Skip to content

Bump actions/download-artifact from 7 to 8#512

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/download-artifact-8
Open

Bump actions/download-artifact from 7 to 8#512
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/download-artifact-8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 27, 2026

Copy link
Copy Markdown
Contributor

Bumps actions/download-artifact from 7 to 8.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • 96bf374 One more test fix
  • b8c4819 Fix skip decompress test
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump actions/download-artifact from 7 to 8
9ef571a 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added a: dependencies Related to package dependencies and management a: devops Related to CI /CD workflows or project toolings (e.g. auto-formatter) p: 3 - low Can be done when there's time; nice-to-have things, doesn’t impact other tasks t: project Affects the project itself, not necessarily the code within (e.g. a new release) labels Feb 27, 2026
@dependabot dependabot Bot requested a review from ItsDrike as a code owner February 27, 2026 10:22
@dependabot dependabot Bot added p: 3 - low Can be done when there's time; nice-to-have things, doesn’t impact other tasks a: devops Related to CI /CD workflows or project toolings (e.g. auto-formatter) a: dependencies Related to package dependencies and management t: project Affects the project itself, not necessarily the code within (e.g. a new release) labels Feb 27, 2026
@py-mine-ci-bot py-mine-ci-bot Bot enabled auto-merge (squash) February 27, 2026 10:23
@py-mine-ci-bot

py-mine-ci-bot Bot commented Feb 27, 2026

Copy link
Copy Markdown
Contributor
PR Preview Action v1.8.1

🚀 View preview at
https://py-mine.github.io/mcproto/pr-preview/pr-512/

Built to branch gh-pages at 1772187794.
Preview will be ready when the GitHub Pages deployment is complete.

@py-mine-ci-bot py-mine-ci-bot Bot added the s: stale Has had no activity for a while (will be closed for inactivity/marked up for grabs soon) label Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@py-mine-ci-bot py-mine-ci-bot[bot] py-mine-ci-bot[bot] approved these changes

@ItsDrike ItsDrike Awaiting requested review from ItsDrike ItsDrike is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

a: dependencies Related to package dependencies and management a: devops Related to CI /CD workflows or project toolings (e.g. auto-formatter) p: 3 - low Can be done when there's time; nice-to-have things, doesn’t impact other tasks s: stale Has had no activity for a while (will be closed for inactivity/marked up for grabs soon) t: project Affects the project itself, not necessarily the code within (e.g. a new release)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants