chore(deps): update actions/upload-artifact action to v7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/upload-artifact	action	major	v6 → v7

---

Release Notes

actions/upload-artifact (actions/upload-artifact)

v7

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
⚠️ ACTION	actionlint	4		3	0	0.11s
✅ COPYPASTE	jscpd	yes		no	no	1.57s
✅ JAVASCRIPT	eslint	11		0	0	4.59s
✅ JSON	jsonlint	7		0	0	0.21s
✅ JSON	npm-package-json-lint	yes		no	no	0.49s
⚠️ JSON	prettier	7		1	0	0.45s
✅ JSON	v8r	7		0	0	12.0s
⚠️ MARKDOWN	markdownlint	6		17	0	1.09s
⚠️ MARKDOWN	markdown-table-formatter	6		1	0	0.26s
✅ REPOSITORY	checkov	yes		no	no	19.33s
✅ REPOSITORY	gitleaks	yes		no	no	0.76s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	grype	yes		1	no	42.76s
✅ REPOSITORY	secretlint	yes		no	no	0.93s
✅ REPOSITORY	syft	yes		no	no	2.09s
❌ REPOSITORY	trivy	yes		1	no	8.17s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.46s
✅ REPOSITORY	trufflehog	yes		no	no	3.85s
✅ SPELL	cspell	40		0	0	3.53s
⚠️ SPELL	lychee	23		2	0	0.61s
✅ TYPESCRIPT	eslint	1		0	0	1.76s
⚠️ TYPESCRIPT	prettier	1		1	0	0.47s
⚠️ TYPESCRIPT	ts-standard	1		1	0	0.52s
⚠️ YAML	prettier	8		1	3	0.51s
✅ YAML	v8r	8		0	0	6.6s
✅ YAML	yamllint	8		0	0	0.47s

Detailed Issues

❌ REPOSITORY / grype - 1 error

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME  INSTALLED  FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS          RISK   
tar   7.5.7      7.5.8     npm   GHSA-83g3-92jg-28cx  High      < 0.1% (2nd)  < 0.1
[0042] ERROR discovered vulnerabilities at or above the severity threshold

❌ REPOSITORY / trivy - 1 error

2026-02-26T20:59:18Z	INFO	[vulndb] Need to update DB
2026-02-26T20:59:18Z	INFO	[vulndb] Downloading vulnerability DB...
2026-02-26T20:59:18Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
24.00 MiB / 86.41 MiB [---------------->____________________________________________] 27.78% ? p/s ?66.69 MiB / 86.41 MiB [----------------------------------------------->_____________] 77.19% ? p/s ?86.41 MiB / 86.41 MiB [----------------------------------------------------------->] 100.00% ? p/s ?86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 103.94 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 103.94 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 103.94 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 97.23 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 97.23 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 97.23 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 90.96 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 90.96 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 90.96 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 85.09 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 85.09 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 85.09 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 79.60 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 79.60 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 79.60 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 74.47 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 74.47 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 74.47 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [-------------------------------------------------] 100.00% 20.58 MiB p/s 4.4s2026-02-26T20:59:23Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-02-26T20:59:23Z	INFO	[vuln] Vulnerability scanning is enabled
2026-02-26T20:59:23Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-02-26T20:59:23Z	INFO	[misconfig] Need to update the checks bundle
2026-02-26T20:59:23Z	INFO	[misconfig] Downloading the checks bundle...
165.46 KiB / 165.46 KiB [------------------------------------------------------] 100.00% ? p/s 100ms2026-02-26T20:59:26Z	INFO	[npm] To collect the license information of packages, "npm install" needs to be performed beforehand	dir="node_modules"
2026-02-26T20:59:26Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-02-26T20:59:26Z	INFO	Number of language-specific files	num=1
2026-02-26T20:59:26Z	INFO	[npm] Detecting vulnerabilities...
2026-02-26T20:59:26Z	INFO	Detected config files	num=0

