ci(deps): bump the github-actions group across 1 directory with 17 updates

[dependabot]

Bumps the github-actions group with 17 updates in the /.github/workflows directory:

Package	From	To
step-security/harden-runner	2.13.3	2.16.0
actions/checkout	4.2.2	6.0.2
step-security/mise-action	3.4.1	3.6.1
step-security/rust-cache	2.8.2	2.8.3
benchmark-action/github-action-benchmark	1.20.7	1.21.0
step-security/setup-buildx-action	3.11.1	4.0.0
step-security/docker-login-action	3.6.0	3.7.0
docker/metadata-action	5.7.0	6.0.0
actions/upload-artifact	4.6.2	7.0.0
actions/download-artifact	4.3.0	8.0.1
anchore/sbom-action	0.20.0	0.23.1
taiki-e/install-action	2.67.18	2.68.33
actions/cache	4.2.2	5.0.3
step-security/publish-unit-test-result-action	2.21.1	2.22.0
github/codeql-action	3.28.18	4.33.0
aquasecurity/trivy-action	0.31.0	0.35.0
actions/dependency-review-action	4.8.2	4.9.0

Updates step-security/harden-runner from 2.13.3 to 2.16.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.16.0

What's Changed

• Updated action.yml to use node24
• Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-46g3-37rh-v698 for details.
• Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-g699-3x6g-wm3g for details.

Full Changelog: step-security/harden-runner@v2.15.1...v2.16.0

v2.15.1

What's Changed

• Fixes step-security/harden-runner#642 bug due to which post step was failing on Windows ARM runners
• Updates npm packages

Full Changelog: step-security/harden-runner@v2.15.0...v2.15.1

v2.15.0

What's Changed

Windows and macOS runner support

We are excited to announce that Harden Runner now supports Windows and macOS runners, extending runtime security beyond Linux for the first time.

Insights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.

Full Changelog: step-security/harden-runner@v2.14.2...v2.15.0

v2.14.2

What's Changed

Security fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See GHSA-cpmj-h4f6-r6pq for details.

Full Changelog: step-security/harden-runner@v2.14.1...v2.14.2

v2.14.1

What's Changed

1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

v2.14.0

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

Commits

• fa2e9d6 Release v2.16.0 (#646)
• 58077d3 Release v2.15.1 (#641)
• a90bcbc Update readme (#637)
• f0a59d8 Release v2.15.0 (#639)
• 5ef0c07 Merge pull request #635 from step-security/rc-34
• eb43c7b update agent
• e3f713f Merge pull request #631 from step-security/rc-31
• 423acdd chore: fix npm audit vulnerabilities
• 0ddb86c update agent
• 20cf305 Merge pull request #622 from step-security/feature/custom-property-skip
• Additional commits viewable in compare view

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates step-security/mise-action from 3.4.1 to 3.6.1

Release notes

Sourced from step-security/mise-action's releases.

v3.6.1

What's Changed

• fix: Security updates by @​github-actions[bot] in step-security/mise-action#190
• fix: remove husky by @​Raj-StepSecurity in step-security/mise-action#192
• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/mise-action#191
• fix: Security updates by @​github-actions[bot] in step-security/mise-action#193
• chore: Cherry-picked changes from upstream by @​Raj-StepSecurity in step-security/mise-action#195

Full Changelog: step-security/mise-action@v3...v3.6.1

v3.5.1

What's Changed

• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/mise-action#188
• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/mise-action#189

Full Changelog: step-security/mise-action@v3...v3.5.1

Commits

• 88aa01c Merge pull request #195 from step-security/auto-cherry-pick
• a0237b8 fix: code build script applied
• 8d2017a chore: Cherry-picked changes from upstream
• d291411 Merge pull request #193 from step-security/npm-audit-fix
• 58be52d fix: apply audit fixes
• fcb1908 fix: apply audit fixes
• eaad836 fix: apply audit fixes
• a482abe Merge pull request #191 from step-security/auto-cherry-pick
• b5856be conflicted commits cherry-picked
• aa6a1cf Merge branch 'main' into auto-cherry-pick
• Additional commits viewable in compare view

Updates step-security/rust-cache from 2.8.2 to 2.8.3

Release notes

Sourced from step-security/rust-cache's releases.

v2.8.3

What's Changed

• fix: added test vulns to osv scanner by @​Raj-StepSecurity in step-security/rust-cache#251
• ci: reduce workflow test cases by @​Raj-StepSecurity in step-security/rust-cache#259
• fix: Security updates by @​github-actions[bot] in step-security/rust-cache#263
• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/rust-cache#262
• ci: Update multi-job-cache.yml by @​Raj-StepSecurity in step-security/rust-cache#264
• fix: Security updates by @​github-actions[bot] in step-security/rust-cache#266

