

chore(deps): bump uuid and @actions/artifact#339

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-6fc04581e5
Open

chore(deps): bump uuid and @actions/artifact#339
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-6fc04581e5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Copy link
Copy Markdown
Contributor

Removes uuid. It's no longer used after updating ancestor dependency @actions/artifact. These dependencies need to be updated together.

Removes uuid

Updates @actions/artifact from 4.0.0 to 6.2.1

Changelog

Sourced from @​actions/artifact's changelog.

6.2.1

  • Support the RFC 5987 filename* field in the content-disposition header. This allows us to correctly download files and artifacts with Chinese/Japanese/Korean (among other) characters in their name.

6.2.0

  • Support uploading single un-archived files (not zipped). Direct uploads are only supported for artifacts version 7+ (based on the major version of actions/upload-artifact). Callers must pass the skipArchive option to uploadArtifact. Only single files can be uploaded at a time right now. Default behavior should remain unchanged if skipArchive = false. When skipArchive = true, the name of the file is used as the name of the artifact for consistency with the downloads: you upload artifact.txt, you download artifact.txt.

6.1.0

  • Support downloading non-zip artifacts. Zipped artifacts will be decompressed automatically (with an optional override). Un-zipped artifacts will be downloaded as-is.

6.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()

5.0.3

  • Bump @actions/http-client to 3.0.2

5.0.1

  • Fix Node.js 24 punycode deprecation warning by updating @azure/storage-blob from ^12.15.0 to ^12.29.1 #2211
  • Removed direct @azure/core-http dependency (now uses @azure/core-rest-pipeline via storage-blob)

5.0.0

  • Dependency updates for Node.js 24 runtime support
  • Update @actions/core to v2
  • Update @actions/http-client to v3
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​actions/artifact since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 23, 2026
@psiinon

psiinon commented Apr 23, 2026

Copy link
Copy Markdown
Member

Logo
Checkmarx One – Scan Summary & Details6bb08918-3859-449b-8542-808b70cdfc74


Fixed Issues (6) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
CRITICAL CVE-2026-1525 Npm-undici-5.29.0
HIGH CVE-2026-1526 Npm-undici-5.29.0
HIGH CVE-2026-1528 Npm-undici-5.29.0
HIGH CVE-2026-22036 Npm-undici-5.29.0
HIGH CVE-2026-2229 Npm-undici-5.29.0
MEDIUM CVE-2026-1527 Npm-undici-5.29.0

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

@thc202

thc202 commented May 1, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6fc04581e5 branch from edc1498 to 8e69395 Compare May 1, 2026 08:21
Removes [uuid](https://github.com/uuidjs/uuid). It's no longer used after updating ancestor dependency [@actions/artifact](https://github.com/actions/toolkit/tree/HEAD/packages/artifact). These dependencies need to be updated together.


Removes `uuid`

Updates `@actions/artifact` from 4.0.0 to 6.2.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/artifact/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/artifact)

---
updated-dependencies:
- dependency-name: "@actions/artifact"
  dependency-version: 6.2.1
  dependency-type: direct:production
- dependency-name: uuid
  dependency-version: 
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-6fc04581e5 branch from 8e69395 to 5c4a413 Compare May 9, 2026 06:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Development

Successfully merging this pull request may close these issues.

2 participants