From 2b4d3bf777572be58a2bdeddc7d725ed5f30c748 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Nov 2025 22:25:04 +0000
Subject: [PATCH 1/2] Bump cypress-io/github-action from 6.10.0 to 6.10.3
 (#3662)

Bumps
[cypress-io/github-action](https://github.com/cypress-io/github-action)
from 6.10.0 to 6.10.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cypress-io/github-action/releases">cypress-io/github-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.10.3</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.10.2...v6.10.3">6.10.3</a>
(2025-10-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>add type commonjs to package.json (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1544">#1544</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/e65cba2e7319696fc0fdc4d5a319b737aec4ba1c">e65cba2</a>)</li>
</ul>
<h2>v6.10.2</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.10.1...v6.10.2">6.10.2</a>
(2025-07-24)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update form-data to 2.5.5 (CVE-2025-7783) (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1507">#1507</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/b8ba51a856ba5f4c15cf39007636d4ab04f23e3c">b8ba51a</a>)</li>
</ul>
<h2>v6.10.1</h2>
<h2><a
href="https://github.com/cypress-io/github-action/compare/v6.10.0...v6.10.1">6.10.1</a>
(2025-06-16)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> update brace-expansion (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1486">#1486</a>)
(<a
href="https://github.com/cypress-io/github-action/commit/6c143abc292aa835d827652c2ea025d098311070">6c143ab</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cypress-io/github-action/commit/e65cba2e7319696fc0fdc4d5a319b737aec4ba1c"><code>e65cba2</code></a>
fix: add type commonjs to package.json (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1544">#1544</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/8e36dc9c3942352cd804340e4d668a7b11c0d5a9"><code>8e36dc9</code></a>
chore(deps): update cypress to 15.5.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1550">#1550</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/aa00c21e56c4dfb852d7d5c08c4c4b698f3876f5"><code>aa00c21</code></a>
chore: migrate to ESLint extends config structure (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1545">#1545</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/eb6ecdba5fc58e2527c6ea87835239c20d299018"><code>eb6ecdb</code></a>
chore(deps): update markdown-link-check to 3.14.1 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1548">#1548</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/16752e224845e37f4e0af06b63c0df664eb2a177"><code>16752e2</code></a>
test(deps): add Node.js 25 (current) support (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1549">#1549</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/e17a084cf5afd8f2abebcd9f16d0e7eefbff4572"><code>e17a084</code></a>
chore(deps): update cypress to 15.4.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1547">#1547</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/38f9a02ac2661ac1ee120f01dc9ad831e02decd6"><code>38f9a02</code></a>
chore(deps): update cypress to 15.3.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1543">#1543</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/66843942119b1fe1f77997603e7ec77404e9331d"><code>6684394</code></a>
test(deps): update setup-chrome to v2 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1541">#1541</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/14fc5fa363bdff6b3dd58fd340181a4e4db17166"><code>14fc5fa</code></a>
docs: remove additional 'use: ./' syntax duplicated explanations (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1540">#1540</a>)</li>
<li><a
href="https://github.com/cypress-io/github-action/commit/b986d12248fa030e8d936038f60788c8f07e1ee7"><code>b986d12</code></a>
chore(deps): update cypress to 15.2.0 (<a
href="https://redirect.github.com/cypress-io/github-action/issues/1539">#1539</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/cypress-io/github-action/compare/v6.10.0...v6.10.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cypress-io/github-action&package-manager=github_actions&previous-version=6.10.0&new-version=6.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/schedules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/schedules.yaml b/.github/workflows/schedules.yaml
index 28db6186..3595cf46 100644
--- a/.github/workflows/schedules.yaml
+++ b/.github/workflows/schedules.yaml
@@ -272,7 +272,7 @@ jobs:
         run: |
           sed -i '/HOMESERVER/c\        HOMESERVER: "dendrite",' cypress.config.ts
       - name: "Run cypress tests"
-        uses: cypress-io/github-action@v6.10.0
+        uses: cypress-io/github-action@v6.10.3
         with:
           browser: chrome
           start: npx serve -p 8080 ./element-web/webapp
@@ -312,7 +312,7 @@ jobs:
         run: |
           sed -i '/HOMESERVER/c\        HOMESERVER: "dendritePinecone",' cypress.config.ts
       - name: "Run cypress tests"
-        uses: cypress-io/github-action@v6.10.0
+        uses: cypress-io/github-action@v6.10.3
         with:
           browser: chrome
           start: npx serve -p 8080 ./element-web/webapp

From d9c63c8930dbb9f8331cee3e636e40837078f4bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Nov 2025 22:52:28 +0000
