Bump actions/upload-artifact from 3 to 5

[dependabot]

Bumps actions/upload-artifact from 3 to 5.

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

New Contributors

• @​GhadimiR made their first contribution in actions/upload-artifact#681
• @​nebuk89 made their first contribution in actions/upload-artifact#712
• @​danwkennedy made their first contribution in actions/upload-artifact#727
• @​patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in actions/upload-artifact#685

New Contributors

• @​salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578

... (truncated)

Commits

• 330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
• 03f2824 Update github.dep.yml
• 905a1ec Prepare v5.0.0
• 2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
• 9687587 Merge branch 'main' into patch-1
• 2848b2c Merge pull request #727 from danwkennedy/patch-1
• 9b51177 Spell out the first use of GHES
• cd231ca Update GHES guidance to include reference to Node 20 version
• de65e23 Merge pull request #712 from actions/nebuk89-patch-1
• 8747d8c Update README.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[matter-code-review]

Important

PR Analysis Skipped

PR analysis skipped for dependabot PRs as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with MatterAI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3

[matter-code-review]

Summary By MatterAI

🔄 What Changed

Bumped actions/upload-artifact GitHub Action from versions v3 and v4 to v5 across four CI/CD workflow files. This ensures alignment with the latest stable release, improving reliability, security, and feature support.

🔍 Impact of the Change

• ✅ Security: Pulls in patched dependencies and removes known vulnerabilities present in older versions.
• 🚀 Performance: v5 includes optimized upload logic and better retry mechanisms.
• 🧩 Consistency: Standardizes artifact upload version across all workflows.
• ⚠️ Backward Compatibility: No breaking changes expected — v5 maintains interface compatibility.

📁 Total Files Changed

File	ChangeLog
Bump v3→v5 .github/workflows/automation-trigger-test.yml	Upgraded upload-artifact from v3 to v5 for test result publishing
Bump v3→v5 .github/workflows/integration-tests.yml	Updated artifact action version to v5 for integration test results
Bump v4→v5 .github/workflows/release.yml	Upgraded all four artifact uploads from v4 to v5 in release pipeline
Bump v4→v5 .github/workflows/verify.yml	Migrated artifact upload step from v4 to v5 for unit test results

🧪 Test Added/Recommended

Recommended

• Add version pinning audit step in CI to detect outdated actions automatically.
• Include changelog verification in dependency bump PRs to validate upgrade safety.

🔒 Security Vulnerabilities

No active vulnerabilities introduced. Upgrade mitigates known risks in earlier versions (e.g., improper path sanitization in v3).

⏳ Estimated code review effort

LOW (~7 minutes)

Tip

Quality Recommendations

1. Add automated dependency review step to detect outdated GitHub Actions

2. Pin exact action versions or use hash-based references for supply chain security

♫ Tanka Poem

Version climbs high,
V5 stands on v3's shoulders,
Faster, safer, strong.
CI flows smooth tonight,
Artifacts rise with pride. 🚀

Sequence Diagram

sequenceDiagram
    participant WF as Workflow
    participant GA as GitHub Action
    participant S as Storage

    Note over WF: Workflow Execution

    WF->>GA: [email protected](name='test-results')
    GA->>S: Upload file bundle (path: output.txt)
    S-->>GA: Confirmation (artifact stored)
    GA-->>WF: Success signal

    Note over WF: Artifact retention applied per workflow settings

Loading

[matter-code-review]

Important

PR Review Skipped

PR review skipped as per the configuration setting. Run a manually review by commenting /matter review

💡Tips to use MatterAI

Command List

• /matter summary: Generate AI Summary for the PR
• /matter review: Generate AI Reviews for the latest commit in the PR
• /matter review-full: Generate AI Reviews for the complete PR
• /matter release-notes: Generate AI release-notes for the PR
• /matter : Chat with your PR with MatterAI Agent
• /matter remember : Generate AI memories for the PR
• /matter explain: Get an explanation of the PR
• /matter help: Show the list of available commands and documentation
• Need help? Join our Discord server: https://discord.gg/fJU5DvanU3