Skip to content

chore(deps): bump actions/upload-artifact from 4 to 7#16

Open
dependabot[bot] wants to merge 2793 commits intodevelopfrom
dependabot/github_actions/actions/upload-artifact-7
Open

chore(deps): bump actions/upload-artifact from 4 to 7#16
dependabot[bot] wants to merge 2793 commits intodevelopfrom
dependabot/github_actions/actions/upload-artifact-7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 18, 2026

Bumps actions/upload-artifact from 4 to 7.

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

liuxiaopai-ai and others added 30 commits March 5, 2026 11:56
@liuxiaopai-ai
Feishu: normalize group slash command probing
174eeea 
- Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands are recognized in group routing.\n- Source PR: #36011\n- Contributor: @liuxiaopai-ai\n\nCo-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>\nCo-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
@maweibin @gumadeiras
add prependSystemContext and appendSystemContext to before_prompt_bui…
09c68f8 
…ld (fixes #35131) (#35177)

Merged via squash.

Prepared head SHA: d9a2869ad69db9449336a2e2846bd9de0e647ac6
Co-authored-by: maweibin <18023423+maweibin@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
@Takhoffman
fix(feishu): avoid media regressions from global HTTP timeout (#36500)
bc66a8f 
* fix(feishu): avoid media regressions from global http timeout

* fix(feishu): source HTTP timeout from config

* fix(feishu): apply media timeout override to image uploads

* fix(feishu): invalidate cached client when timeout changes

* fix(feishu): clamp timeout values and cover image download
@joshavant
Gateway: add SecretRef support for gateway.auth.token with auth-mode …
72cf925 
…guardrails (#35094)
@RealKai42 @jalehman
fix(embedded): classify model_context_window_exceeded as context over…
60a6d11 
…flow, trigger compaction (#35934)

Merged via squash.

Prepared head SHA: 20fa77289c80b2807a6779a3df70440242bc18ca
Co-authored-by: RealKai42 <44634134+RealKai42@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
@Sid-Qin @jalehman
fix(agents): skip compaction API call when session has no real messag…
6c03761 
…es (#36451)

Merged via squash.

Prepared head SHA: 52dd6317895c7bd10855d2bd7dbbfc2f5279b68e
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
@BinHPdev @Takhoffman
fix(ui): catch marked.js parse errors to prevent Control UI crash (#3…
edc386e 
…6445)

- Prevent Control UI session render crashes when `marked.parse()` encounters pathological recursive markdown by safely falling back to escaped `<pre>` output.
- Tighten markdown fallback regression coverage and keep changelog attribution in sync for this crash-hardening path.

Co-authored-by: Bin Deng <dengbin@romangic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
@byungsker @jalehman
fix(session): archive old transcript on daily/scheduled reset to prev…
709dc67 
…ent orphaned files (#35493)

Merged via squash.

Prepared head SHA: 0d95549d752adecfc0b08d5cd55a8b8c75e264fe
Co-authored-by: byungsker <72309817+byungsker@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
@Sid-Qin @jalehman
fix(agents): set preserveSignatures to isAnthropic in resolveTranscri…
591264e 
…ptPolicy (#32813)

Merged via squash.

Prepared head SHA: f522d21ca59a42abac554435a0aa646f6a34698d
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
@stakeswky @altaywtf
fix: avoid false global rate-limit classification from generic cooldo…
8ac7ce7 
…wn text (#32972)

Merged via squash.

Prepared head SHA: 813c16f5afce415da130a917d9ce9f968912b477
Co-authored-by: stakeswky <64798754+stakeswky@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
@altaywtf
refactor(agents): share failover HTTP status classification (#36615)
f014e25 
* fix(agents): classify transient failover statuses consistently

* fix(agents): preserve legacy failover status mapping
@jnMetaCode @altaywtf
fix(failover): narrow service-unavailable to require overload indicat…
029c473 
…or (#32828) (#36646)

Merged via squash.

Prepared head SHA: 46fb4306127972d7635f371fd9029fbb9baff236
Co-authored-by: jnMetaCode <12096460+jnMetaCode@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
@rodrigouroz @jalehman
Compaction/Safeguard: add summary quality audit retries (#25556)
036c329 
Merged via squash.