Subject: [PATCH 2/2] Bump actions/download-artifact from 4 to 6 (#3661)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README for download-artifact v5 changes by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/417">actions/download-artifact#417</a></li>
<li>Update README with artifact extraction details by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/424">actions/download-artifact#424</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/431">actions/download-artifact#431</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v6.0.0</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/438">actions/download-artifact#438</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/431">actions/download-artifact#431</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v5...v6.0.0">https://github.com/actions/download-artifact/compare/v5...v6.0.0</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/407">actions/download-artifact#407</a></li>
<li>BREAKING fix: inconsistent path behavior for single artifact
downloads by ID by <a
href="https://github.com/GrantBirki"><code>@​GrantBirki</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/416">actions/download-artifact#416</a></li>
</ul>
<h2>v5.0.0</h2>
<h3>🚨 Breaking Change</h3>
<p>This release fixes an inconsistency in path behavior for single
artifact downloads by ID. <strong>If you're downloading single artifacts
by ID, the output path may change.</strong></p>
<h4>What Changed</h4>
<p>Previously, <strong>single artifact downloads</strong> behaved
differently depending on how you specified the artifact:</p>
<ul>
<li><strong>By name</strong>: <code>name: my-artifact</code> → extracted
to <code>path/</code> (direct)</li>
<li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted
to <code>path/my-artifact/</code> (nested)</li>
</ul>
<p>Now both methods are consistent:</p>
<ul>
<li><strong>By name</strong>: <code>name: my-artifact</code> → extracted
to <code>path/</code> (unchanged)</li>
<li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted
to <code>path/</code> (fixed - now direct)</li>
</ul>
<h4>Migration Guide</h4>
<h5>✅ No Action Needed If:</h5>
<ul>
<li>You download artifacts by <strong>name</strong></li>
<li>You download <strong>multiple</strong> artifacts by ID</li>
<li>You already use <code>merge-multiple: true</code> as a
workaround</li>
</ul>
<h5>⚠️ Action Required If:</h5>
<p>You download <strong>single artifacts by ID</strong> and your
workflows expect the nested directory structure.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53"><code>018cc2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/438">#438</a>
from actions/danwkennedy/prepare-6.0.0</li>
<li><a
href="https://github.com/actions/download-artifact/commit/815651c680ffe1c95719d0ed08aba1a2f9d5c177"><code>815651c</code></a>
Revert &quot;Remove <code>github.dep.yml</code>&quot;</li>
<li><a
href="https://github.com/actions/download-artifact/commit/bb3a066a8babc8ed7b3e4218896c548fe34e7115"><code>bb3a066</code></a>
Remove <code>github.dep.yml</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/fa1ce46bbd11b8387539af12741055a76dfdf804"><code>fa1ce46</code></a>
Prepare <code>v6.0.0</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/4a24838f3d5601fd639834081e118c2995d51e1c"><code>4a24838</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/431">#431</a>
from danwkennedy/patch-1</li>
<li><a
href="https://github.com/actions/download-artifact/commit/5e3251c4ff5a32e4cf8dd4adaee0e692365237ae"><code>5e3251c</code></a>
Readme: spell out the first use of GHES</li>
<li><a
href="https://github.com/actions/download-artifact/commit/abefc31eafcfbdf6c5336127c1346fdae79ff41c"><code>abefc31</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/424">#424</a>
from actions/yacaovsnc/update_readme</li>
<li><a
href="https://github.com/actions/download-artifact/commit/ac43a6070aa7db8a41e756e7a2846221edca7027"><code>ac43a60</code></a>
Update README with artifact extraction details</li>
<li><a
href="https://github.com/actions/download-artifact/commit/de96f4613b77ec03b5cf633e7c350c32bd3c5660"><code>de96f46</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/417">#417</a>
from actions/yacaovsnc/update_readme</li>
<li><a
href="https://github.com/actions/download-artifact/commit/7993cb44e9052f2f08f9b828ae5ef3ecca7d2ac7"><code>7993cb4</code></a>
Remove migration guide for artifact download changes</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/v4...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Devon Hudson <devon.dmytro@gmail.com>
---
 .github/workflows/schedules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/schedules.yaml b/.github/workflows/schedules.yaml
index 3595cf46..dfb2d74c 100644
--- a/.github/workflows/schedules.yaml
+++ b/.github/workflows/schedules.yaml
@@ -103,7 +103,7 @@ jobs:
           go-version: 'stable'
           cache: true
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
       - name: Collect coverage
         run: |
           go tool covdata textfmt -i="$(find Sytest* -name 'covmeta*' -type f -exec dirname {} \; | uniq | paste -s -d ',' -)" -o sytest.cov
@@ -227,7 +227,7 @@ jobs:
           go-version: 'stable'
           cache: true
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
       - name: Collect coverage
         run: |
           go tool covdata textfmt -i="$(find Complement* -name 'covmeta*' -type f -exec dirname {} \; | uniq | paste -s -d ',' -)" -o complement.cov