Bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: peter-evans/create-pull-request, actions/download-artifact and docker/login-action.

Updates peter-evans/create-pull-request from 7.0.11 to 8.1.1

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.1

What's Changed

• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4305
• build(deps): bump minimatch by @​dependabot[bot] in peter-evans/create-pull-request#4311
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4316
• build(deps): bump @​tootallnate/once and jest-environment-jsdom by @​dependabot[bot] in peter-evans/create-pull-request#4323
• build(deps-dev): bump undici from 6.23.0 to 6.24.0 by @​dependabot[bot] in peter-evans/create-pull-request#4328
• build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in peter-evans/create-pull-request#4334
• build(deps): bump picomatch by @​dependabot[bot] in peter-evans/create-pull-request#4339
• build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @​dependabot[bot] in peter-evans/create-pull-request#4344
• build(deps-dev): bump the npm group with 3 updates by @​dependabot[bot] in peter-evans/create-pull-request#4349
• fix: retry post-creation API calls on 422 eventual consistency errors by @​peter-evans in peter-evans/create-pull-request#4356

Full Changelog: peter-evans/create-pull-request@v8.1.0...v8.1.1

Create Pull Request v8.1.0

What's Changed

• README.md: bump given GitHub actions to their latest versions by @​deining in peter-evans/create-pull-request#4265
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4273
• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4274
• build(deps-dev): bump undici from 6.22.0 to 6.23.0 by @​dependabot[bot] in peter-evans/create-pull-request#4284
• Update distribution by @​actions-bot in peter-evans/create-pull-request#4289
• fix: Handle remote prune failures gracefully on self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4295
• feat: add @​octokit/plugin-retry to handle retriable server errors by @​peter-evans in peter-evans/create-pull-request#4298

New Contributors

• @​deining made their first contribution in peter-evans/create-pull-request#4265

Full Changelog: peter-evans/create-pull-request@v8.0.0...v8.1.0

Create Pull Request v8.0.0

What's new in v8

• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

• chore: Update checkout action version to v6 by @​yonas in peter-evans/create-pull-request#4258
• Update actions/checkout references to @​v6 in docs by @​Copilot in peter-evans/create-pull-request#4259
• feat: v8 by @​peter-evans in peter-evans/create-pull-request#4260

New Contributors

• @​yonas made their first contribution in peter-evans/create-pull-request#4258
• @​Copilot made their first contribution in peter-evans/create-pull-request#4259

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

Commits

• 5f6978f fix: retry post-creation API calls on 422 eventual consistency errors (#4356)
• d32e88d build(deps-dev): bump the npm group with 3 updates (#4349)
• 8170bcc build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)
• 0041819 build(deps): bump picomatch (#4339)
• b993918 build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)
• 36d7c84 build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)
• a45d1fb build(deps): bump @​tootallnate/once and jest-environment-jsdom (#4323)
• 3499eb6 build(deps): bump the github-actions group with 2 updates (#4316)
• 3f3b473 build(deps): bump minimatch (#4311)
• 6699836 build(deps-dev): bump the npm group with 2 updates (#4305)
• Additional commits viewable in compare view

Updates actions/download-artifact from 7.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/login-action#976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970
• Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961
• Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979
• Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991
• Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits

• 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 99df1a3 chore: update generated content
• 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
• 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 4eefcd3 chore: update generated content
• 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
• e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 0bced94 chore: update generated content
• 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
• 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}