Prepared head SHA: be473efd1635616ebbae6e649d542ed50b4a827f
Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: jalehman <550978+jalehman@users.noreply.github.com>
Reviewed-by: @jalehman
@altaywtf
test(agents): add provider-backed failover regressions (#36735)
6859619 
* test(agents): add provider-backed failover fixtures

* test(agents): cover more provider error docs

* test(agents): tighten provider doc fixtures
@vincentkoc
Docs: add Slack typing reaction fallback
837b7b4
@vincentkoc
Docs: update gateway config reference for Slack and TTS
1d3962a
@vincentkoc
Docs: clarify OpenAI-compatible TTS endpoints
6b2c115
@vincentkoc
Docs: document Control UI locale support
2b45eb0
@vincentkoc
Docs: cover heartbeat, cron, and plugin route updates
98aecab
@vincentkoc
fix(ui): bump dompurify to 3.3.2 (#36781)
999b7e4 
* UI: bump dompurify to 3.3.2

* Deps: refresh dompurify lockfile
@vincentkoc
UI: hoist lifecycle connect test mocks (#36788)
0c08e3f
@altaywtf
fix(agents): classify insufficient_quota 400s as billing (#36783)
49acb07
@jriff @altaywtf
feat: append UTC time alongside local time in shared Current time lin…
aad372e 
…es (#32423)

Merged via squash.

Prepared head SHA: 9e8ec13933b5317e7cff3f0bc048de515826c31a
Co-authored-by: jriff <50276+jriff@users.noreply.github.com>
Co-authored-by: altaywtf <9790196+altaywtf@users.noreply.github.com>
Reviewed-by: @altaywtf
@Sid-Qin @Naylenv
@Octane0411 @Takhoffman
fix(auth): grant senderIsOwner for internal channels with operator.ad…
60d3363 
…min scope (openclaw#35704)

Verified:
- pnpm install --frozen-lockfile
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Naylenv <45486779+Naylenv@users.noreply.github.com>
Co-authored-by: Octane0411 <88922959+Octane0411@users.noreply.github.com>
Co-authored-by: Sid-Qin <201593046+Sid-Qin@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
@powermaster888 @Takhoffman
fix(config): prevent RangeError in merged schema cache key generation
a0b731e 
Fix merged schema cache key generation for high-cardinality plugin/channel metadata by hashing incrementally instead of serializing one large aggregate string.

Includes changelog entry for the user-visible regression fix.

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Bill <gsamzn@gmail.com>
@2233admin @claude @Takhoffman
fix(slack): propagate mediaLocalRoots through Slack send path
7830366 
Restore Slack local file upload parity with CVE-era local media allowlist enforcement by threading `mediaLocalRoots` through the Slack send call chain.

- pass `ctx.mediaLocalRoots` from Slack channel action adapter into `handleSlackAction`
- add and forward `mediaLocalRoots` in Slack action context/send path
- pass `mediaLocalRoots` into `sendMessageSlack` for upload allowlist enforcement
- add changelog entry with attribution for this behavior fix

Co-authored-by: 2233admin <1497479966@qq.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
@littleben @penggaolai @Takhoffman
fix(slack): preserve dedupe while recovering dropped app_mention (#34…
b9a20dc 
…937)

This PR fixes Slack mention loss without reintroducing duplicate dispatches.

- Preserve seen-message dedupe at ingress to prevent duplicate processing.
- Allow a one-time app_mention retry only when the paired message event was previously dropped before dispatch.
- Add targeted race tests for both recovery and duplicate-prevention paths.

Co-authored-by: littleben <1573829+littleben@users.noreply.github.com>
Co-authored-by: OpenClaw Agent <agent@openclaw.ai>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
@joshavant
README: add algal to contributors list (#2046)
97ea9df
@dutifulbob @osolmaz
fix: decouple Discord inbound worker timeout from listener timeout (#…
063e493 
…36602) (thanks @dutifulbob) (#36602)

Co-authored-by: Onur Solmaz <2453968+osolmaz@users.noreply.github.com>
@gumadeiras
plugins: enforce prompt hook policy with runtime validation (#36567)
688b72e 
Merged via squash.

