Bump actions/download-artifact from 7 to 8 in /.github/workflows by dependabot[bot] · Pull Request #3544 · github/codeql-action (original) (raw)
Bumps actions/download-artifact from 7 to 8.
Release notes
Sourced from actions/download-artifact's releases.
v8.0.0
v8 - What's new
Direct downloads
To support direct uploads in
actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks theContent-Typeheader ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the newskip-decompressparameter tofalse.Enforced checks (breaking)
A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the
digest-mismatchparameter. To be secure by default, we are now defaulting the behavior toerrorwhich will fail the workflow run.ESM
To support new versions of the @actions/* packages, we've upgraded the package to ESM.
What's Changed
- Don't attempt to un-zip non-zipped downloads by @danwkennedy in actions/download-artifact#460
- Add a setting to specify what to do on hash mismatch and default it to
errorby @danwkennedy in actions/download-artifact#461Full Changelog: actions/download-artifact@v7...v8.0.0
Commits
- 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
- f258da9 Add change docs
- ccc058e Fix linting issues
- bd7976b Add a setting to specify what to do on hash mismatch and default it to
error - ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
- 15999bf Add note about package bumps
- 974686e Bump the version to
v8and add release notes - fbe48b1 Update test names to make it clearer what they do
- 96bf374 One more test fix
- b8c4819 Fix skip decompress test
- Additional commits viewable in compare view
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions |
|---|---|
| actions/download-artifact | [>= 4.a, < 5] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)