Thanks to visit codestin.com
Credit goes to github.com

Skip to content

build(deps): Bump actions/upload-pages-artifact from 3 to 5#9

Merged
twschiller merged 1 commit into
mainfrom
dependabot/github_actions/actions/upload-pages-artifact-5
May 30, 2026
Merged

build(deps): Bump actions/upload-pages-artifact from 3 to 5#9
twschiller merged 1 commit into
mainfrom
dependabot/github_actions/actions/upload-pages-artifact-5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 30, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/upload-pages-artifact from 3 to 5.

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

See details of all code changes since previous release.

v4.0.0

What's Changed

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

See details of all code changes since previous release.

Commits
  • fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
  • fe9d4b7 Merge branch 'main' into patch-1
  • 0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
  • 57f0e84 Update action.yml
  • 4a90348 v7 --> hash
  • 56f665a Update upload-artifact action to version 7
  • f7615f5 Add include-hidden-files input
  • 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
  • 4cc19c7 Pin actions/upload-artifact to SHA
  • 2d163be Merge pull request #107 from KittyChiu/main
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 5.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@v3...v5)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 30, 2026
@vercel

vercel Bot commented May 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agent-browser-shield-demo-site Ready Ready Preview, Comment May 30, 2026 12:49pm

Request Review

@twschiller twschiller merged commit 523e5ed into main May 30, 2026
7 checks passed
@twschiller twschiller deleted the dependabot/github_actions/actions/upload-pages-artifact-5 branch May 30, 2026 12:50
twschiller added a commit that referenced this pull request Jun 7, 2026
…igin_as_fallback

srcdoc inherits the embedding origin so isn't the Roesner SOP-bypass
threat, and the manifest's `match_origin_as_fallback: true` setting
means every rule already runs inside the srcdoc frame on its own.
Redacting the whole iframe from the parent treats authored-by-the-page
content as if it were untrusted cross-context.

Keeps the object/embed extension (item #9) — those carry the same
SOP-bypass shape as a cross-origin iframe when their data/src loads a
cross-origin resource.

Reverts the popup label rename back to "Hide Cross-Origin Frames
(Experimental)" since srcdoc is no longer covered.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant