chore(deps): bump actions/cache from 5 to 6#150
Conversation
Bumps [actions/cache](https://github.com/actions/cache) from 5 to 6. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v5...v6) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
FrancesCoronel
left a comment
There was a problem hiding this comment.
This is a major version bump (actions/cache 5 → 6), so flagging for manual review before merge per policy.
Worth noting: the changelog references two past security fixes bundled into the version history (not new advisories against this release) — minimatch bumped to fix a ReDoS via globstar patterns, and undici bumped for WebSocket decompression-bomb protection. v6.0.0 also migrates the action to ESM, which is a notable internal change even though the action's inputs/outputs are unchanged. No open deprecation warnings noted.
Generated by Claude Code
|
This is a major version bump for Note: the changelog for versions leading up to v6 includes fixes for a ReDoS vulnerability in Generated by Claude Code |
Dependabot PR ReviewSummary: Major version bump — CI Status
Not auto-approving/enabling auto-merge given the major version bump and the failing security-audit gate. Recommend manual review. Generated by Claude Code |
Dependabot PR ReviewSummary:
|
Dependabot PR ReviewSummary:
Release notes just say "migrate to ESM" internally — no documented breaking changes to the action's inputs/outputs. Should be a drop-in replacement for this repo's usage. CI StatusAlso not clean: Not approving or enabling auto-merge — requesting manual review given the major version bump, though this one looks low-risk. Generated by Claude Code |
📸 Visual snapshotsScreenshots captured for this PR — view all artifacts.
|
Bumps actions/cache from 5 to 6.
Release notes
Sourced from actions/cache's releases.
... (truncated)
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
55cc834Merge pull request #1768 from jasongin/readonly-cached8cd72fBump@actions/cacheto v6.1.0 - handle cache write error due to RO token2c8a9bdMerge pull request #1760 from actions/samirat/esm_migration_and_package_updatee9b91fdPrettier fixese4884b8Rebuild dist10baf01Fixed licensese39b386Fix test mock return orderb692820PR feedback6074912Rebuild dist bundles as ESM to match type:module5a912e8Fix lint and jest issuesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)