Bump actions/cache from 4.2.3 to 5.0.4 in the github-actions-dependencies group

[dependabot]

Bumps the github-actions-dependencies group with 1 update: actions/cache.

Updates actions/cache from 4.2.3 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

---

v5.0.1

What's Changed

• fix: update @​actions/cache for Node.js 24 punycode deprecation by @​salmanmkc in actions/cache#1685
• prepare release v5.0.1 by @​salmanmkc in actions/cache#1686

v5.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
• 984a21b Add traffic sanity check step
• acf2f1f Fix resolution
• 95a07c5 Add wait for proxy
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[ViktorHofer]

/evaluate

[github-actions]

Skill Validation Results

Skill	Scenario	Quality	Skills Loaded	Overfit	Verdict
dotnet-pinvoke	Generate LibraryImport declaration from C header (.NET 8+)	5.0/5 → 5.0/5	✅ dotnet-pinvoke; tools: skill	✅ 0.09	❌ [1]
dotnet-pinvoke	Generate LibraryImport declaration from C header (.NET Framework)	5.0/5 → 5.0/5	✅ dotnet-pinvoke; tools: skill	✅ 0.09	❌ [2]
nuget-trusted-publishing	Set up trusted publishing for a new NuGet library	3.0/5 → 4.0/5 🟢	✅ nuget-trusted-publishing; tools: skill	✅ 0.12	✅
nuget-trusted-publishing	Set up NuGet publishing without mentioning trusted publishing	3.0/5 → 5.0/5 🟢	✅ nuget-trusted-publishing; tools: skill, view / ✅ nuget-trusted-publishing; tools: skill, glob, view	✅ 0.12	✅
nuget-trusted-publishing	Migrate existing workflow from API key to trusted publishing	3.0/5 → 4.0/5 🟢	✅ nuget-trusted-publishing; tools: skill, view	✅ 0.12	✅
csharp-scripts	Test a C# language feature with a script	3.0/5 → 5.0/5 🟢	✅ csharp-scripts; tools: skill, create, edit / ✅ csharp-scripts; tools: skill, create	🟡 0.33	✅
dotnet-aot-compat	Make Azure.ResourceManager AOT-compatible	1.0/5 ⏰ → 3.0/5 ⏰ 🟢	✅ dotnet-aot-compat; tools: skill, edit, read_agent, create, list_agents / ✅ dotnet-aot-compat; tools: skill, edit	—	✅
migrate-nullable-references	Enable NRT in a small library with mixed nullability	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-nullable-references; tools: skill, bash / ✅ migrate-nullable-references; tools: skill	—	❌ [3]
migrate-nullable-references	File-by-file migration: only modify the targeted file	5.0/5 → 5.0/5	⚠️ NOT ACTIVATED	—	❌
migrate-nullable-references	Enable NRT in ASP.NET Core Web API with EF Core	3.0/5 → 3.0/5 ⏰	⚠️ NOT ACTIVATED / ✅ migrate-nullable-references; tools: skill	—	❌ [4]
migrate-dotnet10-to-dotnet11	Console app with compression and TAR operations	3.0/5 ⏰ → 5.0/5 🟢	✅ migrate-dotnet10-to-dotnet11; tools: skill	✅ 0.05	❌
migrate-dotnet10-to-dotnet11	C# 15 compiler breaking changes — Span safe-context, nameof, with()	3.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill, view / ✅ migrate-dotnet10-to-dotnet11; tools: skill	✅ 0.05	❌
migrate-dotnet10-to-dotnet11	EF Core app with Cosmos DB provider using sync APIs	1.0/5 ⏰ → 5.0/5 🟢	✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill, view / ✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill	✅ 0.05	❌ [5]
migrate-dotnet10-to-dotnet11	Deployment to older hardware with minimum requirement changes	1.0/5 ⏰ → 3.0/5 🟢	✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill, view	✅ 0.05	✅
migrate-dotnet10-to-dotnet11	Cryptography app using DSA on macOS	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill / ⚠️ NOT ACTIVATED	✅ 0.05	✅
migrate-dotnet10-to-dotnet11	Basic TFM update with Docker and global.json	3.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet10-to-dotnet11; tools: skill	✅ 0.05	❌
migrate-dotnet10-to-dotnet11	C# 15 dynamic operator and ref readonly delegate issues	3.0/5 → 5.0/5 🟢	✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill, view / ✅ migrate-dotnet10-to-dotnet11; tools: report_intent, skill	✅ 0.05	❌
migrate-dotnet8-to-dotnet9	App with empty environment variables, ZIP encoding, and keyed DI services	2.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	C# 13 compiler breaking changes — InlineArray on record, iterator safe context, collection expressions	3.0/5 → 1.0/5 ⏰ 🔴	ℹ️ not activated (expected) / ✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	ASP.NET Core app with DI validation, forwarded headers, and HttpClientFactory casting	3.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	EF Core app with migration patterns and Cosmos DB discriminator	1.0/5 ⏰ → 3.0/5 🟢	✅ migrate-dotnet8-to-dotnet9; tools: skill, bash, edit / ✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌ [6]
