chore(deps): bump actions/download-artifact from 7 to 8#12796
Merged
Conversation
Member
|
@dependabot rebase |
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
4e57579 to
6842f5b
Compare
BagToad
approved these changes
Mar 2, 2026
Member
BagToad
left a comment
There was a problem hiding this comment.
Companion to upload-artifact v7. Handles direct downloads and defaults digest-mismatch to error for stricter security. CI green.
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Mar 24, 2026
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.87.3` → `v2.88.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.88.1`](https://github.com/cli/cli/releases/tag/v2.88.1): GitHub CLI 2.88.1 [Compare Source](cli/cli@v2.88.0...v2.88.1) #### Fix `pr` commands failing with `read:project` scope error v2.88.0 introduced a regression where `pr` commands would fail with the error: ``` error: your authentication token is missing required scopes [read:project] To request it, run: gh auth refresh -s read:project ``` Previously, missing read:project scope was gracefully handled, and project data was silently skipped. A change inadvertently broke the error matching that enabled this graceful degradation. v2.88.1 reverts these changes so that `pr` commands work correctly without requiring the `read:project` scope. #### What's Changed - Migrate Windows code signing from client secret to OIDC by [@​BagToad](https://github.com/BagToad) in [#​12911](cli/cli#12911) - Revert "refactor: deduplicate scope error handling between api/client.go and project queries" by [@​williammartin](https://github.com/williammartin) in [#​12914](cli/cli#12914) - Revert "fix: clarify scope error while creating issues for projects" by [@​williammartin](https://github.com/williammartin) in [#​12915](cli/cli#12915) **Full Changelog**: <cli/cli@v2.88.0...v2.88.1> ### [`v2.88.0`](https://github.com/cli/cli/releases/tag/v2.88.0): GitHub CLI 2.88.0 [Compare Source](cli/cli@v2.87.3...v2.88.0) ####Request Copilot Code Review from `gh` <img width="80%" height="80%" alt="image" src="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://github.com/user-attachments/assets/c9b86700-5934-44b6-9210-227495a18d8e">https://github.com/user-attachments/assets/c9b86700-5934-44b6-9210-227495a18d8e" /> `gh pr create` and `gh pr edit` now support [Copilot Code Review](https://docs.github.com/en/copilot/using-github-copilot/code-review/using-copilot-code-review) as a reviewer. Request a review with `--add-reviewer @​copilot`, or select Copilot interactively from the searchable reviewer prompt. Create a pull request and request review from Copilot: ``` gh pr create --reviewer @​copilot ``` Edit a pull request and request review from Copilot: ``` gh pr edit --add-reviewer @​copilot ``` #### Close issues as duplicates with `gh issue close --duplicate-of` You can now close issues as duplicates and link to a duplicate issue directly from the CLI. The new `--duplicate-of` flag accepts an issue number or URL and marks the closed issue as a duplicate of the referenced one. You can also use `--reason duplicate` to set the close reason without linking a specific issue. ``` # Close as duplicate, linking to the original issue gh issue close 123 --duplicate-of 456 # Close with duplicate reason only gh issue close 123 --reason duplicate ``` #### JSON support for `gh agent-task` `gh agent-task list` and `gh agent-task view` now support `--json`, `--jq`, and `--template` flags, consistent with other `gh` commands. ``` gh agent-task list --json id,name,state gh agent-task view <id> --json state --jq '.state' ``` #### What's Changed ##### ✨ Features - `gh pr create`: login-based reviewer requests and search-based interactive selection by [@​BagToad](https://github.com/BagToad) in [#​12627](cli/cli#12627) - `gh pr view` and `gh issue view`: show friendly display names for all actors by [@​BagToad](https://github.com/BagToad) in [#​12854](cli/cli#12854) - `gh issue close`: add `--duplicate-of` flag and duplicate reason by [@​tksohishi](https://github.com/tksohishi) in [#​12811](cli/cli#12811) - `gh pr diff`: add `--exclude` flag to filter files from diff output by [@​yuvrajangadsingh](https://github.com/yuvrajangadsingh) in [#​12655](cli/cli#12655) - `gh pr view/list`: add `changeType` field to files JSON output by [@​yuvrajangadsingh](https://github.com/yuvrajangadsingh) in [#​12657](cli/cli#12657) - `gh repo clone`: add `--no-upstream` flag by [@​4RH1T3CT0R7](https://github.com/4RH1T3CT0R7) in [#​12686](cli/cli#12686) - `gh repo edit`: add `--squash-merge-commit-message` flag by [@​yuvrajangadsingh](https://github.com/yuvrajangadsingh) in [#​12846](cli/cli#12846) - `gh browse`: add `--blame` flag by [@​masonmcelvain](https://github.com/masonmcelvain) in [#​11486](cli/cli#11486) - `gh agent-task list`: add `--json` support by [@​maxbeizer](https://github.com/maxbeizer) in [#​12806](cli/cli#12806) - `gh agent-task view`: add `--json` support by [@​maxbeizer](https://github.com/maxbeizer) in [#​12807](cli/cli#12807) - `gh copilot`: set `COPILOT_GH` env var when launching Copilot CLI by [@​devm33](https://github.com/devm33) in [#​12821](cli/cli#12821) ##### 🐛 Fixes - Fix `gh project item-edit` error when editing Draft Issue with only one (`--title`/`--body`) flag by [@​ManManavadaria](https://github.com/ManManavadaria) in [#​12787](cli/cli#12787) - Fix extension install error message showing raw struct instead of `owner/repo` by [@​Copilot](https://github.com/Copilot) in [#​12836](cli/cli#12836) - Fix incorrect integer conversion