[main](gha): Bump the dependencies group with 3 updates (#3668)

dependabot[bot] · web-flow · commit 443d8f750bfc · 2025-12-20T08:16:00.000-08:00
Bumps the dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/cache](https://github.com/actions/cache) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/check-cves.yml b/.github/workflows/check-cves.yml
@@ -26,7 +26,7 @@ jobs:
       if: always()
 
     - name: Archive CVE scan results
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       if: always()
       with:
         name: cve-scan-results-${{ github.sha }}-${{ github.run_id }}-${{ github.run_number }}
diff --git a/.github/workflows/release-build-sign-upload.yml b/.github/workflows/release-build-sign-upload.yml
@@ -151,7 +151,7 @@ jobs:
         go env
 
     - name: Go Assets Cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: |
           ${{ steps.go-cache-paths.outputs.go-mod }}
@@ -169,7 +169,7 @@ jobs:
         make out/cf-cli_linux_arm64
 
     - name: Store Linux Binaries
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: cf-cli-linux-binaries
@@ -274,7 +274,7 @@ jobs:
       working-directory: signed-redhat-installer
 
     - name: Store Signed Linux RPM Packages
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: cf-cli-linux-rpm-packages
@@ -375,7 +375,7 @@ jobs:
       working-directory: packaged-deb
 
     - name: Store Debian Packages
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: cf-cli-linux-deb-packages
@@ -428,7 +428,7 @@ jobs:
         cat "$(brew --repository)/Library/Taps/pivotalsoftware/homebrew-gon/gon.rb" > .github/brew-formulae
 
     - name: Configure Homebrew cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: |
           ~/Library/Caches/Homebrew/gon--*
@@ -448,7 +448,7 @@ jobs:
         go env
 
     - name: Go Assets Cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: |
           ${{ steps.go-cache-paths.outputs.go-mod }}
@@ -465,7 +465,7 @@ jobs:
         make out/cf-cli_macosarm
 
     - name: Store macOS Binaries
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: cf-cli-macos-binaries
@@ -605,7 +605,7 @@ jobs:
           "signed-macos-installer/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_macosarm.pkg"
 
     - name: Store macOS Signed Packages
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: cf-cli-macos-packages
@@ -691,7 +691,7 @@ jobs:
           New-Item -ItemType SymbolicLink -Target .\out\cf-cli_winx64.exe -Path .\out\cf-cli_winx64-link.exe
 
       - name: Save signed binaries as a GitHub Action Artifact
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: cf-cli-windows-binaries
           if-no-files-found: error
@@ -736,7 +736,7 @@ jobs:
           Get-ChildItem "${env:RUNNER_TEMP}"
 
       - name: Save installer and dist files as a GitHub Action Artifact
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: cf-cli-windows-packages
           if-no-files-found: error
@@ -771,7 +771,7 @@ jobs:
       uses: actions/checkout@v6
 
     - name: Download signed artifacts
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         path: signed # download all artifacts to 'signed/'
 
@@ -857,7 +857,7 @@ jobs:
           signed/winx64/*zip
 
     - name: Store Artifacts
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: final-artifacts
@@ -894,7 +894,7 @@ jobs:
     steps:
 
     - name: Download Signed Linux Packages
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         name: cf-cli-linux-rpm-packages
 
@@ -921,7 +921,7 @@ jobs:
     steps:
 
     - name: Download Signed Linux Packages
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         name: cf-cli-linux-deb-packages
 
@@ -949,7 +949,7 @@ jobs:
     steps:
 
     - name: Download Signed macOS Packages
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         name: cf-cli-macos-packages
 
@@ -973,7 +973,7 @@ jobs:
     steps:
 
     - name: Download Signed Windows Binaries
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         name: cf-cli-windows-binaries
 
@@ -983,7 +983,7 @@ jobs:
         Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\cf-cli_winx64.exe
 
     - name: Download Signed Windows Binaries
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         name: cf-cli-windows-packages
 
@@ -1013,7 +1013,7 @@ jobs:
     - s3-upload
     steps:
     - name: Download signed artifacts
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v7
       with:
         name: final-artifacts
         path: ${{ env.ARTIFACTS_DIR }}
diff --git a/.github/workflows/release-update-repos.yml b/.github/workflows/release-update-repos.yml
@@ -385,7 +385,7 @@ jobs:
     #     ls -R
     #
     # - name: Backup current Linux RPM repodata
-    #   uses: actions/upload-artifact@v5
+    #   uses: actions/upload-artifact@v6
     #   with:
     #     if-no-files-found: error
     #     name: cf-cli-linux-rpm-repodata-backup
@@ -432,7 +432,7 @@ jobs:
       run: ls -R
 
     - name: Store Linux RPM repodata
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v6
       with:
         if-no-files-found: error
         name: cf-cli-linux-rpm-repodata
