diff --git a/dist/index.js b/dist/index.js
index 631338b..0a2c2aa 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -2328,6 +2328,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.downloadArtifactInternal = exports.downloadArtifactPublic = exports.streamExtractExternal = void 0;
 const promises_1 = __importDefault(__nccwpck_require__(73292));
+const stream = __importStar(__nccwpck_require__(12781));
+const fs_1 = __nccwpck_require__(57147);
+const path = __importStar(__nccwpck_require__(71017));
 const github = __importStar(__nccwpck_require__(21260));
 const core = __importStar(__nccwpck_require__(42186));
 const httpClient = __importStar(__nccwpck_require__(96255));
@@ -2368,6 +2371,9 @@ function streamExtract(url, directory) {
                 return;
             }
             catch (error) {
+                if (error.message.includes('Malformed extraction path')) {
+                    throw new Error(`Artifact download failed with unretryable error: ${error.message}`);
+                }
                 retryCount++;
                 core.debug(`Failed to download artifact after ${retryCount} retries due to ${error.message}. Retrying in 5 seconds...`);
                 // wait 5 seconds before retrying
@@ -2390,6 +2396,8 @@ function streamExtractExternal(url, directory) {
                 response.message.destroy(new Error(`Blob storage chunk did not respond in ${timeout}ms`));
             };
             const timer = setTimeout(timerFn, timeout);
+            const createdDirectories = new Set();
+            createdDirectories.add(directory);
             response.message
                 .on('data', () => {
                 timer.refresh();
@@ -2399,11 +2407,47 @@ function streamExtractExternal(url, directory) {
                 clearTimeout(timer);
                 reject(error);
             })
-                .pipe(unzip_stream_1.default.Extract({ path: directory }))
-                .on('close', () => {
+                .pipe(unzip_stream_1.default.Parse())
+                .pipe(new stream.Transform({
+                objectMode: true,
+                transform: (entry, _, callback) => __awaiter(this, void 0, void 0, function* () {
+                    const fullPath = path.normalize(path.join(directory, entry.path));
+                    if (!directory.endsWith(path.sep)) {
+                        directory += path.sep;
+                    }
+                    if (!fullPath.startsWith(directory)) {
+                        reject(new Error(`Malformed extraction path: ${fullPath}`));
+                    }
+                    if (entry.type === 'Directory') {
+                        if (!createdDirectories.has(fullPath)) {
+                            createdDirectories.add(fullPath);
+                            yield resolveOrCreateDirectory(fullPath).then(() => {
+                                entry.autodrain();
+                                callback();
+                            });
+                        }
+                        else {
+                            entry.autodrain();
+                            callback();
+                        }
+                    }
+                    else {
+                        core.info(`Extracting artifact entry: ${fullPath}`);
+                        if (!createdDirectories.has(path.dirname(fullPath))) {
+                            createdDirectories.add(path.dirname(fullPath));
+                            yield resolveOrCreateDirectory(path.dirname(fullPath));
+                        }
+                        const writeStream = (0, fs_1.createWriteStream)(fullPath);
+                        writeStream.on('finish', callback);
+                        writeStream.on('error', reject);
+                        entry.pipe(writeStream);
+                    }
+                })
+            }))
+                .on('finish', () => __awaiter(this, void 0, void 0, function* () {
                 clearTimeout(timer);
                 resolve();
-            })
+            }))
                 .on('error', (error) => {
                 reject(error);
             });
@@ -99049,6 +99093,9 @@ function httpRedirectFetch (fetchParams, response) {
     // https://fetch.spec.whatwg.org/#cors-non-wildcard-request-header-name
     request.headersList.delete('authorization')
 
+    // https://fetch.spec.whatwg.org/#authentication-entries
+    request.headersList.delete('proxy-authorization', true)
+
     // "Cookie" and "Host" are forbidden request-headers, which undici doesn't implement.
     request.headersList.delete('cookie')
     request.headersList.delete('host')
@@ -125015,7 +125062,7 @@ exports.unescape = unescape;
 /***/ ((module) => {
 
