chore(deps): update actions/cache action to v5.0.4

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
actions/cache	action	patch	v5.0.1 → v5.0.4	v5.0.5

---

Release Notes

actions/cache (actions/cache)

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This update brings actions/cache from v5.0.1 to v5.0.4, encompassing three patch releases:

v5.0.2 (January 16, 2026)

• Improved rate limiting handling: 429 (Too Many Requests) responses from the cache service are no longer retried when creating cache entries
• Enhances stability during high-demand periods

v5.0.3 (January 29, 2026)

• Security fix: Bumped @actions/cache dependency to v5.0.5 (resolves Dependabot security alert Update module golang.org/x/term to v0.9.0 #33)
• Dependency update: Bumped @actions/core to v2.0.3
• Patch release focused on security vulnerability remediation

v5.0.4 (March 18, 2026)

• Documentation improvements and example updates
• Security fix: Addressed code scanning alert Update module golang.org/x/term to v0.27.0 #52 regarding missing workflow permissions
• Workflow permission corrections and naming standardization
• Bug fixes: Proxy integration tests repaired, bun.lock cache key configuration corrected
• Dependency updates and security vulnerability patches

Breaking Changes: None identified across all three releases. All changes are backward-compatible patch updates.

🎯 Impact Scope Investigation

Usage Location: The actions/cache action is used in a single location:

• .github/actions/setup/action.yml:10 - Custom composite action used across multiple workflows

Workflows Using the Setup Action (6 total):

• .github/workflows/ci.yml - Test, Build, and Lint jobs
• .github/workflows/update-demo.yml
• .github/workflows/release-please.yml
• .github/workflows/update-docs.yml

Current Configuration:

- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
  with:
    path: |
      ~/.cache/go-build
      ~/go/pkg/mod
    key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
    restore-keys: |
      ${{ runner.os }}-go-

API Compatibility: The action's inputs (path, key, restore-keys) remain unchanged. No modifications to the cache configuration are required.

Dependency Impact: This is a GitHub Actions dependency update only - it does not affect Go dependencies or the gat application itself.

💡 Recommended Actions

Immediate Actions:

1. ✅ Safe to merge immediately - This is a backward-compatible patch update with security improvements
2. No code modifications required
3. No configuration changes needed

Post-Merge Verification:

1. Monitor the CI workflow runs to ensure cache operations continue functioning normally
2. Verify cache hit rates remain consistent in CI jobs (test, build, lint)

Benefits of Merging:

• Resolves security vulnerability (Dependabot alert Update module golang.org/x/term to v0.9.0 #33)
• Improves rate limiting behavior (prevents excessive retries on 429 errors)
• Updates to latest stable patch version with bug fixes and security patches

🔗 Reference Links

• v5.0.4 Release Notes
• v5.0.3 Release Notes
• v5.0.2 Release Notes
• Full Changelog v5.0.1...v5.0.4
• Actions Cache Repository

Generated by koki-develop/claude-renovate-review