Skip to content

[UPDATE] (deps): Bump actions/download-artifact from 7.0.0 to 8.0.1 in /.github/workflows#321

Merged
reactive-firewall merged 1 commit intomasterfrom
dependabot/github_actions/dot-github/workflows/master/actions/download-artifact-8.0.1
Mar 29, 2026
Merged

[UPDATE] (deps): Bump actions/download-artifact from 7.0.0 to 8.0.1 in /.github/workflows#321
reactive-firewall merged 1 commit intomasterfrom
dependabot/github_actions/dot-github/workflows/master/actions/download-artifact-8.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026
edited
Loading

Bumps actions/download-artifact from 7.0.0 to 8.0.1.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 13, 2026
@dependabot dependabot bot mentioned this pull request Mar 13, 2026
Closed
reactive-firewall
reactive-firewall approved these changes Mar 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@reactive-firewall reactive-firewall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 LGTM;

☑️ Specifically, the version bump is approved!

@reactive-firewall
Copy link
Copy Markdown
Collaborator

reactive-firewall commented Mar 28, 2026

@dependabot rebase

@dependabot dependabot bot force-pushed the dependabot/github_actions/dot-github/workflows/master/actions/download-artifact-8.0.1 branch from ced2383 to e1a21ff Compare March 28, 2026 22:25
@reactive-firewall
Copy link
Copy Markdown
Collaborator

reactive-firewall commented Mar 28, 2026

@dependabot rebase

@dependabot
[UPDATE] (deps): Bump actions/download-artifact in /.github/workflows
0bdee3d 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.1.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@37930b1...3e5f45b)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/dot-github/workflows/master/actions/download-artifact-8.0.1 branch from e1a21ff to 0bdee3d Compare March 28, 2026 22:35
@reactive-firewall reactive-firewall merged commit 2a8cfbc into master Mar 29, 2026
8 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/dot-github/workflows/master/actions/download-artifact-8.0.1 branch March 29, 2026 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@reactive-firewall reactive-firewall reactive-firewall approved these changes

Assignees

@reactive-firewall reactive-firewall

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@reactive-firewall