[BREAKING INCOMPATIBLE CHANGES] In the official Codecov GitHub Action — codecov/codecov-action@v4

[webknjaz]

GitHub Actions Advisory for @achimnol @bdraco @Dreamsorcerer @jettify @Nothing4You @mjpieters @aio-libs/admins and anybody setting up CI across the org

TL;DR Postpone upgrading / accepting Dependabot version bumps: here be dragons 🐲

There are a lot of bugs discovered following the yesterday's major version bump of $sbj. Some are related to the complete rewrite of the underlying CLI tool, others are related to bugs in the action itself.

One of the documented changes (additionally to the undocumented and sometimes accidental breaking behaviors!) is that the upload token becomes mandatory. It's also important to provision a secret for the Dependabot runs. When used with reusable workflows, this means implementing an explicit way of passing secrets from the calling workflows.