Bump actions/upload-artifact from 4 to 5

[dependabot]

Bumps actions/upload-artifact from 4 to 5.

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

New Contributors

• @​GhadimiR made their first contribution in actions/upload-artifact#681
• @​nebuk89 made their first contribution in actions/upload-artifact#712
• @​danwkennedy made their first contribution in actions/upload-artifact#727
• @​patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in actions/upload-artifact#685

New Contributors

• @​salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578

... (truncated)

Commits

• 330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
• 03f2824 Update github.dep.yml
• 905a1ec Prepare v5.0.0
• 2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
• 9687587 Merge branch 'main' into patch-1
• 2848b2c Merge pull request #727 from danwkennedy/patch-1
• 9b51177 Spell out the first use of GHES
• cd231ca Update GHES guidance to include reference to Node 20 version
• de65e23 Merge pull request #712 from actions/nebuk89-patch-1
• 8747d8c Update README.md
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

---

Resolves #734
Resolves #725
Resolves #727
Resolves #712
Resolves actions/upload-artifact#681
Resolves actions/upload-artifact#712
Resolves actions/upload-artifact#727
Resolves actions/upload-artifact#725
Resolves actions/upload-artifact#734
Resolves actions/upload-artifact#685
Resolves actions/upload-artifact#673
Resolves actions/upload-artifact#662
Resolves actions/upload-artifact#578
Resolves actions/upload-artifact#656

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
src/senzing_core
_helpers.py
Project Total

This report was generated by python-coverage-comment-action

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[docktermj]

Blocked by GDEV-4091

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🛡️ Bandit Scan Results Summary

We found 0 High, 0 Medium, and 0 Low severity issues.

Detailed Findings

---

Severity	Issue	File	Line	Confidence	More Info	Test ID

---

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

• Join our community on the Discord server.
• Share tips, get advice, and collaborate on security best practices.

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the actions/upload-artifact GitHub Action from v4 to v5 across multiple workflow files. This is a straightforward dependency update with no code logic changes.

---

Detailed Review

Code Quality

✅ Code follows style guide

• The changes are minimal YAML updates to workflow files
• Formatting and structure remain consistent across all modified files
• No style violations detected

✅ No commented-out code

• No commented code present in the diff

✅ Meaningful variable names

• N/A - No new variables introduced
• Existing artifact names (python-package-distributions, coverage-${{ matrix.python-version }}-${{ matrix.senzingsdk-version }}) are descriptive

✅ DRY principle followed

• N/A - These are configuration files with expected repetition across different workflows

✅ Identify Defects

• No bugs, logic errors, or security vulnerabilities introduced
• ⚠️ Minor consideration: The update from v4 to v5 should be verified for breaking changes. According to GitHub Actions documentation, upload-artifact@v5 has some behavioral changes:
  • Artifacts are immutable once uploaded
  • Different artifact names create separate artifacts (no longer merged)
  • This shouldn't cause issues here since each workflow uses unique names

Files affected:

• .github/workflows/build-distribution.yaml:46
• .github/workflows/publish-to-pypi.yaml:44
• .github/workflows/pytest-darwin.yaml:117
• .github/workflows/pytest-linux.yaml:136
• .github/workflows/pytest-windows.yaml:86

Testing

❌ Unit tests for new functions

• N/A - No new functions added (infrastructure change only)

❌ Integration tests for new endpoints

• N/A - No endpoints modified

❌ Edge cases covered

• N/A - Configuration change only

❌ Test coverage > 80%

• N/A - No code changes affecting test coverage
• 💡 Recommendation: The workflows themselves should be tested by observing successful runs after merge

Documentation

✅ Readme updated if needed

• No README update needed for GitHub Actions dependency updates

✅ API docs updated

• N/A - No API changes

✅ Inline comments for complex logic

• N/A - No complex logic added

⚠️ CHANGELOG.md updated

• Not visible in the diff whether CHANGELOG.md was updated
• Recommendation: Consider adding an entry like "Updated actions/upload-artifact from v4 to v5" if this project maintains a CHANGELOG for infrastructure changes

Security

✅ No hardcoded credentials

• No credentials present in the changes

✅ Input validation implemented

• N/A - No user input handling added

✅ Proper error handling

• N/A - GitHub Actions handles errors at the workflow level

✅ No sensitive data in logs

• No logging changes that could expose sensitive data

✅ No license files or AQAAAD strings

• No .lic files or suspicious strings detected in the diff

---

Verdict: ✅ APPROVED

This is a clean dependency update with no security concerns or code quality issues. The changes are consistent across all workflow files and maintain proper naming conventions.

Recommendations:

1. Test workflows: Ensure all workflows run successfully after merge to confirm v5 compatibility
2. CHANGELOG: Consider documenting this infrastructure update if the project tracks such changes
3. Monitor: Watch for any behavioral differences in artifact handling between v4 and v5

---

Automated code review analyzing defects and coding standards