Report Summary

┌───────────────────┬──────┬─────────────────┬───────────────────┐
│      Target       │ Type │ Vulnerabilities │ Misconfigurations │
├───────────────────┼──────┼─────────────────┼───────────────────┤
│ package-lock.json │ npm  │        1        │         -         │
└───────────────────┴──────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider 

(Truncated to 4000 characters out of 5691)

⚠️ ACTION / actionlint - 3 errors

.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/test.yml:78:11: input "file" is not defined in action "codecov/codecov-action@v5". available inputs are "base_sha", "binary", "codecov_yml_path", "commit_parent", "directory", "disable_file_fixes", "disable_safe_directory", "disable_search", "disable_telem", "dry_run", "env_vars", "exclude", "fail_ci_if_error", "files", "flags", "force", "gcov_args", "gcov_executable", "gcov_ignore", "gcov_include", "git_service", "handle_no_reports_found", "job_code", "name", "network_filter", "network_prefix", "os", "override_branch", "override_build", "override_build_url", "override_commit", "override_pr", "plugins", "recurse_submodules", "report_code", "report_type", "root_dir", "run_command", "skip_validation", "slug", "swift_project", "token", "url", "use_legacy_upload_endpoint", "use_oidc", "use_pypi", "verbose", "version", "working-directory" [action]
   |
78 |           file: coverage.lcov
   |           ^~~~~

⚠️ SPELL / lychee - 2 errors

[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://npmjs.org/package/java-caller | Network error: Forbidden
📝 Summary
---------------------
🔍 Total...........64
✅ Successful......16
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded........46
❓ Unknown..........0
🚫 Errors...........2

Errors in README.md
[403] https://www.npmjs.com/package/java-caller | Network error: Forbidden
[403] https://npmjs.org/package/java-caller | Network error: Forbidden

⚠️ MARKDOWN / markdown-table-formatter - 1 error

1 files contain markdown tables to format:
- README.md

⚠️ MARKDOWN / markdownlint - 17 errors

CODE_OF_CONDUCT.md:58:44 error MD034/no-bare-urls Bare URL used [Context: "nicolas.vuillamy@gmail.com"]
CODE_OF_CONDUCT.md:71:14 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
CODE_OF_CONDUCT.md:76:1 error MD034/no-bare-urls Bare URL used [Context: "https://www.contributor-covena..."]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:47 error MD060/table-column-style Table column style [Table pipe is missing space to the left for style "compact"]
README.md:67:1 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:13 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:27 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:67:37 error MD060/table-column-style Table column style [Table pipe is missing space to the right for style "compact"]
README.md:68:361 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:70:123 error MD060/table-column-style Table column style [Table pipe has extra space to the left for style "compact"]
README.md:74:315 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:75:310 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:76:208 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]
README.md:77:233 error MD055/table-pipe-style Table pipe style [Expected: leading_and_trailing; Actual: leading_only; Missing trailing pipe]

⚠️ JSON / prettier - 1 error

Checking formatting...
[warn] .cspell.json
[warn] .vscode/launch.json
[warn] examples/cli_app/lib/java-caller-config.json
[warn] examples/cli_app/package.json
[warn] examples/module_app/package.json
[warn] renovate.json
[warn] Code style issues found in 6 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / prettier - 1 error

Checking formatting...
[warn] lib/index.d.ts
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/deploy.yml
[warn] .github/workflows/test.yml
[warn] Code style issues found in 2 files. Run Prettier with --write to fix.

⚠️ TYPESCRIPT / ts-standard - 1 error

Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,COPYPASTE_JSCPD,JAVASCRIPT_ES,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,TYPESCRIPT_ES,TYPESCRIPT_STANDARD,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.64%. Comparing base (afb3f58) to head (84019ab).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #155   +/-   ##
=======================================
  Coverage   89.64%   89.64%           
=======================================
  Files           3        3           
  Lines         251      251           
=======================================
  Hits          225      225           
  Misses         26       26           

Flag	Coverage Δ
unittests	89.64% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.