Bump actions/download-artifact from 7 to 8

[dependabot]

Bumps actions/download-artifact from 7 to 8.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• 96bf374 One more test fix
• b8c4819 Fix skip decompress test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codspeed-hq]

Merging this PR will not alter performance

✅ 59 untouched benchmarks

---

_{Comparing dependabot/github_actions/actions/download-artifact-8 (5400cd1) with master (6e8f393)}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.78%. Comparing base (6e8f393) to head (5400cd1).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12154   +/-   ##
=======================================
  Coverage   98.78%   98.78%           
=======================================
  Files         128      128           
  Lines       45321    45321           
  Branches     2405     2405           
=======================================
+ Hits        44771    44772    +1     
  Misses        390      390           
+ Partials      160      159    -1     

Flag	Coverage Δ
CI-GHA	98.64% <ø> (+<0.01%)	⬆️
OS-Linux	98.38% <ø> (ø)
OS-Windows	96.74% <ø> (-0.01%)	⬇️
OS-macOS	97.63% <ø> (+<0.01%)	⬆️
Py-3.10.11	97.19% <ø> (+<0.01%)	⬆️
Py-3.10.19	97.66% <ø> (ø)
Py-3.11.14	97.86% <ø> (ø)
Py-3.11.9	97.39% <ø> (-0.01%)	⬇️
Py-3.12.10	97.48% <ø> (ø)
Py-3.12.12	97.95% <ø> (ø)
Py-3.13.12	98.20% <ø> (ø)
Py-3.14.3	98.17% <ø> (ø)
Py-3.14.3t	97.27% <ø> (ø)
Py-pypy3.11.13-7.3.20	97.29% <ø> (ø)
VM-macos	97.63% <ø> (+<0.01%)	⬆️
VM-ubuntu	98.38% <ø> (ø)
VM-windows	96.74% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.