Full Changelog: step-security/rust-cache@v2...v2.8.3

Commits

• 9be15b8 Merge pull request #266 from step-security/npm-audit-fix
• 1f979d8 fix: apply audit fixes
• 9cc9384 fix: apply audit fixes
• d5cbdd1 fix: apply audit fixes
• df0b283 Merge pull request #264 from step-security/Raj-StepSecurity-patch-6
• b1344b1 Update multi-job-cache.yml
• b0c7652 Merge pull request #262 from step-security/auto-cherry-pick
• 80a7a93 Merge branch 'main' into auto-cherry-pick
• 585fbbe Merge pull request #263 from step-security/npm-audit-fix
• 0d5ac1d fix: apply audit fixes
• Additional commits viewable in compare view

Updates benchmark-action/github-action-benchmark from 1.20.7 to 1.21.0

Release notes

Sourced from benchmark-action/github-action-benchmark's releases.

v1.21.0

• fix include package name for duplicate bench names (#330)
• fix avoid duplicate package suffix in Go benchmarks (#337)

Full Changelog: benchmark-action/github-action-benchmark@v1.20.7...v1.21.0

Changelog

Sourced from benchmark-action/github-action-benchmark's changelog.

Unreleased

v1.21.0 - 02 Mar 2026

• fix include package name for duplicate bench names (#330)
• fix avoid duplicate package suffix in Go benchmarks (#337)

v1.20.7 - 06 Sep 2025

• fix improve parsing for custom benchmarks (#323)

v1.20.5 - 02 Sep 2025

• feat allow to parse generic cargo bench/criterion units (#280)
• fix add summary even when failure threshold is surpassed (#285)
• fix time units are not normalized (#318)

v1.20.4 - 23 Oct 2024

• feat add typings and validation workflow (#257)

v1.20.3 - 19 May 2024

• fix Catch2 v.3.5.0 changed output format (#247)

v1.20.2 - 19 May 2024

• fix Support sub-nanosecond precision on Cargo benchmarks (#246)

v1.20.1 - 02 Apr 2024

• fix release script

v1.20.0 - 02 Apr 2024

• fix Rust benchmarks not comparing to baseline (#235)
• feat Comment on PR and auto update comment (#223)

v1.19.3 - 02 Feb 2024

• fix ratio is NaN when previous value is 0. Now, print 1 when both values are 0 and +-∞ when divisor is 0 (#222)
• fix action hangs in some cases for go fiber benchmarks (#225)

v1.19.2 - 26 Jan 2024

• fix markdown rendering for summary is broken (#218)

v1.19.1 - 25 Jan 2024

... (truncated)

Commits

• a7bc236 release v1.21.0
• See full diff in compare view

Updates step-security/setup-buildx-action from 3.11.1 to 4.0.0

Release notes

Sourced from step-security/setup-buildx-action's releases.

v4.0.0

What's Changed

• build(deps): bump tar from 7.5.7 to 7.5.9 by @​dependabot[bot] in step-security/setup-buildx-action#27
• build(deps): bump axios from 1.13.2 to 1.13.5 by @​dependabot[bot] in step-security/setup-buildx-action#28
• fix: upgrade packages and fix vulnerabilities by @​Raj-StepSecurity in step-security/setup-buildx-action#29
• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/setup-buildx-action#30
• fix: added new subscription check code and banner by @​amanstep in step-security/setup-buildx-action#31

New Contributors

• @​dependabot[bot] made their first contribution in step-security/setup-buildx-action#27

Full Changelog: step-security/setup-buildx-action@v3...v4.0.0

v3.12.0

What's Changed

• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/setup-buildx-action#19
• fix: upgraded packages and fixed vulnerabilities by @​Raj-StepSecurity in step-security/setup-buildx-action#25

New Contributors

• @​github-actions[bot] made their first contribution in step-security/setup-buildx-action#19
• @​Raj-StepSecurity made their first contribution in step-security/setup-buildx-action#25

Full Changelog: step-security/setup-buildx-action@v3...v3.12.0

Commits

• f931205 Merge pull request #31 from step-security/fix/banner
• 863ecf2 fix: added new subscription check code and banner
• aa38f26 Merge pull request #30 from step-security/auto-cherry-pick
• 5ede296 chore: updated dist
• 5e7a8f6 chore: cherry-picked conflicting changes
• c1d26c0 remove deprecated inputs/outputs
• b7b9367 remove deprecated inputs/outputs
• b5a0e7a remove deprecated inputs/outputs
• 46f6f46 remove deprecated inputs/outputs
• ab54f58 remove deprecated inputs/outputs
• Additional commits viewable in compare view

