build(deps): bump actions/cache from 5.0.5 to 6.1.0#3864
Conversation
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.5 to 6.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@27d5ce7...55cc834) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
Reviewed the bump of actions/cache 5.0.5 → 6.1.0.
SHA pin verified. All six usages move from 27d5ce7f107fe9357f9df03efb73ab90386fccae to 55cc8345863c7cc4c66a329aec7e433d2d1c52a9, which matches the head of the v6.1.0 release (55cc834 Merge pull request #1768 from jasongin/readonly-cache). The pin is correct and consistent across ci.yml and windows-installer.yml.
No functional concerns. The 6.x line migrates the action to ESM internally and adds read-only-token handling for cache writes — neither affects how it's invoked here (path/key/id), and the FFTW3/Opus/hidapi/DeepFilterNet3/qtkeychain cache steps are unchanged in behavior.
One minor nit: the trailing comment still reads # v5 on all six lines, but the SHA now points at v6.1.0. Worth updating to # v6.1.0 (or # v6) so the pin and the human-readable tag don't drift — Dependabot occasionally leaves these stale. Not blocking.
Thanks @dependabot — looks good to merge once CI is green.
🤖 aethersdr-agent · cost: $1.3350 · model: claude-opus-4-8
ten9876
left a comment
There was a problem hiding this comment.
Approved. Verified the new SHA 55cc8345 is actions/cache v6.1.0 (the v6 tag points there). Major bump (v6.0.0 ESM migration + v6.1.0 read-only cache handling) but the action interface (path/key/restore-keys) is unchanged, and CI is green on all jobs that use it (build/macOS/Windows). Note: the inline # v5 comments are now stale (SHA is v6.1.0) — tracking a follow-up on whether to keep version comments at all. Thanks @dependabot.
…endabot drift) (#3867) ## Summary Drops the trailing `# vX` version comments from all SHA-pinned GitHub Actions and documents the SHA-only convention in `dependabot.yml`. ## Why Dependabot bumps a SHA-pinned action's commit SHA but **doesn't reliably keep the `# vX` comment in sync**. In #3864 it bumped `actions/cache` to the **v6.1.0** SHA while leaving the comment reading `# v5` — stale and misleading. Correcting these by hand on every major bump is recurring toil, and the comment is purely cosmetic (Dependabot resolves the version from the SHA, not the comment). ## What - Removed the trailing version comment from every SHA-pinned `uses:` line across 11 workflows (42 lines). **SHA pinning is unchanged** — same supply-chain guarantee; only the comment is gone. - Added a convention note to `.github/dependabot.yml` so contributors don't re-add comments. The version is still discoverable from Dependabot's PR title and the action repo. ## Non-functional Pins, `path`s, and `key`s are byte-identical — only comments removed. All workflow YAML re-validated as parsing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Bumps actions/cache from 5.0.5 to 6.1.0.
Release notes
Sourced from actions/cache's releases.
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
55cc834Merge pull request #1768 from jasongin/readonly-cached8cd72fBump@actions/cacheto v6.1.0 - handle cache write error due to RO token2c8a9bdMerge pull request #1760 from actions/samirat/esm_migration_and_package_updatee9b91fdPrettier fixese4884b8Rebuild dist10baf01Fixed licensese39b386Fix test mock return orderb692820PR feedback6074912Rebuild dist bundles as ESM to match type:module5a912e8Fix lint and jest issuesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)