Skip to content

Bump actions/cache from 4 to 5#2

Closed
dependabot[bot] wants to merge 27 commits intodevelopfrom
dependabot/github_actions/actions/cache-5
Closed

Bump actions/cache from 4 to 5#2
dependabot[bot] wants to merge 27 commits intodevelopfrom
dependabot/github_actions/actions/cache-5

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps actions/cache from 4 to 5.

Release notes

Sourced from actions/cache's releases.

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

  • Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

Full Changelog: actions/cache@v4.2.2...v4.2.3

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

peters and others added 27 commits March 2, 2026 11:10
@peters
Initial implementation of Surge C++20 application update framework
cf547b9 
Surge is a full C++20 rewrite of Snapx that drops NuGet packaging in favor
of direct cloud storage (S3, Azure Blob, GCS, filesystem), produces native
binaries with zero runtime dependency, and provides a thin .NET NuGet wrapper
via P/Invoke for updating .NET applications.

Components:
- libsurge: Core shared library with C API (surge_api.h)
- surge CLI: pack, push, promote, demote, list, restore, lock, migrate, init
- surge-supervisor: Process supervisor with auto-restart
- Surge.NET: Zero-dependency .NET wrapper (netstandard2.0 + net8.0 AOT)

Key features:
- YAML manifest format (simplified from snapx)
- Cloud storage backends: S3 (SigV4), Azure Blob (SharedKey), GCS (OAuth2/HMAC), filesystem
- tar.zst archives via libarchive (replaces nupkg)
- Binary delta updates via vendored bsdiff
- 6-phase weighted progress reporting
- Resource budget planner for constrained devices
- Distributed locking via snapx.dev API
- snapx migration command (surge migrate --from-snapx)
@peters
Simplify CI to .NET job for initial validation
8e17b8c
@peters
Restore C++ CI jobs with manual vcpkg bootstrap
4e1d9ec
@peters
CI: Use runner-provided vcpkg and separate jobs
dd89007
@peters
Add missing libdivsufsort pkgconfig directory
513d71d
@peters
Fix header/implementation mismatches and add dependabot config
9291203 
Align all 16 .cpp files with their corresponding .hpp headers:
- archive: Fix method signatures, return types (void with exceptions)
- storage: Restructure all 4 backends to match header class declarations
- releases: Fix struct field names, function signatures
- update/pack/lock: Align constructors and method signatures with headers
- supervisor: Match class-based API from headers
- diff: Rename functions to match header declarations

Also add dependabot.yml for NuGet and GitHub Actions updates.
@peters
Fix yaml-cpp const iterator binding in release_manifest
14061ea
@peters
Fix undeclared SURGE_OK/SURGE_ERROR in supervisor.cpp
ae08bf9
@peters
Fix test compilation: missing includes, span conversion, SHA-256 vector
db6930c
@peters
Add convenience put_object overload to MockStorageBackend
eb7259c
@peters
Add code quality tooling: clang-format, clang-tidy, warnings-as-errors
ba96fe6 
- .clang-format: Google-based style with 4-space indent, 120 col limit
- .clang-tidy: Comprehensive checks with bugprone/performance as errors
- CMake: -Wall -Wextra -Wpedantic -Werror (GCC/Clang), /W4 /WX (MSVC)
- CMake: Optional SURGE_ENABLE_CLANG_TIDY integration
- .NET: TreatWarningsAsErrors + EnforceCodeStyleInBuild via Directory.Build.props
- CI: dotnet format --verify-no-changes, clang-format check on PRs
- CLAUDE.md: Agent instructions for development conventions
- Fix all .NET analyzer warnings (CA1310, CA1806, CA1513, IL3000, CA2101)
@peters
Disable warnings-as-errors for vendored bsdiff/bzip2/libdivsufsort
9c827bf
@peters
Fix unused function warnings in surge_api.cpp and download_manager.cpp
9a01d3c
@peters
CI: Add vcpkg binary cache for faster C++ builds
5028416
@peters
Restore const overload of to_info in surge_api.cpp
fd32f3f
@peters
Remove unused non-const to_info overload
892d19c
@peters
Fix bsdiff C struct zero-init and unused format_size warning
12f25d3
@peters
Fix remaining unused variable/function warnings
23e9baf
@peters
Fix missing field initializer in test_archive PackerOptions
1a8a8d3
@peters
Fix remaining PackerOptions missing field initializers in tests
059627e
@peters
Fix linker errors: move CLI commands to surge exe, fix test warnings
745636f
@peters
Remove global hidden visibility to fix CLI linking against surge_core
e2598b3
@peters
Fix all 23 failing tests: archive zstd filter, bsdiff use-after-free,…
6d25e2a 
… manifest camelCase

- archive/packer: Accept ARCHIVE_WARN from zstd filter, use NULL filter name for options
- diff/bsdiff_wrapper: Rewrite cleanup to match snapx pattern - read buffer before
  closing packer to prevent use-after-free segfaults, never double-close patchfile
- config/manifest: Support both camelCase and snake_case YAML field names
  (supervisorId/supervisor_id, installDirectory/install_directory, persistentAssets)
- api/surge_api: Add null check for working_dir in surge_supervisor_start
- tests/test_archive: Fix progress callback assertions for unknown total
@peters
Fix last 3 test failures: supervisor exe check, manifest validation, …
2a23e86 
…simplify anchor test
@peters
Fix last test failure, suppress all vendor warnings
fd09afe 
- Fix ParseInvalidYaml test: use plain string (not a YAML mapping) which
  triggers our root-node-is-not-a-map validation
- Suppress ALL warnings (-w) for vendored bsdiff/bzip2/libdivsufsort code
  to keep build output clean
@peters
Apply clang-format to all C++ source files, add Windows + macOS CI
0eca773
@dependabot
Bump actions/cache from 4 to 5
4c03dff 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 2, 2026
@dependabot dependabot bot added the github_actions Pull requests that update GitHub Actions code label Mar 2, 2026
@peters peters closed this Mar 2, 2026
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 2, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/github_actions/actions/cache-5 branch March 2, 2026 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peters