Bump actions/download-artifact from 3 to 4

[dependabot[bot]]

Bumps actions/download-artifact from 3 to 4.

Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @​actions/artifact documentation.

New Contributors

• @​bflad made their first contribution in actions/download-artifact#194

Full Changelog: https://github.com/actions/download-artifact/compare/v3...v4.0.0

v3.0.2

• Bump @actions/artifact to v1.1.1 - actions/download-artifact#195
• Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278

v3.0.1

• Bump @​actions/core to 1.10.0

Commits

• 7a1cd32 Merge pull request #246 from actions/v4-beta
• 8f32874 licensed cache
• b5ff844 Merge pull request #245 from actions/robherley/v4-documentation
• f07a0f7 Update README.md
• 7226129 update test workflow to use different artifact names for matrix
• ada9446 update docs and bump @​actions/artifact
• 7eafc8b Merge pull request #244 from actions/robherley/bump-toolkit
• 3132d12 consume latest toolkit
• 5be1d38 Merge pull request #243 from actions/robherley/v4-beta-updates
• 465b526 consume latest @​actions/toolkit
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mwtoews]

This upgrade will need more attention due to the new error:

No input name specified, downloading all artifacts. Extra directory with the artifact name will be created for each download
Found 0 artifact(s)
Error: Unable to download artifact(s): No artifacts found for run '7242291618' in 'Toblerity/rtree'

[adamjstewart]

Should we pin to 4.1.0 instead of 4? Might be more stable that way.

[mwtoews]

Specifying @v4 implies the latest release of the major v4.x series, so it will use v4.1.0 or later, but not v5.x. That's why the PR didn't work at first, because v4.0.0 was the latest at the time. Breaking changes shouldn't happen along minor releases, thus I don't see any strong reason to pin to a minor version.

[adamjstewart]

They shouldn't, but they often do. GitHub Actions recommends being as specific as possible, especially for third party actions. I usually compromise and pin to vX.Y.Z and let dependabot manage the rest. But up to you.