Skip to content

Bump actions/cache from 4 to 5#1

Closed
dependabot[bot] wants to merge 62 commits into
mainfrom
dependabot/github_actions/actions/cache-5
Closed

Bump actions/cache from 4 to 5#1
dependabot[bot] wants to merge 62 commits into
mainfrom
dependabot/github_actions/actions/cache-5

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jan 18, 2026

Bumps actions/cache from 4 to 5.

Release notes

Sourced from actions/cache's releases.

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

  • Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

Full Changelog: actions/cache@v4.2.2...v4.2.3

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

... (truncated)

Commits
  • 8b402f5 Merge pull request #1692 from GhadimiR/main
  • 304ab5a license for httpclient
  • 609fc19 Update licensed record for cache
  • b22231e Build
  • 93150cd Add PR link to releases
  • 9b8ca9f Bump actions/cache to 5.0.3
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@raghubetina
Initial commit
fc237ff
@raghubetina
Add todo list app with Turbo broadcasts
8a54cf0 
Implement a simple todo app demonstrating Turbo 8's
broadcasts_refreshes_to for real-time updates with View
Transitions API animations.

- Devise authentication for users
- List and Item models with nested resources
- Bootstrap 5 styling via CDN
- View Transitions for item add/remove animations
- Turbo morphing with scroll preservation
@raghubetina
Preserve item form during Turbo morphs
aad069e 
Prevents form input from being cleared when another user's
broadcast triggers a page morph.
@raghubetina
Clear item form after submission via Stimulus
439fa3e 
data-turbo-permanent preserves the form during morphs but
also blocks Turbo Stream replacements. Use client-side reset
on turbo:submit-end to clear input after successful submit.
@raghubetina
Add inline validation and proper HTTP status codes
295ddf9 
- Display validation errors via Turbo Stream updates
- Use 303 status for all non-GET redirects per Turbo guidelines
- Replace reset_form_controller with form_controller that
  only clears on success and toggles validation classes
- Add title presence validation to Item model
@raghubetina
Document Turbo Refresh + View Transitions journey
915f214 
Blog post covering the implementation challenges and solutions
for real-time updates with smooth animations, including:
- broadcasts_refreshes_to for WebSocket updates
- View Transitions API for enter/exit animations
- data-turbo-permanent for form protection
- Request-id deduplication behavior
- Stimulus for conditional form clearing
@raghubetina
Replace Stimulus with broadcast-only form protection
e6ef284 
Use custom data-turbo-broadcast-refresh-permanent attribute to protect
forms during broadcast morphs while allowing navigation morphs through.
This eliminates the need for Stimulus to clear forms after submission.

- Add turbo:before-stream-render listener to detect broadcast refreshes
- Block turbo:before-morph-element only during broadcasts
- Move validation errors inline in form partial
- Remove Stimulus form controller and separate errors partial
- Update journey.md with final solution documentation
@raghubetina
Fix validation error input width in input-groups
3c88660 
Rails wraps fields with errors in a div.field_with_errors wrapper,
which breaks Bootstrap's input-group flexbox layout. Fixed by making
the wrapper a flex container that grows to fill available space.
@raghubetina
Remove non-viable conditional data-turbo-permanent step
18a8b63
@raghubetina
Document request_id: nil alternative in journey.md
d19c7f1 
Add appendix explaining how turbo_stream.refresh(request_id: nil)
can bypass request-id deduplication, while noting that the redirect
approach remains the preferred solution for its simplicity and
standard Rails conventions.
@raghubetina
Rename attribute to data-turbo-stream-refresh-permanent
0615d6a 
More accurate name: describes the mechanism (stream-delivered refresh)
rather than assuming a use case (broadcasts).
@raghubetina
Clean up journey.md for consistency
7ff7b21 
- Remove Devise from tech stack (not needed for demo)
- Use 'stream-delivered refresh' consistently instead of 'broadcast'
- Simplify form example to match actual implementation
@raghubetina
Document edit form protection in journey.md
27b880c 
Add section showing how the same data-turbo-stream-refresh-permanent
pattern works for inline edit forms.
@raghubetina
Add cheatsheet and document highlight animation fix
124e87f 
- Add cheatsheet.md with step-by-step implementation guide
- Document why background-color doesn't work for highlights
- Use box-shadow for visible highlight animations
- Add jQuery timing defaults reference
@raghubetina
Use btn-group for item action buttons
eb1e9d8 
Replace single delete button with Done/Undo, Edit, Delete btn-group.
Use link_to with data-turbo-method for proper btn-group styling.
@raghubetina
Update documentation with final implementation details
ee8938e 
- Use flash animations (box-shadow) instead of slide animations
- Document that deletes are excluded by default due to visual issues
- Add section about btn-group requiring link_to instead of button_to
- Add turbo_prefetch tip for preventing hover flash on links
- Update CSS examples to match actual implementation
- Fix incorrect claim about item-* wildcard selector
@raghubetina
Document broadcast flash feature for protected forms
6fa7909 
Add documentation for the new feature that flashes protected edit forms
when broadcasts arrive from other users. This signals "data changed
elsewhere" without losing form state.

