Skip to content

Bump actions/upload-pages-artifact from 3.0.1 to 5.0.0#102

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions/upload-pages-artifact-5.0.0
Open

Bump actions/upload-pages-artifact from 3.0.1 to 5.0.0#102
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions/upload-pages-artifact-5.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps actions/upload-pages-artifact from 3.0.1 to 5.0.0.

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

See details of all code changes since previous release.

v4.0.0

What's Changed

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

Commits
  • fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
  • fe9d4b7 Merge branch 'main' into patch-1
  • 0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
  • 57f0e84 Update action.yml
  • 4a90348 v7 --> hash
  • 56f665a Update upload-artifact action to version 7
  • f7615f5 Add include-hidden-files input
  • 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
  • 4cc19c7 Pin actions/upload-artifact to SHA
  • 2d163be Merge pull request #107 from KittyChiu/main
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3.0.1 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@56afc60...fc324d3)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 30, 2026
@dependabot dependabot Bot requested review from a team and floranpagliai as code owners June 30, 2026 13:47
@dependabot dependabot Bot requested review from EtienneDh and removed request for a team June 30, 2026 13:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 30, 2026

@codenudge codenudge Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR updates the actions/upload-pages-artifact GitHub Action in the Jekyll deployment workflow from v3.0.1 to v5.0.0, pinned to a specific commit hash.

Changes

  • actions/upload-pages-artifact bumped from v3.0.1 (56afc609) to v5.0.0 (fc324d3547) in the deploy job of jekyll.yml

Impact

  • The deployment pipeline's artifact upload step is updated to a new major version
  • The companion actions/deploy-pages action (which consumes the artifact produced by upload-pages-artifact) remains at v4.0.5 and is not updated alongside this change


- name: Upload artifact
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bug (high): The actions/upload-pages-artifact action is being bumped from v3.0.1 to v5.0.0 (skipping v4 entirely), while the companion actions/deploy-pages action remains at v4.0.5. These two actions are tightly coupled — upload-pages-artifact produces an artifact in a specific format that deploy-pages must be able to consume.

A two-major-version jump in upload-pages-artifact without a corresponding update to deploy-pages is a concrete compatibility risk. If the artifact schema or naming convention changed between v3 and v5, the deploy-pages@v4 step will fail to locate or process the artifact, breaking the entire deployment pipeline.

The fix is to also update actions/deploy-pages to its latest version (v5.x) to match:

-   name: Deploy to GitHub Pages
    id: deployment
    uses: actions/deploy-pages@LATEST_V5_COMMIT_HASH # v5.x.x

Both actions should be kept in sync at compatible major versions.

Help us improve our suggestions - react with 👍 if it was helpful, 👎 if it needs work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants