⬆️ (ci) [NO-ISSUE]: Bump the actions group across 1 directory with 7 updates

[dependabot]

Bumps the actions group with 7 updates in the / directory:

Package	From	To
actions/upload-artifact	6	7
actions/download-artifact	7	8
softprops/action-gh-release	2	3
android-actions/setup-android	3	4
toshimaru/auto-author-assign	3.0.1	3.0.2
dorny/paths-filter	3	4
sonarsource/sonarqube-scan-action	7	8

Updates actions/upload-artifact from 6 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• See full diff in compare view

Updates actions/download-artifact from 7 to 8

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Updates softprops/action-gh-release from 2 to 3

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

• fix issue with multiple runs concatenating release bodies #145

Commits

• b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
• c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
• See full diff in compare view

Updates android-actions/setup-android from 3 to 4

Release notes

Sourced from android-actions/setup-android's releases.

v4.0.0

Hello,

The long awaited update of setup-android.

• Migrate action to Node24 (by @​TWiStErRob)
• Add and default to cmdline-tools version 20.0 ( 14742923 )
• Update CI runners (by @​TWiStErRob)
• Update README.md (by @​vil02)
• Update npm dependencies to solve CVE's

Incrementing major version to safeguard incase node upgrade or default cmdline-tools upgrade breaks something downstream.

v3.2.2

Add support for cmdline-tools versions 12, 13, and 16 by @​warting in android-actions/setup-android#493 .

Updated npm dependencies

v3.2.1

Updated dependencies

v3.2.0

Implement 'packages' input argument, which allows choosing which packages to install from Android SDK

v3.1.0

Allow installing different Android SDK versions. Allow silent license agreement.

Commits

• 40fd30f Update setup-android version in README.md
• d4e21bf Update dependencies and rebuild
• b7f140e Bump actions/checkout from 5 to 6
• 651bceb Migrate from ncc to esbuild
• 144235e Update actions steps. checkout to v5, node to v6, java to v5, codeql to v4
• 200c644 Add cmdline-tools version 20.0 ( 14742923 )
• 715acc5 Remove @​actions/cache dependency
• 125835f Update (not all) deps, migrate eslint to new format. compile to es2024
• c4c8fe5 Encourage users to use latest version of actions/setup-java
• 6a40db5 Migrate from Node 20 to Node 24
• Additional commits viewable in compare view

Updates toshimaru/auto-author-assign from 3.0.1 to 3.0.2

Release notes

Sourced from toshimaru/auto-author-assign's releases.

v3.0.2

What's Changed

Dependencies

• build(deps-dev): bump @​rollup/plugin-commonjs from 29.0.0 to 29.0.2 by @​dependabot[bot] in toshimaru/auto-author-assign#154
• build(deps-dev): bump rollup from 4.54.0 to 4.60.0 by @​dependabot[bot] in toshimaru/auto-author-assign#155
• build(deps-dev): bump rollup from 4.60.0 to 4.60.1 by @​dependabot[bot] in toshimaru/auto-author-assign#159
• build(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in toshimaru/auto-author-assign#157
• build(deps-dev): bump rollup from 4.60.1 to 4.60.2 by @​dependabot[bot] in toshimaru/auto-author-assign#162
• build(deps): bump @​actions/core from 2.0.1 to 3.0.1 by @​dependabot[bot] in toshimaru/auto-author-assign#150
• build(deps): bump @​actions/github from 6.0.1 to 9.1.1 by @​dependabot[bot] in toshimaru/auto-author-assign#160
• build(deps): bump googleapis/release-please-action from 4 to 5 by @​dependabot[bot] in toshimaru/auto-author-assign#165

Others

• chore(main): release 3.0.2 by @​github-actions[bot] in toshimaru/auto-author-assign#164

Full Changelog: toshimaru/auto-author-assign@v3.0.1...v3.0.2

Changelog

Sourced from toshimaru/auto-author-assign's changelog.

3.0.2 (2026-04-27)

Miscellaneous Chores

• release 3.0.2 (658b95b)
• release 3.0.2 (ca59fc3)

Commits

• bdd7688 chore(main): release 3.0.2 (#164)
• 658b95b chore: release 3.0.2
• c14bd3b build(deps): bump googleapis/release-please-action from 4 to 5 (#165)
• ca59fc3 chore: release 3.0.2
• 725d1cb build(deps): bump @​actions/github from 6.0.1 to 9.1.1 (#160)
• 88a48cc build(deps): bump @​actions/core from 2.0.1 to 3.0.1 (#150)
• 6a5f2a2 build(deps-dev): bump rollup from 4.60.1 to 4.60.2 (#162)
• 7dbebfb build(deps): bump picomatch from 4.0.3 to 4.0.4 (#157)
• 4958889 build(deps-dev): bump rollup from 4.60.0 to 4.60.1 (#159)
• 40b6455 build(deps-dev): bump rollup from 4.54.0 to 4.60.0 (#155)
• Additional commits viewable in compare view