Key additions:
- recentlySubmitted flag to distinguish submitter from other clients
- data-view-transition-animation-class attribute for configurable flash
- .flash-yellow CSS class
- Updated Quick Reference table
- New troubleshooting section
@raghubetina
Add per-element animation classes via data-view-transition-class
10bb6ec 
Allows elements to specify their own View Transition animation class,
overriding the default green/yellow flash. Uses View Transitions Level 2
view-transition-class property (Baseline Newly Available Oct 2025).

Usage:
  <div data-view-transition-id="item-1"
       data-view-transition-class="slide-in">

CSS targeting:
  ::view-transition-new(*.slide-in):only-child {
    animation: slide-in 400ms ease-in-out;
  }
@raghubetina
Update docs for class-based animation approach
8e74c6c 
Replace View Transitions API documentation with simpler CSS
class-based animation approach. Document form protection,
delete animations, and content comparison strategies.
@raghubetina
Simplify change detection with data-turbo-refresh-version
a76d989 
Replace data-turbo-refresh-content (field-by-field comparison) with
data-turbo-refresh-version (timestamp-based comparison using updated_at).

- Update library to use version comparison
- Update happy_refresh app to use class-based animations
- Add turbo-refresh-animations as separate library package
- Update all documentation
@raghubetina
Simplify library to work with just id attributes
2fe2dc1 
Major simplification:
- Use id attribute by default (no data-turbo-refresh-id needed)
- Default animation classes: turbo-refresh-enter/update/exit
- Track page state to skip animations on initial navigation
- Use Idiomorph events for update/delete detection
- Use DOM comparison for create detection (same-page only)

Minimal setup is now just:
  <div id="<%= dom_id(item) %>">content</div>
@raghubetina
Update library with opt-in animations and form protection
b939b29 
- Change from automatic (all IDs) to opt-in via data-turbo-refresh-animate
- Add data-turbo-stream-refresh-permanent for form protection during broadcasts
- Add data-turbo-refresh-version for change detection on protected elements
- Preserve non-blank inputs during navigation
- Allow submitted forms to clear while protecting others
- Simplify CSS to just the three core animation classes
- Update README with accurate documentation
@raghubetina
Clarify broadcast protection as general-purpose with form conveniences
2651671
@raghubetina
Rename library files to avoid asset path conflicts
a78d5bb
@raghubetina
Update importmap for renamed library file
8892682
@raghubetina
Revert "Update importmap for renamed library file"
c490990 
This reverts commit 8892682.
@raghubetina
Animate deletions before morph, simplify default styles
0908b0b 
JS changes:
- Use event.preventDefault() + event.detail.resume() to animate
  deletions before morphing prevents position jumping
- Rename turbo-refresh-update to turbo-refresh-change
- Fix version comparison for protected element detection

CSS changes:
- Simplify to background-color fades with CSS variable overrides
- Enter: green 1.2s, Exit: red 0.6s fade, Change: yellow 1.2s
@raghubetina
Update README for turbo-refresh-change and CSS variables
5865ad3
@raghubetina
Add per-animation opt-out with data-turbo-refresh-{type}="none"
a1e2837
@raghubetina
Use inherit for background-color end state, update README
87b356e 
- CSS: Use inherit instead of transparent so animations work on
  elements with background colors
- README: Add opt-out documentation and box-shadow glow examples
raghubetina and others added 22 commits January 17, 2026 15:05
@raghubetina
Preserve protected elements on same-URL refreshes
c2474ef
@raghubetina
Fix permanent protection on page refresh
c549d56
@raghubetina
Compute animations via signature diff
d92485e
@raghubetina
Scope permanent protection to page refresh render
0a48119
@raghubetina
Use ::after overlay for glow effects
ced5c45 
Safer approach that doesn't overwrite element's own box-shadow or z-index.
Elements only get position: relative for overlay positioning.
@raghubetina
Simplify default animations and animation selection API
75bf824 
CSS:
- Replace complex ::after glow overlays with simple fade in/out
- Change animation uses yellow background flash
- Much simpler CSS (42 lines vs 103)

JS:
- Replace data-turbo-refresh-{type}-off attributes with
  data-turbo-refresh-animate="enter,exit,change" syntax
- Empty value still enables all animations

README:
- Update CSS variables documentation
- Document new animation selection syntax
- Remove redundant fade example (now the default)
@raghubetina
Fix data-turbo-refresh-animate parsing
3841ada
@raghubetina
Avoid repeated protected flashes
c220ab8
@raghubetina
Guard against double installs
ca80890
@raghubetina
Clear pending visit state after render
43ef1fc
@raghubetina
Handle same-page links inside protected elements
1140ec2
@raghubetina
Match Turbo refresh detection
5e0da9e
@raghubetina
Handle transition-based exit animations
7e58e1a
@raghubetina
Avoid scanning all ids on refresh
a899d4b
@raghubetina
Track permanent initiators by element
9358b12
@raghubetina
Remove redundant delete handling
44a49e5
@raghubetina
Compute protected flashes during morph
6a415c8
@raghubetina
Handle transition-property: all exits
c75e1b4
@raghubetina
Avoid forcing replace for anchor links
023e51f
@raghubetina
Store refresh visit state as pathname
b19b9ee
@raghubetina
Fill package metadata
0985d2a
@dependabot
Bump actions/cache from 4 to 5
15ce664 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 18, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Jan 18, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/actions/cache-5 branch January 18, 2026 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raghubetina