 "use strict";
-module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.1","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^5.3.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
+module.exports = JSON.parse('{"name":"@actions/artifact","version":"2.1.4","preview":true,"description":"Actions artifact lib","keywords":["github","actions","artifact"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/artifact","license":"MIT","main":"lib/artifact.js","types":"lib/artifact.d.ts","directories":{"lib":"lib","test":"__tests__"},"files":["lib","!.DS_Store"],"publishConfig":{"access":"public"},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/artifact"},"scripts":{"audit-moderate":"npm install && npm audit --json --audit-level=moderate > audit.json","test":"cd ../../ && npm run test ./packages/artifact","bootstrap":"cd ../../ && npm run bootstrap","tsc-run":"tsc","tsc":"npm run bootstrap && npm run tsc-run","gen:docs":"typedoc --plugin typedoc-plugin-markdown --out docs/generated src/artifact.ts --githubPages false --readme none"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"dependencies":{"@actions/core":"^1.10.0","@actions/github":"^5.1.1","@actions/http-client":"^2.1.0","@azure/storage-blob":"^12.15.0","@octokit/core":"^3.5.1","@octokit/plugin-request-log":"^1.0.4","@octokit/plugin-retry":"^3.0.9","@octokit/request-error":"^5.0.0","@protobuf-ts/plugin":"^2.2.3-alpha.1","archiver":"^5.3.1","crypto":"^1.0.1","jwt-decode":"^3.1.2","twirp-ts":"^2.5.0","unzip-stream":"^0.3.1"},"devDependencies":{"@types/archiver":"^5.3.2","@types/unzip-stream":"^0.3.4","typedoc":"^0.25.4","typedoc-plugin-markdown":"^3.17.1","typescript":"^5.2.2"}}');
 
 /***/ }),
 
diff --git a/package-lock.json b/package-lock.json
index 7e299e4..4098c0e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
             "version": "4.1.0",
             "license": "MIT",
             "dependencies": {
-                "@actions/artifact": "^2.1.1",
+                "@actions/artifact": "^2.1.4",
                 "@actions/core": "^1.10.0",
                 "@actions/github": "^6.0.0",
                 "minimatch": "^9.0.3"
@@ -22,9 +22,9 @@
             }
         },
         "node_modules/@actions/artifact": {
-            "version": "2.1.1",
-            "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.1.tgz",
-            "integrity": "sha512-xVVwWhrRb4YLiTeYkNxctv9IhwIKUsLwIhqD9CKknXtQaqIksq5HttFN8wXQvMrpjQO4zGJf5xLUs6mKyfN4yQ==",
+            "version": "2.1.4",
+            "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-2.1.4.tgz",
+            "integrity": "sha512-nKgNduFA02drKt4rFqXsF6PjWmfKdxZDuWWdenoI1bBzgys3y8O7kw4gAS+gvLOT3EfsyV+mwTIisuXBjwQ3RA==",
             "dependencies": {
                 "@actions/core": "^1.10.0",
                 "@actions/github": "^5.1.1",
@@ -1431,9 +1431,9 @@
             }
         },
         "node_modules/undici": {
-            "version": "5.28.2",
-            "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.2.tgz",
-            "integrity": "sha512-wh1pHJHnUeQV5Xa8/kyQhO7WFa8M34l026L5P/+2TYiakvGy5Rdc8jWZVyG7ieht/0WgJLEd3kcU5gKx+6GC8w==",
+            "version": "5.28.3",
+            "resolved": "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz",
+            "integrity": "sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA==",
             "dependencies": {
                 "@fastify/busboy": "^2.0.0"
             },
diff --git a/package.json b/package.json
index 307a079..4fb7ce0 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
         "url": "https://github.com/geekyeggo/delete-artifact"
     },
     "dependencies": {
-        "@actions/artifact": "^2.1.1",
+        "@actions/artifact": "^2.1.4",
         "@actions/core": "^1.10.0",
         "@actions/github": "^6.0.0",
         "minimatch": "^9.0.3"