Updates step-security/docker-login-action from 3.6.0 to 3.7.0

Release notes

Sourced from step-security/docker-login-action's releases.

v3.7.0

What's Changed

• fix: upgraded packages and fixed vulns by @​Raj-StepSecurity in step-security/docker-login-action#23
• build(deps): bump tar from 7.5.7 to 7.5.9 by @​dependabot[bot] in step-security/docker-login-action#24
• build(deps): bump axios from 1.13.2 to 1.13.5 by @​dependabot[bot] in step-security/docker-login-action#25
• chore: Cherry-picked changes from upstream by @​github-actions[bot] in step-security/docker-login-action#22
• feat: author updated for actions by @​Raj-StepSecurity in step-security/docker-login-action#26
• [StepSecurity] Apply security best practices by @​stepsecurity-app[bot] in step-security/docker-login-action#27
• build(deps): bump tar from 7.5.9 to 7.5.11 by @​dependabot[bot] in step-security/docker-login-action#29
• fix: improve subscription banner and make public repos free by @​Raj-StepSecurity in step-security/docker-login-action#28
• fix: upgraded deps to fix vulnerabilities by @​Raj-StepSecurity in step-security/docker-login-action#30
• fix: upstream author name corrected by @​Raj-StepSecurity in step-security/docker-login-action#31

New Contributors

• @​github-actions[bot] made their first contribution in step-security/docker-login-action#22
• @​stepsecurity-app[bot] made their first contribution in step-security/docker-login-action#27

Full Changelog: step-security/docker-login-action@v3...v3.7.0

Commits

• 6aa05fe Merge pull request #31 from step-security/fix/upstram-author
• e3e053a fix: upstream author name corrected
• 7e7dbc0 Merge pull request #30 from step-security/fix/vulnerabilities-manual
• 80fa174 fix: upgraded deps to fix vulnerabilities
• 4fda943 Merge pull request #28 from step-security/fix/validate-subscription-check
• 1b734e7 failing tests fixed
• c63e7d7 Merge branch 'main' into fix/validate-subscription-check
• 3a00914 Merge pull request #29 from step-security/dependabot/npm_and_yarn/tar-7.5.11
• 35556c9 node version upgraded
• 62753db code linted
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.7.0 to 6.0.0

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in docker/metadata-action#605
• List inputs now preserve # inside values while still supporting full-line # comments by @​crazy-max in docker/metadata-action#607
• Switch to ESM and update config/test wiring by @​crazy-max in docker/metadata-action#602
• Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588
• Bump @​actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599
• Bump @​actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597
• Bump @​docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600
• Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

v5.10.0

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

• Add tag-names output to return tag names without image base name by @​crazy-max in docker/metadata-action#553
• Bump @​babel/runtime-corejs3 from 7.14.7 to 7.28.2 in docker/metadata-action#539
• Bump @​docker/actions-toolkit from 0.62.1 to 0.66.0 in docker/metadata-action#555
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/metadata-action#540
• Bump csv-parse from 5.6.0 to 6.1.0 in docker/metadata-action#532
• Bump semver from 7.7.2 to 7.7.3 in in docker/metadata-action#554
• Bump tmp from 0.2.3 to 0.2.5 in docker/metadata-action#541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

• New is_not_default_branch global expression by @​crazy-max in docker/metadata-action#535
• Allow to match part of the git tag or value for semver/pep440 types by @​crazy-max in docker/metadata-action#536 docker/metadata-action#537
• Bump @​actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523
• Bump @​docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526
• Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533
• Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525
• Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

Commits

• 030e881 Merge pull request #607 from crazy-max/allow-comments
• 4b529ac chore: update generated content
• b0082b3 preserve comments in list input values with commentNoInfix
• 7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 281c9b0 chore: update generated content
• 5f43b3b test: stabilize github mock setup since ESM
• 9d53276 github class moved since actions-toolkit v0.77.0
• eaa3d39 chore(deps): Bump @​docker/actions-toolkit from 0.68.0 to 0.77.0
• 6b695f7 Merge pull request #605 from crazy-max/node24
• a1afadc node 24 as default runtime
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README.md by @​GhadimiR in actions/upload-artifact#681
• Update README.md by @​nebuk89 in actions/upload-artifact#712
• Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
• Bump @actions/artifact to v4.0.0
• Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

... (truncated)

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by ...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.