This is an automated email from the ASF dual-hosted git repository.
kou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new 3ff230c534 MINOR: [CI] Bump actions/download-artifact from 7 to 8
(#49431)
3ff230c534 is described below
commit 3ff230c5345b086179397c2b608776f3dd62b0d7
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Mar 3 09:46:31 2026 +0900
MINOR: [CI] Bump actions/download-artifact from 7 to 8 (#49431)
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact) from
7 to 8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases";>actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0</h2>
<h2>v8 - What's new</h2>
<h3>Direct downloads</h3>
<p>To support direct uploads in <code>actions/upload-artifact</code>, the
action will no longer attempt to unzip all downloaded files. Instead, the
action checks the <code>Content-Type</code> header ahead of unzipping and skips
non-zipped files. Callers wishing to download a zipped file as-is can also set
the new <code>skip-decompress</code> parameter to <code>false</code>.</p>
<h3>Enforced checks (breaking)</h3>
<p>A previous release introduced digest checks on the download. If a
download hash didn't match the expected hash from the server, the action would
log a warning. Callers can now configure the behavior on mismatch with the
<code>digest-mismatch</code> parameter. To be secure by default, we are now
defaulting the behavior to <code>error</code> which will fail the workflow
run.</p>
<h3>ESM</h3>
<p>To support new versions of the @ actions/* packages, we've upgraded the
package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Don't attempt to un-zip non-zipped downloads by <a
href="https://github.com/danwkennedy";><code>@danwkennedy</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/460";>actions/download-artifact#460</a></li>
<li>Add a setting to specify what to do on hash mismatch and default it to
<code>error</code> by <a
href="https://github.com/danwkennedy";><code>@danwkennedy</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/461";>actions/download-artifact#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v7...v8.0.0";>https://github.com/actions/download-artifact/compare/v7...v8.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3";><code>70fc10c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/461";>#461</a>
from actions/danwkennedy/digest-mismatch-behavior</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62";><code>f258da9</code></a>
Add change docs</li>
<li><a
href="https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c";><code>ccc058e</code></a>
Fix linting issues</li>
<li><a
href="https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd";><code>bd7976b</code></a>
Add a setting to specify what to do on hash mismatch and default it to
<code>error</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c";><code>ac21fcf</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/460";>#460</a>
from actions/danwkennedy/download-no-unzip</li>
<li><a
href="https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0";><code>15999bf</code></a>
Add note about package bumps</li>
<li><a
href="https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561";><code>974686e</code></a>
Bump the version to <code>v8</code> and add release notes</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75";><code>fbe48b1</code></a>
Update test names to make it clearer what they do</li>
<li><a
href="https://github.com/actions/download-artifact/commit/96bf374a614d4360e225874c3efd6893a3f285e7";><code>96bf374</code></a>
One more test fix</li>
<li><a
href="https://github.com/actions/download-artifact/commit/b8c4819ef592cbe04fd93534534b38f853864332";><code>b8c4819</code></a>
Fix skip decompress test</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/v7...v8";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting `@
dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@ dependabot rebase` will rebase this PR
- `@ dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `@ dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `@ dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `@ dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `@ dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Sutou Kouhei <[email protected]>
---
.github/workflows/cpp_extra.yml | 4 ++--
.github/workflows/r.yml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/cpp_extra.yml b/.github/workflows/cpp_extra.yml
index 6a68185989..abe2aeb687 100644
--- a/.github/workflows/cpp_extra.yml
+++ b/.github/workflows/cpp_extra.yml
@@ -578,7 +578,7 @@ jobs:
if: github.event_name == 'schedule' && github.repository == 'apache/arrow'
steps:
- name: Download the artifacts
- uses: actions/download-artifact@v7
+ uses: actions/download-artifact@v8
with:
name: flight-sql-odbc-msi-installer
- name: Prepare ODBC installer for sync
@@ -632,7 +632,7 @@ jobs:
fetch-depth: 0
submodules: recursive
- name: Download the artifacts
- uses: actions/download-artifact@v7
+ uses: actions/download-artifact@v8
with:
name: flight-sql-odbc-msi-installer
- name: Wait for creating GitHub Release
diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml
index 950d191945..fc78d60401 100644
--- a/.github/workflows/r.yml
+++ b/.github/workflows/r.yml
@@ -279,7 +279,7 @@ jobs:
echo "$HOME/.local/bin" >> $GITHUB_PATH
- run: mkdir r/windows
- name: Download artifacts
- uses: actions/download-artifact@v7
+ uses: actions/download-artifact@v8
with:
name: libarrow-rtools40-ucrt64.zip
path: r/windows
