chore(deps): bump actions/cache from 4.2.4 to 5.0.4 by dependabot[bot] · Pull Request #8071 · ReactiveX/RxJava
Conversation
Bumps actions/cache from 4.2.4 to 5.0.4.
Release notes
Sourced from actions/cache's releases.
v5.0.4
What's Changed
- Add release instructions and update maintainer docs by
@Link- in actions/cache#1696- Potential fix for code scanning alert no. 52: Workflow does not contain permissions by
@Link- in actions/cache#1697- Fix workflow permissions and cleanup workflow names / formatting by
@Link- in actions/cache#1699- docs: Update examples to use the latest version by
@XZTDeanin actions/cache#1690- Fix proxy integration tests by
@Link- in actions/cache#1701- Fix cache key in examples.md for bun.lock by
@RyPeckin actions/cache#1722- Update dependencies & patch security vulnerabilities by
@Link- in actions/cache#1738New Contributors
@XZTDeanmade their first contribution in actions/cache#1690@RyPeckmade their first contribution in actions/cache#1722Full Changelog: actions/cache@v5...v5.0.4
v5.0.3
What's Changed
- Bump
@actions/cacheto v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)- Bump
@actions/coreto v2.0.3Full Changelog: actions/cache@v5...v5.0.3
v.5.0.2
v5.0.2
What's Changed
When creating cache entries, 429s returned from the cache service will not be retried.
v5.0.1
[!IMPORTANT]
actions/cache@v5runs on the Node.js 24 runtime and requires a minimum Actions Runner version of2.327.1.If you are using self-hosted runners, ensure they are updated before upgrading.
v5.0.1
What's Changed
- fix: update
@actions/cachefor Node.js 24 punycode deprecation by@salmanmkcin actions/cache#1685- prepare release v5.0.1 by
@salmanmkcin actions/cache#1686v5.0.0
What's Changed
... (truncated)
Changelog
Sourced from actions/cache's changelog.
Releases
How to prepare a release
[!NOTE]
Relevant for maintainers with write access only.
- Switch to a new branch from
main.- Run
npm testto ensure all tests are passing.- Update the version in
https://github.com/actions/cache/blob/main/package.json.- Run
npm run buildto update the compiled files.- Update this
https://github.com/actions/cache/blob/main/RELEASES.mdwith the new version and changes in the## Changelogsection.- Run
licensed cacheto update the license report.- Run
licensed statusand resolve any warnings by updating thehttps://github.com/actions/cache/blob/main/.licensed.ymlfile with the exceptions.- Commit your changes and push your branch upstream.
- Open a pull request against
mainand get it reviewed and merged.- Draft a new release https://github.com/actions/cache/releases use the same version number used in
package.json
- Create a new tag with the version number.
- Auto generate release notes and update them to match the changes you made in
RELEASES.md.- Toggle the set as the latest release option.
- Publish the release.
- Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
- There should be a workflow run queued with the same version number.
- Approve the run to publish the new version and update the major tags for this action.
Changelog
5.0.4
- Bump
minimatchto v3.1.5 (fixes ReDoS via globstar patterns)- Bump
undicito v6.24.1 (WebSocket decompression bomb protection, header validation fixes)- Bump
fast-xml-parserto v5.5.65.0.3
- Bump
@actions/cacheto v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)- Bump
@actions/coreto v2.0.35.0.2
- Bump
@actions/cacheto v5.0.3 #16925.0.1
- Update
@azure/storage-blobto^12.29.1via@actions/cache@5.0.1#16855.0.0
[!IMPORTANT]
actions/cache@v5runs on the Node.js 24 runtime and requires a minimum Actions Runner version of2.327.1.
... (truncated)
Commits
6682284Merge pull request #1738 from actions/prepare-v5.0.4e340396Update RELEASES8a67110Add licenses1865903Update dependencies & patch security vulnerabilities5656298Merge pull request #1722 from RyPeck/patch-14e380d1Fix cache key in examples.md for bun.lockb7e8d49Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests984a21bAdd traffic sanity check stepacf2f1fFix resolution95a07c5Add wait for proxy- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
🐷 TruffleHog + Entropy Beauty Scan
Average entropy of changed code: 5.001 bits/char
Verdict: ⚠️ Consider review — entropy outside sweet spot
Changed files entropy:
✅ No secrets or suspicious high-entropy strings found.
Mid-4 beauty heuristic in action — powered by our entropy chats! 😊
🐷 TruffleHog + Entropy Beauty Scan
Average entropy of changed code: 5.001 bits/char
Verdict: ⚠️ Consider review — entropy outside sweet spot
Changed files entropy:
✅ No secrets or suspicious high-entropy strings found.
Mid-4 beauty heuristic in action — powered by our entropy chats! 😊
dependabot
bot
deleted the
dependabot/github_actions/actions/cache-5.0.4
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Labels
1 participant