-
-
Notifications
You must be signed in to change notification settings - Fork 272
Bump actions/download-artifact from 7 to 8#341
Conversation
Bumps actions/download-artifact from 7 to 8.
Release notes
Sourced from actions/download-artifact's releases.
v8.0.0
v8 - What's new
Direct downloads
To support direct uploads in
actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks theContent-Typeheader ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the newskip-decompressparameter tofalse.Enforced checks (breaking)
A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the
digest-mismatchparameter. To be secure by default, we are now defaulting the behavior toerrorwhich will fail the workflow run.ESM
To support new versions of the @actions/* packages, we've upgraded the package to ESM.
What's Changed
- Don't attempt to un-zip non-zipped downloads by
@ danwkennedyin actions/download-artifact#460- Add a setting to specify what to do on hash mismatch and default it to
errorby@ danwkennedyin actions/download-artifact#461Full Changelog: actions/download-artifact@v7...v8.0.0
Commits
70fc10cMerge pull request #461 from actions/danwkennedy/digest-mismatch-behaviorf258da9Add change docsccc058eFix linting issuesbd7976bAdd a setting to specify what to do on hash mismatch and default it toerrorac21fcfMerge pull request #460 from actions/danwkennedy/download-no-unzip15999bfAdd note about package bumps974686eBump the version tov8and add release notesfbe48b1Update test names to make it clearer what they do96bf374One more test fixb8c4819Fix skip decompress test- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot showwill show all of the ignore conditions of the specified dependencyignore conditions @dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v7...v8)
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot]
|
Hi @dependabot[bot], Gan Xie Ni De Gong Xian !Ni De PR Dang Qian Ji Yu |