Prepared head SHA: 6b9d883b6ae33628235fb02ce39c0d0f46a065bb
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Co-authored-by: gumadeiras <5599352+gumadeiras@users.noreply.github.com>
Reviewed-by: @gumadeiras
TomLeeLive and others added 25 commits March 16, 2026 09:10
@TomLeeLive
feat(memory): add passive memory auto-extraction
0098601 
- New passive-memory.ts module: every 5 turns, background LLM call
  extracts important conversation details to memory/passive-YYYY-MM.md
- Uses local Ollama (llama3.2:3b) for cost-free extraction
- Integrates at agent_end in attempt.ts (fire-and-forget)
- Monthly passive memory files, auto-detected by existing MemoryFileWatcher
- Add .memory-index/ and *.memory-vec.db to .gitignore
- Coexists with explicit memory_search/memory_write tools
@TomLeeLive
fix: strict type check for text content extraction
1c5a326
@TomLeeLive
feat(dag): gate DAG store behind memorySearch provider config
17a1ea2 
DAG only activates when memorySearch.provider is set (not 'none').
Same gating logic as passive memory — no point storing if search
is unavailable.
@TomLeeLive
chore: bump to v2026.3.18 (DAG lossless memory)
98fb6b0
@TomLeeLive
docs: add DAG lossless store & 3-tier memory guide to memory.md
c9b6c5d
@TomLeeLive
feat(memory): integrate DAG FTS5 search into memory_search pipeline
50b2c26 
- dag-search-wrapper.ts: wraps MemorySearchManager to merge DAG results
- search-manager.ts: auto-wraps all managers with DAG search
- DAG results appear alongside vector/file results in memory_search
- Parallel execution: inner search + DAG FTS5 run concurrently
- Deduplication: skip DAG results that overlap with inner results
- Non-fatal: DAG search failure doesn't break memory_search
@TomLeeLive
fix: remove unused defaultAgentId variable
7b0c963
@TomLeeLive
feat(memory): inline DAG FTS5 search in memory_search tool
adc72dd 
Bypasses MemorySearchManager cache — DAG results are now fetched
directly in the memory_search tool execute() and merged with
standard vector/file results. Runs in parallel via Promise.all().
@TomLeeLive
chore: bump to v2026.3.19 (DAG FTS5 pipeline complete)
5a48e24
@TomLeeLive
fix(net): enable autoSelectFamily for pinned dispatcher (fixes Telegr…
76399ee 
…am media IPv6 timeout)
@TomLeeLive
chore: bump to v2026.3.20 (DAG FTS5 pipeline + IPv6 media fix)
618aa8b
@TomLeeLive
feat: add swarm CLI commands + config schema
2eb59ad 
- Add src/cli/swarm-cli.ts: init/status/sync subcommands
- Register 'soulclaw swarm' in command-registry
- Add swarm config to AgentDefaultsSchema (dir, autoSync, syncIntervalMinutes)
- Wire swarm config from params.config into inline-sync hook
- soulclaw swarm init [--remote <url>] [--dir <path>]
- soulclaw swarm status
- soulclaw swarm sync
@TomLeeLive
feat: add soulscan + persona CLI commands
9973f22 
- soulclaw soulscan [dir] [--json] [--min-score N]: scan soul files
- soulclaw persona check [--text]: run drift check against SOUL.md
- soulclaw persona metrics [-n N]: show drift history
- soulclaw persona rules [--json]: show parsed persona rules
- Register both in command-registry
@TomLeeLive
feat: swarm LLM merge/resolve + persona drift notifications & config
f2b93c0 
Swarm:
- swarm sync --llm-merge: LLM semantic conflict resolution
- swarm resolve [file] --llm|--ours|--theirs|--manual

Persona:
- drift-notifier.ts: gateway/Telegram drift alert notifications
- persona config --enable|--disable: opt-in drift detection
- personaDrift config schema in openclaw.json
- Default OFF, gated behind enabled flag
@TomLeeLive
docs: add CLI guide link to README
daffcaa
@TomLeeLive
docs: remove Android app link from README (private repo)
6e2de3f
@TomLeeLive
refactor: delegate SoulScan to clawsouls package
ff4637c 
- Remove src/soulscan/rules.ts (498 lines of security rules)
- Replace src/soulscan/engine.ts with thin wrapper that imports clawsouls scanner
- Falls back to basic structural checks when clawsouls is not installed
- Security rules now live exclusively in clawsouls package (not open source)
- Protects SoulScan Premium API business model
@TomLeeLive
docs: add OpenClaw → SoulClaw migration guide
fb94569
@TomLeeLive
bump: v2026.3.21
26fc60a
@TomLeeLive
fix: persona/soulscan/swarm CLI colorize + theme key bugs
dc41940
@TomLeeLive
docs: migration guide — require gateway install before start
78ff75b
@TomLeeLive
feat: wire SoulScan, Persona Engine, Swarm Memory into agent pipeline
2ee5445 
- Add src/soulscan/inline-scan.ts: rate-limited soul file integrity check (5min interval)
- Add src/persona/inline-drift.ts: periodic drift detection (keyword/Ollama fallback)
- Add src/swarm/inline-sync.ts: rate-limited memory sync to shared repo (10min interval)
- Wire all three as fire-and-forget hooks in attempt.ts after agent turns
- Fix lint: String(err) for template expressions, remove redundant union type
- All non-fatal: errors caught and logged, never block agent execution
@TomLeeLive
docs: note fork origin (OpenClaw v2026.3.1 main branch)
8288ba2
@TomLeeLive
docs: comprehensive README update — 3-Tier Memory, DAG FTS5, updated …
dec315b 
…roadmap and config
@dependabot
chore(deps): bump actions/upload-artifact from 4 to 7
4bdb7a8 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.