chore(deps): bump actions/download-artifact from 4 to 8

[dependabot]

Bumps actions/download-artifact from 4 to 8.

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/download-artifact#440
• Download Artifact Node24 support by @​salmanmkc in actions/download-artifact#415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in actions/download-artifact#451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in actions/download-artifact#452

New Contributors

• @​patrikpolyak made their first contribution in actions/download-artifact#440
• @​salmanmkc made their first contribution in actions/download-artifact#415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

... (truncated)

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Greptile Summary

This PR is an automated Dependabot bump of actions/download-artifact from v4 to v8 across 8 GitHub Actions workflow files (11 individual step references). The upgrade spans three major versions, bringing Node.js 24 runtime support (v7) and stricter hash-mismatch enforcement that now errors by default instead of warning (v8).

• All 11 updated download-artifact steps run on GitHub-hosted runners (ubuntu-24.04, ubuntu-latest, windows-2025, or macos-*), so the v7 self-hosted-runner requirement (Actions Runner ≥ 2.327.1) does not affect this repo.
• The v8 hash-mismatch-error default is a security improvement; no workflow passes digest-mismatch: warn today, so behavior is unchanged for well-formed artifact uploads.
• scenario-matrix.yml does use [self-hosted, eliza-e2e-macos] runners for build jobs, but the download-artifact step lives in the separate aggregation job that runs on ubuntu-24.04.

Confidence Score: 5/5

Safe to merge — all affected jobs run on GitHub-hosted runners and the only behavioral change (hash-mismatch now errors) is a security hardening improvement.

All 11 download-artifact steps are in jobs that use GitHub-hosted runners, so the Node.js 24 runner-version prerequisite introduced in v7 is automatically satisfied. The v8 default of erroring on hash mismatches tightens security but does not change normal artifact flows. No workflow parameters need updating for compatibility.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/scenario-matrix.yml	Bumps download-artifact from v4 to v8 in the report/aggregation job (ubuntu-24.04), not on the self-hosted macOS runner legs.
.github/workflows/android-release.yml	Bumps download-artifact from v4 to v8 in a GitHub-hosted ubuntu-24.04 job; no self-hosted runner concerns.
.github/workflows/elizaos-os-full-release.yml	Four download-artifact usages updated to v8, all in GitHub-hosted ubuntu-latest jobs.
.github/workflows/release-electrobun.yml	Two download-artifact steps updated to v8; jobs use vars.RUNNER_UBUNTU defaulting to ubuntu-24.04 (GitHub-hosted).
.github/workflows/hetzner-e2e.yml	One download-artifact step bumped to v8 in a GitHub-hosted ubuntu-latest job.
.github/workflows/lifeops-bench-multi-tier.yml	Two download-artifact steps bumped to v8 in a GitHub-hosted ubuntu-24.04 job with continue-on-error guards.
.github/workflows/release-computeruse-npm.yaml	One download-artifact step bumped to v8 in a GitHub-hosted ubuntu-latest job.
.github/workflows/windows-store-release.yml	One download-artifact step bumped to v8 in a GitHub-hosted windows-2025 job.

_{Reviews (6): Last reviewed commit: "Merge branch 'develop' into dependabot/g..." | Re-trigger Greptile}

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large — SUMMARY.md missing

frontier — SUMMARY.md missing

Artifacts: lifeops-multi-tier-large-26185094012, lifeops-multi-tier-frontier-26185094012

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large — cancelled

frontier — cancelled

Artifacts: lifeops-multi-tier-large-26199749579, lifeops-multi-tier-frontier-26199749579

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: — Tiers requested:

large — cancelled

frontier — cancelled

Artifacts: lifeops-multi-tier-large-26200648956, lifeops-multi-tier-frontier-26200648956

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large

LifeOps Multi-Tier Benchmark

Tier: large
Suite: smoke

frontier

LifeOps Multi-Tier Benchmark

Tier: frontier
Suite: smoke

Artifacts: lifeops-multi-tier-large-26201253721, lifeops-multi-tier-frontier-26201253721