This commit addresses the documentation issue.
The discussion at #7018 has confirmed that it is undocumented that
the current behavior of `gh run download` with `-n` and no `run-id`
downloads the latest artifact.
Although the behavior has not been created intentionally, it is the one
that should be documented and the future releases should warn before
a breaking change.
Found with
rg '(^ | \t|\t )' -g '*.go' -g '!*_test.go'
Mixed indent exceptions:
- wrapped long list items with extra 2-space indent
- code snippets using space indent
- commented code lines having "\t*// \t+" prefix
To prevent zipslip, we verify that each extracted file would fall
strictly under the prefix of the path to extract to. However, this
yielded a false positive when extracting to `.`, which is the default
for downloading a single archive.
- With no arguments in TTY mode, prompt which artifacts to download
- Change `--pattern` argument to be just `--name` and only do exact
matching
- For multi-archive downloads, prefix the destination path with the name
of the artifact
- Add tests exercising HTTP functionality
- Avoid "zipslip" path injection when extracting ZIP files
- Add tests for ZIP extraction
