From 9e576dab5f98ca95f7efef135c0c126b0c24ff13 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 14 Jun 2026 16:28:35 +0000
Subject: [PATCH] Bump actions/upload-artifact from 4 to 7

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/security.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 68fd01a..80f7422 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -73,7 +73,7 @@ jobs:
       - name: Upload the SBOM artifact
         # TODO(supply-chain): pin to a commit SHA like the other actions here before this gate is
         # made blocking (kept on the @v4 tag for now to avoid a guessed SHA).
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: sbom-cyclonedx
           path: sbom.cdx.json