codeql: bump actions/cache from 4 to 5

[dscho]

Just a regular GitHub Actions bump

[dscho]

/submit

[gitgitgadget]

Submitted as pull.2086.git.1776097457136.gitgitgadget@gmail.com

To fetch this version into FETCH_HEAD:

git fetch https://github.com/gitgitgadget/git/ pr-2086/git-for-windows/dependabot/github_actions/actions/cache-5-v1

To fetch this version to local tag pr-2086/git-for-windows/dependabot/github_actions/actions/cache-5-v1:

git fetch --no-tags https://github.com/gitgitgadget/git/ tag pr-2086/git-for-windows/dependabot/github_actions/actions/cache-5-v1

[gitgitgadget]

Junio C Hamano wrote on the Git mailing list (how to reply to this email):

"Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
writes:

> From: Johannes Schindelin <johannes.schindelin@gmx.de>
>
> Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
> - [Release notes](https://github.com/actions/cache/releases)
> - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
> - [Commits](https://github.com/actions/cache/compare/v4...v5)
>
> ---
>     codeql: bump actions/cache from 4 to 5
>     
>     Just a regular GitHub Actions bump
>
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-2086%2Fgit-for-windows%2Fdependabot%2Fgithub_actions%2Factions%2Fcache-5-v1
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-2086/git-for-windows/dependabot/github_actions/actions/cache-5-v1
> Pull-Request: https://github.com/gitgitgadget/git/pull/2086
>
> updated-dependencies:
> - dependency-name: actions/cache
>   dependency-version: '5'
>   dependency-type: direct:production
>   update-type: version-update:semver-major
> ...
>
> Originally-authored-by: dependabot[bot] <support@github.com>
> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
> ---

You should not need to be reminded on how our log messages should
look like.  Also your sign-off must come before the three-dash line.

Thanks.

>  .github/workflows/coverity.yml | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> index cfa17d394a..3435baeca2 100644
> --- a/.github/workflows/coverity.yml
> +++ b/.github/workflows/coverity.yml
> @@ -98,7 +98,7 @@ jobs:
>        # A cache miss will add ~30s to create, but a cache hit will save minutes.
>        - name: restore the Coverity Build Tool
>          id: cache
> -        uses: actions/cache/restore@v4
> +        uses: actions/cache/restore@v5
>          with:
>            path: ${{ runner.temp }}/cov-analysis
>            key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }}
> @@ -141,7 +141,7 @@ jobs:
>            esac
>        - name: cache the Coverity Build Tool
>          if: steps.cache.outputs.cache-hit != 'true'
> -        uses: actions/cache/save@v4
> +        uses: actions/cache/save@v5
>          with:
>            path: ${{ runner.temp }}/cov-analysis
>            key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }}
>
> base-commit: 67ad42147a7acc2af6074753ebd03d904476118f

[gitgitgadget]

Junio C Hamano wrote on the Git mailing list (how to reply to this email):

Junio C Hamano <gitster@pobox.com> writes:

> "Johannes Schindelin via GitGitGadget" <gitgitgadget@gmail.com>
> writes:
>
>> From: Johannes Schindelin <johannes.schindelin@gmx.de>
>>
>> Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
>> - [Release notes](https://github.com/actions/cache/releases)
>> - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
>> - [Commits](https://github.com/actions/cache/compare/v4...v5)
>>
>> ---
>>     codeql: bump actions/cache from 4 to 5
>>     
>>     Just a regular GitHub Actions bump
>>
>> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-2086%2Fgit-for-windows%2Fdependabot%2Fgithub_actions%2Factions%2Fcache-5-v1
>> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-2086/git-for-windows/dependabot/github_actions/actions/cache-5-v1
>> Pull-Request: https://github.com/gitgitgadget/git/pull/2086
>>
>> updated-dependencies:
>> - dependency-name: actions/cache
>>   dependency-version: '5'
>>   dependency-type: direct:production
>>   update-type: version-update:semver-major
>> ...
>>
>> Originally-authored-by: dependabot[bot] <support@github.com>
>> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
>> ---
>
> You should not need to be reminded on how our log messages should
> look like.  Also your sign-off must come before the three-dash line.
>
> Thanks.

A tangent, but I probably should mention that I didn't even notice
the last time we got identically malformatted patch submission in
October,

<2443e519f0ff6160e058d391495dd51256595a48.1760629692.git.gitgitgadget@gmail.com>

which resulted in 63541ed9 (build(deps): bump actions/checkout from
4 to 5, 2025-10-16) that you meant to sign off but ended up
committed without one due to the premature three-dash line.



It seems that GitHub Actions started complaining about use of
Node.js 20 and I was wondering why only one job uses
actions/checkout@v4, and it turns out that it is a semantic mismerge
between e75cd059 (ci: check formatting of our Rust code, 2025-10-15)
that added a new use of actions/checkout@v4 that happened very close
to another change 63541ed9 (build(deps): bump actions/checkout from
4 to 5, 2025-10-16) that updated all uses of actions/checkout@v4 to
use actions/checkout@v5.