Updates dorny/paths-filter from 3 to 4

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.0

What's Changed

• feat: update action runtime to node24 by @​saschabratton in dorny/paths-filter#294

New Contributors

• @​saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

• Add missing predicate-quantifier by @​wardpeet in dorny/paths-filter#279

New Contributors

• @​wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

v3.0.2

What's Changed

• feat: add config parameter for predicate quantifier by @​petermetz in dorny/paths-filter#224

New Contributors

• @​petermetz made their first contribution in dorny/paths-filter#224

Full Changelog: dorny/paths-filter@v3...v3.0.2

v3.0.1

What's Changed

• Compare base and ref when token is empty by @​frouioui in dorny/paths-filter#133

New Contributors

• @​frouioui made their first contribution in dorny/paths-filter#133

Full Changelog: dorny/paths-filter@v3...v3.0.1

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• fbd0ab8 feat: add merge_group event support
• efb1da7 feat: add dist/ freshness check to PR workflow
• d8f7b06 Merge pull request #302 from dorny/issue-299
• addbc14 Update README for v4
• 9d7afb8 Update CHANGELOG for v4.0.0
• 782470c Merge branch 'releases/v3'
• ce10459 Merge pull request #294 from saschabratton/master
• 5f40380 feat: update action runtime to node24
• See full diff in compare view

Updates sonarsource/sonarqube-scan-action from 7 to 8

Release notes

Sourced from sonarsource/sonarqube-scan-action's releases.

v8.0.0

What's Changed

Breaking change

• SQSCANGHA-145 Set skipSignatureVerification default value to false by @​antoine-vinot-sonarsource in SonarSource/sonarqube-scan-action#241

Full Changelog: SonarSource/sonarqube-scan-action@v7...v8.0.0

v7.2.1

What's Changed

• SQSCANGHA-140 Set skipSignatureVerification default value to true to avoid breaking change by @​gmmcal in SonarSource/sonarqube-scan-action#240

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.2.1

v7.2.0

What's Changed

• SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide by @​claire-villard-sonarsource in SonarSource/sonarqube-scan-action#226
• SC-45750 Migrate to dateless license headers by @​claire-villard-sonarsource in SonarSource/sonarqube-scan-action#229
• SQSCANGHA-134 Upgrade the libraries to latest version by @​claire-villard-sonarsource in SonarSource/sonarqube-scan-action#227
• SQSCANGHA-138 Update dist and add ci test by @​antoine-vinot-sonarsource in SonarSource/sonarqube-scan-action#233
• SQSCANGHA-140 Add OpenPGP signature verification for scanner downloads by @​claire-villard-sonarsource in SonarSource/sonarqube-scan-action#235

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.2.0

v7.1.0

What's Changed

• SQSCANGHA-128 NO-JIRA Bump actions/cache from 4 to 5 by @​dependabot[bot] in SonarSource/sonarqube-scan-action#219
• SQSCANGHA-130 Bump rollup from 4.50.1 to 4.59.0 by @​dependabot[bot] in SonarSource/sonarqube-scan-action#221
• SQSCANGHA-131 Bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in SonarSource/sonarqube-scan-action#223
• SQSCANGHA-132 Upgrade Node to 24 by @​claire-villard-sonarsource in SonarSource/sonarqube-scan-action#224

Full Changelog: SonarSource/sonarqube-scan-action@v7...v7.1.0

Commits

• 7006c44 Update SonarScanner CLI to 8.1.0.6389
• edd319f NO-JIRA Bump actions/setup-node from 6.3.0 to 6.4.0 (#234)
• e050aa9 NO-JIRA Bump actions/cache from 5.0.4 to 5.0.5 (#231)
• 6cd3d8f NO-JIRA Bump madhead/semver-utils from 4.3.0 to 5.0.0
• 5656853 SQSCANGHA-146 Add proxy support for GPG keyserver access (#244)
• c444753 SQSCANGHA-140 Add the missing requirements in README.md (#243)
• 59db25f SQSCANGHA-145 Set skipSignatureVerification default value to false (#241)
• ca30b65 SQSCANGHA-143 SubmitReview: Use Vault token (#238)
• See full diff in compare view

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
device-sdk-ts-sample	Ready	Preview, Comment	May 27, 2026 2:07pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
doc-device-management-kit	Ignored		May 27, 2026 2:07pm

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud