Skip to content

chore(deps): bump actions/download-artifact from 4 to 8#7

Closed
dependabot[bot] wants to merge 159 commits intomainfrom
dependabot/github_actions/actions/download-artifact-8
Closed

chore(deps): bump actions/download-artifact from 4 to 8#7
dependabot[bot] wants to merge 159 commits intomainfrom
dependabot/github_actions/actions/download-artifact-8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 4, 2026

Bumps actions/download-artifact from 4 to 8.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • 96bf374 One more test fix
  • b8c4819 Fix skip decompress test
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

urmzd and others added 30 commits November 25, 2022 17:06
@urmzd
docs: describe how to use action
0796daf
@urmzd
chore: create metadata file
4cddccf
@urmzd
chore: update name
9bfb648
@urmzd
chore: update name
9af3344
@urmzd
ci: create release file
d0b87ea
@urmzd
test: self action
0b7893c
@urmzd
fix: ensure repo is checked-out
a825d6d
@urmzd
chore: update name
88fcb23
@urmzd
fix: ensure changes are pushed
58e1c00
chore: embed example using self
8899bbd
@urmzd
fix: run workflow only on release
0289817
@urmzd
fix: add branding
c2057f1
@urmzd
build: change example
f79083b
@urmzd
ci: prevent multiple jobs from starting
6b8e3a8
@urmzd
ci: run test on every push
612c9c5
@urmzd
ci: run on pipeline changes
7614bcf
chore: embed example using self
597cc28
@urmzd
docs: credit embedme
4de4212
@urmzd
fix: ensure docker entrypoint exists
3176c3c
@urmzd
ci: run on PR
2b1d22b
@urmzd
fix: ensure current directory is considered safe
a64fba7
@urmzd
fix: always push to current branch
ece56c8
@urmzd
ci: trigger on src mods
397630d
@urmzd
fix: ensure github workspace can be pushed from
d44b010
@urmzd
fix: cd to rootlevel
ba4fd8f
@urmzd
fix: push from workspace
6b74564
@urmzd
fix: add directory globally
fcf5457
@urmzd
fix: config
3bfe36e
@urmzd
fix: fail early
458d0c1
@urmzd
fix: add workspace first
e61d4ef
semantic-release[bot] and others added 21 commits February 11, 2026 08:42
chore(release): v2.1.2 [skip ci]
6115887
@urmzd
ci: allow dirty working directory for cargo publish
86a3625 
Build artifacts and release assets make the working directory dirty,
causing cargo publish to fail without --allow-dirty.
@urmzd
chore: add sensitive paths to .gitignore
10a19ec 
Ignore .claude/, .vscode/, .env, .env.*, .DS_Store, and .idea/
to prevent committing editor configs, secrets, and OS metadata.
chore(release): v2.1.3 [skip ci]
a0f3193
@urmzd
ci: split release and build workflows
4899b8f
@urmzd
chore: remove MIT license to resolve dual-license conflict
907d074
chore(release): v2.1.4 [skip ci]
cb7bc2c
@urmzd
feat!: rename to embed-src
791f51d
@urmzd
chore: sync Cargo.lock
fba03b3
chore(release): v3.0.0 [skip ci]
4ba9df3
@urmzd
feat: add install script and switch Linux builds to musl
7bfc1e4 
Adds a curl-installable install.sh for downloading prebuilt binaries
from GitHub releases. Switches Linux build targets from gnu to musl
for better cross-distro compatibility.
@urmzd
fix: correct linux binary target and shellcheck warnings
f0ddaac 
- action.yml: use linux-musl target to match build.yml output
- install.sh: group redirects to satisfy shellcheck SC2129
chore(release): v3.1.0 [skip ci]
0879a08
@urmzd
fix: trigger binary builds from release workflow
4aa10a4 
Tags created by GitHub Actions via GITHUB_TOKEN don't trigger other
workflows, so build.yml was never running. Make build.yml callable
as a reusable workflow and invoke it from release.yml after a
successful release.
chore(release): v3.1.1 [skip ci]
261b469
@urmzd
ci: inline build matrix into release.yml, remove build.yml
fbd30f2
@urmzd
ci: move crates.io publish to separate job so build is never blocked
26b65db
@urmzd
ci: standardize GitHub Actions workflows
cdac1d4 
- Rename lint job to clippy for consistency
- Add rustfmt and clippy components explicitly
- Add permissions (contents: read for CI, write for release)
- Add concurrency controls to prevent duplicate runs
- Add dependabot configuration for automated action updates
- Add .gitattributes to enforce LF line endings
@urmzd
docs: add Installation section and promote CLI Usage to top-level
2096b60 
Documents install.sh with env var options and manual download path.
Moves CLI usage from a subsection of Usage to a standalone Local Usage section.
@urmzd
ci: switch to trusted publishing for crates.io
edb551d
@dependabot
chore(deps): bump actions/download-artifact from 4 to 8
ad031df 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 4, 2026
@dependabot dependabot bot mentioned this pull request Mar 4, 2026
Closed
@urmzd urmzd closed this Mar 30, 2026
@urmzd urmzd force-pushed the dependabot/github_actions/actions/download-artifact-8 branch from ded4b7c to ad031df Compare March 30, 2026 06:09
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 30, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/github_actions/actions/download-artifact-8 branch March 30, 2026 06:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@urmzd