ci(deps): bump actions/download-artifact from 7 to 8

[dependabot]

Bumps actions/download-artifact from 7 to 8.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• 96bf374 One more test fix
• b8c4819 Fix skip decompress test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 🤖 Continuous Integration

Wonderful, this rule succeeded.

• all of:
  • check-success = build
  • check-success = lint
  • check-success = test
  • any of:
    • check-success = test-broken-links
    • label = ignore-broken-links
  • any of:
    • check-success=Cloudflare Pages
    • -head-repo-full-name~=^Mergifyio/

🟢 👀 Review Requirements

Wonderful, this rule succeeded.

• any of:
  • author = dependabot[bot]
  • #approved-reviews-by >= 2
  • author = mergify-ci-bot

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 🔎 Reviews

Wonderful, this rule succeeded.

• #changes-requested-reviews-by = 0
• #review-requested = 0
• #review-threads-unresolved = 0

🟢 📕 PR description

Wonderful, this rule succeeded.

• body ~= (?ms:.{48,})

[mergify]

Merge Queue Status

Rule: automated updates

---

• ✅ Entered queue — 2026-02-27 07:06 UTC
• ✅ Checks passed · on draft merge queue: embarking main (88dd569) and [#10378 + #10377 + #10379 + #10380] together #10382
• ✅ Merged — 2026-02-27 08:00 UTC · at 0538d64087147f0e092b8446b2af5750533baaf1

This pull request spent 53 minutes 52 seconds in the queue, including 2 minutes 41 seconds running CI.

Required conditions to merge

• schedule=Mon-Fri 09:00-17:00[Europe/Paris]
• all of [🛡 Merge Protections rule Enforce conventional commit]:
  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:
    • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
    • ci(deps): bump actions/download-artifact from 7 to 8 #10377
    • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
    • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
• all of [🛡 Merge Protections rule 👀 Review Requirements]:
  • any of:
    • author = dependabot[bot]
      • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
      • ci(deps): bump actions/download-artifact from 7 to 8 #10377
      • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
      • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
    • #approved-reviews-by >= 2
      • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
      • ci(deps): bump actions/download-artifact from 7 to 8 #10377
      • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
      • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
    • author = mergify-ci-bot
      • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
      • ci(deps): bump actions/download-artifact from 7 to 8 #10377
      • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
      • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
• all of [🛡 Merge Protections rule 📕 PR description]:
  • body ~= (?ms:.{48,})
    • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
    • ci(deps): bump actions/download-artifact from 7 to 8 #10377
    • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
    • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
• all of [🛡 Merge Protections rule 🔎 Reviews]:
  • #changes-requested-reviews-by = 0
    • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
    • ci(deps): bump actions/download-artifact from 7 to 8 #10377
    • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
    • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
  • #review-requested = 0
    • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
    • ci(deps): bump actions/download-artifact from 7 to 8 #10377
    • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
    • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
  • #review-threads-unresolved = 0
    • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
    • ci(deps): bump actions/download-artifact from 7 to 8 #10377
    • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
    • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
• all of [🛡 Merge Protections rule 🤖 Continuous Integration]:
  • all of:
    • check-success = build
    • check-success = lint
    • check-success = test
    • any of:
      • check-success = test-broken-links
      • label = ignore-broken-links
        • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
        • ci(deps): bump actions/download-artifact from 7 to 8 #10377
        • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
        • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380
    • any of:
      • check-success=Cloudflare Pages
      • -head-repo-full-name~=^Mergifyio/
        • ci(deps): bump actions/upload-artifact from 6 to 7 #10378
        • ci(deps): bump actions/download-artifact from 7 to 8 #10377
        • chore(deps): bump fast-xml-parser from 5.3.9 to 5.4.1 #10379
        • chore(deps): bump make-asynchronous from 1.0.1 to 1.1.0 #10380