chore(deps): update github actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	patch	v5.0.1 → v5.0.5
actions/checkout	action	patch	v6.0.1 → v6.0.3
actions/setup-python	action	minor	v6.1.0 → v6.2.0
nick-fields/assert-action	action	pin	v2 → v2.0.0

---

Release Notes

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

actions/setup-python (actions/setup-python)

v6.2.0

Compare Source

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • "after 7am every weekday,before 8pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

See all code changes, issues, and quality metrics in one place.

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Post-upgrade command 'pre-commit autoupdate --freeze || true' has not been added to the allowed list in allowedCommands

[sonarqubecloud]

Quality Gate failed

Failed conditions
2 New issues

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[sonar-review-alpha]

Summary

This PR updates multiple GitHub Actions dependencies, not just actions/cache. The actual changes include:

• actions/checkout: v6.0.1 → v6.0.2 (updated in 7 workflow files)
• actions/setup-python: v6.1.0 → v6.2.0
• actions/cache: v5.0.1 → v5.0.5 (both restore and save steps)

The PR description mentions only actions/cache at v5.0.2, but the actual changes show v5.0.5. This appears to be a Renovate-generated dependency update that includes more actions than initially documented.

What reviewers should know

What to check:

• Verify the version bumps are appropriate (patch/minor versions are generally safe, but review release notes if concerned)
• The changes are mechanical—only version pins and hashes change, no logic modifications
• All updates are in workflow files and the action's action.yml entry point

Gotchas:

• Discrepancy between PR title ("v5.0.2") and actual cache version updated (v5.0.5)—confirm this matches your update policy
• Checkout update appears 7 times across workflows; ensure consistent version pinning

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

Mechanically clean update — SHA pins are consistent across all files, version comments match their pins, and actions/cache/restore and actions/cache/save correctly share the same SHA. No logic or behaviour changes.

However, the PR title and Renovate-generated description are factually wrong in two ways that warrant confirmation before merging.

🗣️ Give feedback

[sonarqubecloud]

Quality Gate failed

Failed conditions
2 New issues

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE