chore(deps): update actions/cache action to v5.0.5

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	patch	v5.0.4 → v5.0.5

---

Release Notes

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Package Update: actions/cache v5.0.4 → v5.0.5

Primary Change:

• Updated @typespec/ts-http-runtime dependency from an earlier version to 0.3.5 (released April 7, 2026)

Bug Fix:

• Proxy CONNECT tunnel header handling: Request headers are no longer forwarded to the proxy server as additional headers when establishing HTTPS CONNECT tunnels. This fixes a compatibility issue where some proxy servers would block CONNECT calls when receiving unexpected headers during tunnel establishment.

Impact of the Fix:

• The fix ensures that headers intended for the final destination are not leaked to intermediate proxy servers during the CONNECT handshake
• Proxied requests sent through established tunnels remain unchanged
• Improves compatibility with stricter proxy configurations

No Breaking Changes:

• This is a pure bug fix classified as a patch release
• Maintains full backward compatibility with v5.0.4
• No API changes or migration requirements
• All existing functionality preserved

Build Artifacts:

• PR includes regenerated distribution files (npm run build)
• Updated license/attribution documentation

🎯 Impact Scope Investigation

Usage Location:

• Single usage in .github/actions/setup/action.yml:10 - a composite action used by CI workflows
• The setup action is referenced by three workflows:
  • .github/workflows/ci.yml (test, build, lint jobs)
  • Other workflows that depend on Go build caching
• One test data file (e2e/testdata/impostor-commit/valid-non-default-branch.yml) references a dummy/test version of actions/cache

Functionality:

• The action is used to cache Go build artifacts (~/.cache/go-build) and Go module dependencies (~/go/pkg/mod)
• Caching key based on go.sum file hash for cache invalidation
• Critical for CI performance optimization

Dependency Impact:

• No transitive dependency changes affecting the ghasec codebase
• The proxy fix only affects environments where GitHub Actions runners operate behind HTTP proxies
• Most environments (including standard GitHub-hosted runners) will see no behavioral difference

CI Status:

• ✅ Test job: Passed (46s)
• ✅ Lint job: Passed (41s)
• ✅ Ghasec job: Passed (8s)
• ⏳ Build job: Pending
• ✅ Renovate stability-days: Passed (minimum release age requirement met)

💡 Recommended Actions

Immediate Action:

• ✅ Safe to merge - This is a low-risk patch release with no breaking changes

No Migration Required:

• No code changes needed in the ghasec codebase
• No configuration adjustments required
• No workflow modifications necessary

Validation:

• CI checks are passing, confirming compatibility
• The update only touches the commit SHA reference in the composite action file
• Existing cache keys and restore logic remain unchanged

Benefits of Merging:

• Improved proxy server compatibility for environments using HTTP proxies
• Keeps dependencies up-to-date with latest bug fixes
• Aligns with GitHub Actions best practices for dependency management

🔗 Reference Links

• actions/cache v5.0.5 Release Notes
• PR #1747: Update ts-http-runtime dependency
• Version Comparison: v5.0.4...v5.0.5
• @typespec/ts-http-runtime Changelog
• GitHub Actions Cache Documentation

Generated by koki-develop/claude-renovate-review