ci(deps): bump actions/upload-pages-artifact from 3 to 4

[dependabot]

Bumps actions/upload-pages-artifact from 3 to 4.

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

• Potentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by @​tsusdere in actions/upload-pages-artifact#102 If you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation
• Pin actions/upload-artifact to SHA by @​heavymachinery in actions/upload-pages-artifact#127

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

• Group tar's output to prevent it from messing up action logs @​SilverRainZ (#94)
• Update README.md @​uiolee (#88)
• Bump the non-breaking-changes group with 1 update @​dependabot (#92)
• Update Dependabot config to group non-breaking changes @​JamesMGreene (#91)
• Bump actions/checkout from 3 to 4 @​dependabot (#76)

See details of all code changes since previous release.

Commits

• 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
• 4cc19c7 Pin actions/upload-artifact to SHA
• 2d163be Merge pull request #107 from KittyChiu/main
• c704843 fix: linted README
• 9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
• e59cdfe Update README.md
• a2d6704 doc: updated usage section in readme
• 984864e Merge pull request #105 from actions/Jcambass-patch-1
• 45dc788 Add workflow file for publishing releases to immutable action package
• efaad07 Merge pull request #102 from actions/hidden-files
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Labels

The following labels could not be found: automated, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
supercompute-me	Ready	Preview	Comment	Sep 15, 2025 5:19am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ PR description is missing required sections:

• Description

• Type of Change

• Testing

• Checklist

Please update your PR description using the template.

[SomeRandmGuyy]

@greptileai please review this and provide suggested actions for @copilot to take action on

[Copilot]

@SomeRandmGuyy I've opened a new pull request, #15, to work on those changes. Once the pull request is ready, I'll request review from you.

[greptile-apps]

Looking at this dependency update, this is a straightforward and generally safe upgrade with one important consideration.

Review Summary

Change: Bumping actions/upload-pages-artifact from v3 to v4 in the documentation workflow.

Key Changes in v4:

• Breaking change: Hidden files (dotfiles) are now excluded from artifacts by default
• Security improvement: Pinned actions/upload-artifact to SHA for better supply chain security

Assessment

✅ Safe to merge - This is a maintenance update that improves security
⚠️ Potential impact: Check if your documentation build relies on dotfiles

Suggested Actions for @copilot

1. Verify dotfiles dependency:

   # Check if docs-dist contains any dotfiles that need to be included
   find ./docs-dist -name ".*" -type f

2. Test the documentation build:

   • Run the documentation workflow in a test environment
   • Verify the generated Pages site works correctly
   • Confirm all expected files are present in the artifact

3. If dotfiles are needed, consider one of these approaches:

   • Create a custom artifact following GitHub's artifact validation requirements
   • Move essential dotfiles to non-hidden locations before upload
   • Use a pre-processing step to copy dotfiles with different names

4. Monitor deployment: After merging, verify the GitHub Pages deployment completes successfully

Recommendation

Approve and merge this PR - it's a security-focused maintenance update. The breaking change around dotfiles is unlikely to affect most documentation workflows, but should be monitored after deployment.