migrate-dotnet8-to-dotnet9	EF Core Cosmos DB app with existing documents and composite id format	4.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	App with JsonDocument null deserialization and BinaryFormatter fallback	5.0/5 → 5.0/5	✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	CI pipeline with Terminal Logger parsing and version constraints	3.0/5 → 2.0/5 🔴	ℹ️ not activated (expected) / ✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	WinForms app with custom UserControls and PictureBox URL loading	3.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	Containerized app with zlib dependency and runtime configuration	4.0/5 → 1.0/5 ⏰ 🔴	ℹ️ not activated (expected) / ✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	EF Core Cosmos DB app with discriminator and sync I/O	2.0/5 ⏰ → 5.0/5 🟢	✅ migrate-dotnet8-to-dotnet9; tools: skill, bash / ✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet8-to-dotnet9	Library with String.Trim span overload, keyed services, and InlineArray	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet8-to-dotnet9; tools: skill, bash	—	❌ [7]
migrate-dotnet8-to-dotnet9	Containerized app with env var precedence reversal and zlib removal	5.0/5 → 1.0/5 ⏰ 🔴	ℹ️ not activated (expected) / ✅ migrate-dotnet8-to-dotnet9; tools: skill	—	❌
migrate-dotnet9-to-dotnet10	Console app with System.Linq.Async, SIGTERM, and BufferedStream	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet9-to-dotnet10; tools: skill / ✅ migrate-dotnet9-to-dotnet10; tools: skill, view	—	✅
migrate-dotnet9-to-dotnet10	Expression tree code broken by C# 14 span overload resolution	5.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view	—	❌
migrate-dotnet9-to-dotnet10	ASP.NET Core app with WebHostBuilder, OpenAPI, and forwarded headers	4.0/5 → 4.0/5	✅ migrate-dotnet9-to-dotnet10; tools: skill, report_intent, view	—	❌
migrate-dotnet9-to-dotnet10	ASP.NET Core app with OpenAPI transformers using Microsoft.OpenApi v1 APIs	3.0/5 → 5.0/5 🟢	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view / ✅ migrate-dotnet9-to-dotnet10; tools: skill, report_intent, view	—	❌ [8]
migrate-dotnet9-to-dotnet10	EF Core app with Azure SQL JSON columns and parameterized collections	1.0/5 ⏰ → 3.0/5 🟢	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view	—	❌ [9]
migrate-dotnet9-to-dotnet10	EF Core app with dynamic ExecuteUpdate and complex types	5.0/5 → 5.0/5	✅ migrate-dotnet9-to-dotnet10; tools: skill, view	—	❌
migrate-dotnet9-to-dotnet10	SQLite app with DateTimeOffset timezone handling	5.0/5 → 3.0/5 🔴	✅ migrate-dotnet9-to-dotnet10; tools: skill, view, grep / ✅ migrate-dotnet9-to-dotnet10; tools: skill, view	—	❌
migrate-dotnet9-to-dotnet10	Worker service with config null array binding and ProviderAlias assembly change	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet9-to-dotnet10; tools: skill, view	—	❌ [10]
migrate-dotnet9-to-dotnet10	Cryptography app with OpenSSL, X.509, and Rfc2898DeriveBytes	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill	—	❌ [11]
migrate-dotnet9-to-dotnet10	SDK and NuGet obscure tooling changes	5.0/5 → 4.0/5 🔴	✅ migrate-dotnet9-to-dotnet10; tools: skill, view / ✅ migrate-dotnet9-to-dotnet10; tools: skill	—	❌
migrate-dotnet9-to-dotnet10	JSON polymorphism with conflicting property names and XmlSerializer	3.0/5 → 5.0/5 🟢	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view / ⚠️ NOT ACTIVATED	—	❌
migrate-dotnet9-to-dotnet10	WinForms and WPF desktop app with System.Drawing and DynamicResource	2.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill	—	❌
migrate-dotnet9-to-dotnet10	Containerized single-file app with P/Invoke and IDispatchEx	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill	—	❌ [12]
migrate-dotnet9-to-dotnet10	App using SslStream properties and SystemEvents	3.0/5 → 1.0/5 ⏰ 🔴	✅ migrate-dotnet9-to-dotnet10; tools: skill	—	❌
migrate-dotnet9-to-dotnet10	Library with NuGet auditing, transitive deps, and InlineArray	1.0/5 ⏰ → 5.0/5 🟢	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view / ✅ migrate-dotnet9-to-dotnet10; tools: skill	—	❌ [13]
migrate-dotnet9-to-dotnet10	C# 14 compiler breaking changes — field keyword, extension keyword, disposal	1.0/5 ⏰ → 5.0/5 🟢	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view / ✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill	—	❌ [14]
migrate-dotnet9-to-dotnet10	Blazor WASM app with generic math shift masking and tar operations	1.0/5 ⏰ → 1.0/5 ⏰	✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill / ✅ migrate-dotnet9-to-dotnet10; tools: report_intent, skill, view	—	❌ [15]
thread-abort-migration	Worker thread with abort-based cancellation	1.0/5 ⏰ → 1.0/5 ⏰	✅ thread-abort-migration; tools: skill / ⚠️ NOT ACTIVATED	—	❌ [16]
thread-abort-migration	Timeout enforcement via Thread.Abort	4.0/5 → 5.0/5 🟢	✅ thread-abort-migration; tools: skill	—	❌
thread-abort-migration	Blocking WaitHandle with Thread.Interrupt	1.0/5 ⏰ → 4.0/5 🟢	✅ thread-abort-migration; tools: skill / ⚠️ NOT ACTIVATED	—	✅
thread-abort-migration	ASP.NET Response.End and Response.Redirect with Thread.Abort	4.0/5 → 1.0/5 ⏰ 🔴	✅ thread-abort-migration; tools: skill / ✅ thread-abort-migration; tools: report_intent, skill	—	❌
thread-abort-migration	Thread.Join and Thread.Sleep only — should not migrate	4.0/5 → 5.0/5 🟢	⚠️ NOT ACTIVATED	—	✅

