Skip to content

Bump actions/download-artifact from 7 to 8#748

Merged
aobolensk merged 1 commit intomasterfrom
dependabot/github_actions/actions/download-artifact-8
Mar 6, 2026
Merged

Bump actions/download-artifact from 7 to 8#748
aobolensk merged 1 commit intomasterfrom
dependabot/github_actions/actions/download-artifact-8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 27, 2026

Bumps actions/download-artifact from 7 to 8.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • 96bf374 One more test fix
  • b8c4819 Fix skip decompress test
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump actions/download-artifact from 7 to 8
9e0dc4e 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 27, 2026
@dependabot dependabot bot requested a review from aobolensk as a code owner February 27, 2026 01:26
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 27, 2026
@dependabot dependabot bot requested a review from allnes as a code owner February 27, 2026 01:26
@dependabot dependabot bot added the github_actions Pull requests that update GitHub Actions code label Feb 27, 2026
@github-actions github-actions bot added the ci label Feb 27, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 27, 2026

Coverage report is available for download
here

@codecov
Copy link

codecov bot commented Feb 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.03%. Comparing base (7a44d91) to head (9e0dc4e).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #748   +/-   ##
=======================================
  Coverage   94.03%   94.03%           
=======================================
  Files          15       15           
  Lines         486      486           
  Branches      181      181           
=======================================
  Hits          457      457           
  Partials       29       29

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@aobolensk aobolensk merged commit 3f3009c into master Mar 6, 2026
65 checks passed
@aobolensk aobolensk deleted the dependabot/github_actions/actions/download-artifact-8 branch March 6, 2026 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aobolensk aobolensk Awaiting requested review from aobolensk aobolensk is a code owner

@allnes allnes Awaiting requested review from allnes allnes is a code owner

Assignees

No one assigned

Labels

ci dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aobolensk