Skip to content

chore(deps): update pin digests (major)#350

Merged
dawsontoth merged 1 commit intomainfrom
renovate/major-all-digests
Apr 16, 2026
Merged

chore(deps): update pin digests (major)#350
dawsontoth merged 1 commit intomainfrom
renovate/major-all-digests

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Apr 14, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/download-artifact action major v4.3.0v8.0.1
docker/metadata-action action major v5.10.0v6.0.0
slackapi/slack-github-action action major v2.1.1v3.0.1

Release Notes

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new
Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@​v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed
New Contributors

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/download-artifact@v5...v6.0.0

v5.0.0

Compare Source

What's Changed

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

  • By name: name: my-artifact → extracted to path/ (direct)
  • By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

  • By name: name: my-artifact → extracted to path/ (unchanged)
  • By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)
Migration Guide
✅ No Action Needed If:
  • You download artifacts by name
  • You download multiple artifacts by ID
  • You already use merge-multiple: true as a workaround
⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist

### Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

- uses: actions/download-artifact@v5
  with:
    artifact-ids: 12345
    path: dist/my-artifact  # Explicitly specify the nested path

New Contributors

Full Changelog: actions/download-artifact@v4...v5.0.0

docker/metadata-action (docker/metadata-action)

v6.0.0

Compare Source

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

slackapi/slack-github-action (slackapi/slack-github-action)

v3.0.1: Slack GitHub Action v3.0.1

Compare Source

What's Changed

Alongside the breaking changes of @v3.0.0 and a new technique to run Slack CLI commands, we tried the wrong name to publish to the GitHub Marketplace 🐙 This action is now noted as The Slack GitHub Action in listings 🎶 ✨

🎨 Maintenance

Full Changelog: slackapi/slack-github-action@v3.0.0...v3.0.1

v3.0.0: Slack GitHub Action v3.0.0

Compare Source

The @v3.0.0 release had a hiccup on publish and we recommend using @​v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:

$ slack auth token
🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest

- name: Validate the manifest
  uses: slackapi/slack-github-action/cli@v3.0.0
  with:
    command: "manifest validate --app ${{ vars.SLACK_APP_ID }}"
    token: ${{ secrets.SLACK_SERVICE_TOKEN }}
🚀 Deploy your app on push to main

Automate deployments whenever changes land on your main branch:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/deploy-an-app

- name: Deploy the app
  uses: slackapi/slack-github-action/cli@v3.0.0
  with:
    command: "deploy --app ${{ vars.SLACK_APP_ID }} --force"
    token: ${{ secrets.SLACK_SERVICE_TOKEN }}

Any Slack CLI command can be passed through the command option without the "slack" prefix 🍀

The token input accepts a service token for authentication. You can gather this token by running slack auth token with the Slack CLI and storing the value as a repository secret.

The latest Slack CLI version is used by default, but a specific one can be set with the version input.

🏆 Huge thanks to @​ewanek1 for explorations and prototypes toward the scripted CLI technique!

For full documentation on the CLI technique, check out the docs and explore the related pages 📚

What's Changed

👾 Enhancements
📚 Documentation
🧰 Maintenance
🎁 Dependencies

👋 New Contributors

Full Changelog: slackapi/slack-github-action@v2.1.1...v3.0.0

Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "before 9am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from a team as code owners April 14, 2026 19:05
dawsontoth
dawsontoth approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dawsontoth dawsontoth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked through the changelogs, and it seems to be mostly "breaking" by dropping < node 24 support

@renovate renovate bot force-pushed the renovate/major-all-digests branch 8 times, most recently from 06e9c22 to 70893fa Compare April 14, 2026 21:54
@renovate renovate bot force-pushed the renovate/major-all-digests branch from 70893fa to 391d109 Compare April 16, 2026 02:11
@dawsontoth dawsontoth merged commit cd3aadc into main Apr 16, 2026
40 of 44 checks passed
@dawsontoth dawsontoth deleted the renovate/major-all-digests branch April 16, 2026 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dawsontoth dawsontoth dawsontoth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dawsontoth