chore(deps): update actions/download-artifact action to v8#2164
Merged
Conversation
renovate
Bot
requested review from
dhoard,
fstab,
jaydeluca and
zeitlinger
as code owners
renovate
Bot
force-pushed
the
renovate/major-github-artifact-actions
branch
from
27e78a5 to
26f0299
Compare
zeitlinger
approved these changes
Jun 1, 2026
jaydeluca
pushed a commit
that referenced
this pull request
Jun 4, 2026
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | major | `v7.0.0` → `v8.0.1` | --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v8.0.1`](https://redirect.github.com/actions/download-artifact/releases/tag/v8.0.1) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v8...v8.0.1) ##### What's Changed - Support for CJK characters in the artifact name by [@​danwkennedy](https://redirect.github.com/danwkennedy) in [#​471](https://redirect.github.com/actions/download-artifact/pull/471) - Add a regression test for artifact name + content-type mismatches by [@​danwkennedy](https://redirect.github.com/danwkennedy) in [#​472](https://redirect.github.com/actions/download-artifact/pull/472) **Full Changelog**: <actions/download-artifact@v8...v8.0.1> ### [`v8.0.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v8.0.0) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v8...v8) ##### v8 - What's new ##### Direct downloads To support direct uploads in `actions/upload-artifact`, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the `Content-Type` header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new `skip-decompress` parameter to `false`. ##### Enforced checks (breaking) A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the `digest-mismatch` parameter. To be secure by default, we are now defaulting the behavior to `error` which will fail the workflow run. ##### ESM To support new versions of the @​actions/\* packages, we've upgraded the package to ESM. ##### What's Changed - Don't attempt to un-zip non-zipped downloads by [@​danwkennedy](https://redirect.github.com/danwkennedy) in [#​460](https://redirect.github.com/actions/download-artifact/pull/460) - Add a setting to specify what to do on hash mismatch and default it to `error` by [@​danwkennedy](https://redirect.github.com/danwkennedy) in [#​461](https://redirect.github.com/actions/download-artifact/pull/461) **Full Changelog**: <actions/download-artifact@v7...v8.0.0> ### [`v8`](https://redirect.github.com/actions/download-artifact/compare/v7...v8) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v7.0.0...v8) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/prometheus/client_java). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwMi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Jay DeLuca <jaydeluca4@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v7.0.0→v8.0.1Release Notes
actions/download-artifact (actions/download-artifact)
v8.0.1Compare Source
What's Changed
Full Changelog: actions/download-artifact@v8...v8.0.1
v8.0.0Compare Source
v8 - What's new
Direct downloads
To support direct uploads in
actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks theContent-Typeheader ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the newskip-decompressparameter tofalse.Enforced checks (breaking)
A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the
digest-mismatchparameter. To be secure by default, we are now defaulting the behavior toerrorwhich will fail the workflow run.ESM
To support new versions of the @actions/* packages, we've upgraded the package to ESM.
What's Changed
errorby @danwkennedy in #461Full Changelog: actions/download-artifact@v7...v8.0.0
v8Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.