[1] (Plugin) Quality unchanged but weighted score is -8.9% due to: tokens (24510 → 51101), tool calls (2 → 4), time (15.8s → 24.7s)
[2] (Isolated) Quality unchanged but weighted score is -7.3% due to: tokens (25068 → 51108), tool calls (2 → 3), time (22.0s → 31.3s)
[3] (Isolated) Quality unchanged but weighted score is -7.5% due to: tokens (11898 → 34184), tool calls (2 → 5)
[4] (Isolated) Quality unchanged but weighted score is -59.7% due to: judgment, quality, errors (0 → 1), time (101.0s → 300.3s)
[5] (Plugin) Quality unchanged but weighted score is -7.5% due to: tokens (187 → 13921), tool calls (0 → 2)
[6] (Plugin) Quality unchanged but weighted score is -7.0% due to: tokens (12142 → 34080), tool calls (5 → 9)
[7] (Isolated) Quality unchanged but weighted score is -5.5% due to: tokens (12104 → 30557), tool calls (5 → 6)
[8] (Isolated) Quality improved but weighted score is -1.1% due to: tokens (16862 → 63548), tool calls (0 → 4)
[9] (Plugin) Quality unchanged but weighted score is -7.5% due to: tokens (102 → 33981), tool calls (0 → 4)
[10] (Isolated) Quality unchanged but weighted score is -5.6% due to: tokens (12386 → 32506), tool calls (4 → 5)
[11] (Isolated) Quality unchanged but weighted score is -7.5% due to: tokens (150 → 12785), tool calls (0 → 2)
[12] (Isolated) Quality unchanged but weighted score is -7.5% due to: tokens (199 → 12896), tool calls (0 → 2)
[13] (Plugin) Quality unchanged but weighted score is -22.7% due to: judgment, tokens (122 → 13766), quality, tool calls (0 → 1)
[14] (Plugin) Quality unchanged but weighted score is -7.5% due to: tokens (259 → 14012), tool calls (0 → 2)
[15] (Isolated) Quality unchanged but weighted score is -7.5% due to: tokens (236 → 12910), tool calls (0 → 2)
[16] (Isolated) Quality unchanged but weighted score is -22.7% due to: judgment, tokens (308 → 12723), quality, tool calls (0 → 1)

⏰ timeout — run(s) hit the (120s, 180s, 240s, 300s, 420s, 1050s) scenario timeout limit; scoring may be impacted by aborting model execution before it could produce its full output (increase via timeout in eval.yaml)

Model: claude-opus-4.6 | Judge: claude-opus-4.6

🔍 Full Results - additional metrics and failure investigation steps