from int to uint16 in port forwarder by [@​BagToad](https://github.com/BagToad) in [#​12831](cli/cli#12831) - Fix invalid ANSI SGR escape code in JSON and diff colorization by [@​BagToad](https://github.com/BagToad) in [#​12720](cli/cli#12720) - Fix assignees `databaseId` always being `0` in `--json` output by [@​srt32](https://github.com/srt32) in [#​12783](cli/cli#12783) - Fix error when `--remote` flag used with repo argument by [@​majiayu000](https://github.com/majiayu000) in [#​12375](cli/cli#12375) - Fix redundant API call in `gh issue view --comments` by [@​VishnuVV27](https://github.com/VishnuVV27) in [#​12652](cli/cli#12652) - Clarify scope error while creating issues for projects by [@​elijahthis](https://github.com/elijahthis) in [#​12596](cli/cli#12596) - Reject pull request-only search qualifiers in `gh issue list` by [@​LouisLau-art](https://github.com/LouisLau-art) in [#​12623](cli/cli#12623) - Prevent `.git/config` corruption on repeated `issue develop --name` invocation by [@​gunadhya](https://github.com/gunadhya) in [#​12651](cli/cli#12651) - Use pre-compiled regexp for matching Content-Type by [@​itchyny](https://github.com/itchyny) in [#​12781](cli/cli#12781) - Isolate generated licenses per platform (os/arch) by [@​babakks](https://github.com/babakks) in [#​12774](cli/cli#12774) ##### 📚 Docs & Chores - Add examples to `gh issue close` help text by [@​BagToad](https://github.com/BagToad) in [#​12830](cli/cli#12830) - Customizable install `prefix` in Makefile by [@​scarf005](https://github.com/scarf005) in [#​11714](cli/cli#11714) - Deduplicate scope error handling between `api/client.go` and project queries by [@​yuvrajangadsingh](https://github.com/yuvrajangadsingh) in [#​12845](cli/cli#12845) - Remove unnecessary `StateReason` and `StateReasonDuplicate` feature detection by [@​BagToad](https://github.com/BagToad) in [#​12838](cli/cli#12838) - Update Go version requirement to 1.26+ by [@​BagToad](https://github.com/BagToad) in [#​12864](cli/cli#12864) - Add monthly pitch surfacing workflow by [@​tidy-dev](https://github.com/tidy-dev) in [#​12894](cli/cli#12894) #####
Dependencies - Bump Go from 1.25.7 to 1.26.1 by [@​BagToad](https://github.com/BagToad) in [#​12860](cli/cli#12860) - chore(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12886](cli/cli#12886) - chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12851](cli/cli#12851) - chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.2.0+incompatible by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12842](cli/cli#12842) - chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.1 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12759](cli/cli#12759) - chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12760](cli/cli#12760) - chore(deps): bump actions/upload-artifact from 6 to 7 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12797](cli/cli#12797) - chore(deps): bump actions/download-artifact from 7 to 8 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12796](cli/cli#12796) - chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12795](cli/cli#12795) - chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.13 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12615](cli/cli#12615) #### New Contributors - [@​srt32](https://github.com/srt32) made their first contribution in [#​12783](cli/cli#12783) - [@​itchyny](https://github.com/itchyny) made their first contribution in [#​12781](cli/cli#12781) - [@​VishnuVV27](https://github.com/VishnuVV27) made their first contribution in [#​12652](cli/cli#12652) - [@​elijahthis](https://github.com/elijahthis) made their first contribution in [#​12596](cli/cli#12596) - [@​ManManavadaria](https://github.com/ManManavadaria) made their first contribution in [#​12787](cli/cli#12787) - [@​maxbeizer](https://github.com/maxbeizer) made their first contribution in [#​12806](cli/cli#12806) - [@​LouisLau-art](https://github.com/LouisLau-art) made their first contribution in [#​12623](cli/cli#12623) - [@​4RH1T3CT0R7](https://github.com/4RH1T3CT0R7) made their first contribution in [#​12686](cli/cli#12686) - [@​yuvrajangadsingh](https://github.com/yuvrajangadsingh) made their first contribution in [#​12657](cli/cli#12657) - [@​masonmcelvain](https://github.com/masonmcelvain) made their first contribution in [#​11486](cli/cli#11486) - [@​scarf005](https://github.com/scarf005) made their first contribution in [#​11714](cli/cli#11714) - [@​tksohishi](https://github.com/tksohishi) made their first contribution in [#​12811](cli/cli#12811) - [@​tidy-dev](https://github.com/tidy-dev) made their first contribution in [#​12894](cli/cli#12894) **Full Changelog**: <cli/cli@v2.87.3...v2.88.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42MS43IiwidXBkYXRlZEluVmVyIjoiNDMuNjQuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6Om1pbm9yIl19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/download-artifact from 7 to 8.
Release notes
Sourced from actions/download-artifact's releases.
Commits
70fc10cMerge pull request #461 from actions/danwkennedy/digest-mismatch-behaviorf258da9Add change docsccc058eFix linting issuesbd7976bAdd a setting to specify what to do on hash mismatch and default it toerrorac21fcfMerge pull request #460 from actions/danwkennedy/download-no-unzip15999bfAdd note about package bumps974686eBump the version tov8and add release notesfbe48b1Update test names to make it clearer what they do96bf374One more test fixb8c4819Fix skip decompress testDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)