chore(deps): update actions/upload-artifact action to v5 in .github/workflows/scorecard.yml (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
actions/upload-artifact	action	major	v4 → v5

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v5.0.0

Compare Source

v5

Compare Source

v4.6.2

Compare Source

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in #​685

New Contributors

• @​salmanmkc made their first contribution in #​685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

Compare Source

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in #​673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in #​662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in #​578
• Add new artifact-digest output by @​bdehamer in #​656

New Contributors

• @​hamirmahal made their first contribution in #​578
• @​bdehamer made their first contribution in #​656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

Compare Source

What's Changed

• Undo indirect dependency updates from #​627 by @​joshmgross in #​632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

Compare Source

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in #​627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

Compare Source

What's Changed

• Add a section about hidden files by @​joshmgross in #​607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in #​625

New Contributors

• @​Jcambass made their first contribution in #​621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Compare Source

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

What's Changed

• Exclude hidden files by default by @​joshmgross in #​598

Full Changelog: actions/upload-artifact@v4.3.6...v4.4.0

v4.3.6

Compare Source

What's Changed

• Revert to @​actions/artifact 2.1.8 by @​robherley in #​594

Full Changelog: actions/upload-artifact@v4...v4.3.6

v4.3.5

Compare Source

What's Changed

• Bump @​actions/artifact to v2.1.9 by @​robherley in #​588
  • Fixed artifact upload chunk timeout logic #​1774
  • Use lazy stream to prevent issues with open file limits #​1771

Full Changelog: actions/upload-artifact@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in #​584

Full Changelog: actions/upload-artifact@v4.3.3...v4.3.4

v4.3.3

Compare Source

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in #​565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in #​516
• Minor fix to the migration readme by @​andrewakim in #​523
• Update readme with v3/v2/v1 deprecation notice by @​robherley in #​561
• updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @​eggyhead in #​562

New Contributors

• @​andrewakim made their first contribution in #​523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

v4.3.1

Compare Source

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

Compare Source

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in #​504
• Add sub-action to merge artifacts by @​robherley in #​505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Ability to overwrite an Artifact by @​robherley in #​501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

• Add migrations docs by @​robherley in #​482
• Update README.md by @​samuelwine in #​492
• Support artifact-url output by @​konradpabjan in #​496
• Update readme to reflect new 500 artifact per job limit by @​robherley in #​497

New Contributors

• @​samuelwine made their first contribution in #​492

Full Changelog: actions/upload-artifact@v4...v4.1.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

OpenSSF Scorecard — 8.3/10 ✅

Check	Score	Details
Binary-Artifacts	10/10	no binaries found in the repo
CI-Tests	10/10	24 out of 24 merged PRs checked by a CI test -- score normalized to 10
Code-Review	0/10	Found 0/29 approved changesets -- score normalized to 0
Dangerous-Workflow	10/10	no dangerous workflow patterns detected
License	10/10	license file detected
Pinned-Dependencies	6/10	dependency not pinned by hash detected -- score normalized to 6
Security-Policy	10/10	security policy file detected
Token-Permissions	10/10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	10/10	0 existing vulnerabilities detected

Threshold: 7 | Full report