ci(deps): bump actions/cache from 4 to 5

[dependabot]

Bumps actions/cache from 4 to 5.

Release notes

Sourced from actions/cache's releases.

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

---

What's Changed

• Upgrade to use node24 by @​salmanmkc in actions/cache#1630
• Prepare v5.0.0 release by @​salmanmkc in actions/cache#1684

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

• Add note on runner versions by @​GhadimiR in actions/cache#1642
• Prepare v4.3.0 release by @​Link- in actions/cache#1655

New Contributors

• @​GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

• Update README.md by @​nebuk89 in actions/cache#1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in actions/cache#1634
• Prepare release 4.2.4 by @​Link- in actions/cache#1636

New Contributors

• @​nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

• Bump @actions/cache to v4.1.0

4.2.4

• Bump @actions/cache to v4.0.5

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

4.2.1

• Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits

• 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
• 8ff5423 chore: release v5.0.1
• 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
• b975f2b fix: add peer property to package-lock.json for dependencies
• d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
• 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
• ac7f115 peer
• b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
• a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
• 3bb0d78 docs: highlight v5 runner requirement in releases
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
vanity	Ready	Preview, Comment	Dec 15, 2025 6:24am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: WITH CODE** - This cannot be fixed by editing any files in the repository. The required solution is:

What I found

Based on all four investigator agents' findings, I have a clear diagnosis:

Root Cause

Missing repository secret - The CI failure is NOT related to the actions/cache v4→v5 bump. The claude-code-review workflow requires CLAUDE_CODE_OAUTH_TOKEN (or ANTHROPIC_API_KEY) secret to be configured in GitHub repository settings, but it's missing.

Fix

UNFIXABLE WITH CODE - This cannot be fixed by editing any files in the repository. The required solution is:

1. Go to GitHub Repository Settings → Secrets and variables → Actions
2. Click "New repository secret"
3. Add a secret named CLAUDE_CODE_OAUTH_TOKEN with a valid Anthropic OAuth token value

The actual PR changes (bumping actions/cache from v4 to v5) are fine and have no breaking changes. The workflow is correctly written - it properly references ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} at line 38 of .github/workflows/claude-code-review.yml. The problem is simply that this secret doesn't exist in the repository's GitHub Settings.

Summary

Aspect	Status
PR diff (actions/cache v4→v5)	✅ Safe, no issues
Workflow code	✅ Correctly written
Repository secret configuration	❌ Missing CLAUDE_CODE_OAUTH_TOKEN
Fixable with code changes	❌ No - requires admin to add secret

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: with code changes.** This is a missing secrets/infrastructure issue.

What I found

Now I have the complete picture. The workflow file at line 38 references secrets.CLAUDE_CODE_OAUTH_TOKEN, which is not configured in the repository.

---

Root Cause

The CI failure is NOT caused by the actions/cache v4→v5 bump. The failure is from the claude-code-review.yml workflow which requires the CLAUDE_CODE_OAUTH_TOKEN secret (line 38), but this secret is missing from the repository settings.

Fix

UNFIXABLE with code changes. This is a missing secrets/infrastructure issue.

To fix, the repository owner must:

1. Go to GitHub → Repository Settings → Secrets and variables → Actions
2. Add a new repository secret named CLAUDE_CODE_OAUTH_TOKEN with a valid OAuth token from Anthropic

The PR's change (bumping actions/cache@v4 to @v5) is perfectly valid and safe - it's a standard dependency update that doesn't require any code fixes. The CI failure is unrelated to the actual PR changes.

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: WITH CODE** - This requires the repository owner to:

What I found

All four investigators have reported back. Let me synthesize the findings:

Synthesis of Findings

All four subagents agree: The CI failure is NOT caused by the PR changes (bumping actions/cache from v4 to v5). The failure is in the claude-code-review.yml workflow which requires a CLAUDE_CODE_OAUTH_TOKEN secret that is not configured in the repository.

The error message clearly states:

Error: Environment variable validation failed:
  - Either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is required when using direct Anthropic API.

Root Cause

The claude-code-review.yml workflow uses anthropics/claude-code-action@beta which requires the CLAUDE_CODE_OAUTH_TOKEN secret to be configured in GitHub repository settings. This secret is missing.

Fix

This is NOT fixable with code changes. The fix requires external configuration:

1. Generate a Claude Code OAuth token from Anthropic
2. Add it as a GitHub repository secret named CLAUDE_CODE_OAUTH_TOKEN

The actual PR changes (actions/cache v4 → v5) are perfectly fine and don't cause any issues.

---

Root Cause

Missing CLAUDE_CODE_OAUTH_TOKEN repository secret required by the claude-code-review.yml workflow - unrelated to the PR's actions/cache v4→v5 bump.

Fix

UNFIXABLE WITH CODE - This requires the repository owner to:

1. Obtain a Claude Code OAuth token from Anthropic
2. Add it to GitHub repository secrets at: Settings → Secrets and variables → Actions → New repository secret

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: with code changes.**

What I found

All four investigators agree: this is not a code issue - it's a missing GitHub secret configuration.

Root Cause

The CI failure is from the claude-code-review workflow (a separate workflow from the PR's cache update) - it requires CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY secrets which aren't configured in the repository.

Fix

UNFIXABLE with code changes.

The actual PR change (bumping actions/cache from v4 to v5) is totally fine. The failure is from a different workflow (claude-code-review.yml) that:

1. Runs on PR events
2. Uses anthropics/claude-code-action@beta
3. Needs CLAUDE_CODE_OAUTH_TOKEN secret configured in GitHub repository settings

To fix this, a repository admin needs to:

1. Go to Repository → Settings → Secrets and variables → Actions
2. Add CLAUDE_CODE_OAUTH_TOKEN with a valid token from Anthropic

The PR itself (actions/cache v4→v5) is a harmless, legitimate dependency update that should work fine once the secrets issue is resolved.

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: with code changes**. The error:

What I found

Based on the parallel investigation from all 4 agents, I have a clear diagnosis:

Root Cause

The CI failure is NOT caused by the PR changes (actions/cache v4→v5 bump). The failure is in the claude-code-review.yml workflow which requires the CLAUDE_CODE_OAUTH_TOKEN GitHub secret that is not configured in the repository.

Fix

This is UNFIXABLE with code changes. The error:

##[error]Action failed with error: Error: Environment variable validation failed:
  - Either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is required when using direct Anthropic API.

This happens because:

1. The claude-code-review.yml workflow uses anthropics/claude-code-action@beta
2. That action requires ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} to authenticate
3. This secret is not configured in the repository's GitHub Actions secrets

The actual PR change (bumping actions/cache from v4 to v5) is perfectly fine - it's a straightforward dependency update that doesn't affect the application.

What needs to happen:
A repository administrator needs to:

1. Go to Repository Settings → Secrets and variables → Actions
2. Add a new secret named CLAUDE_CODE_OAUTH_TOKEN
3. Set the value to a valid OAuth token from Anthropic

This cannot be fixed through code changes or commits - it requires repository-level secret configuration.

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!

[phrazzld]

🔧 kaylee here!

I took a look at the failing CI, but this one's beyond my wrench:

Why I can't fix it: via code changes - it requires external configuration (adding a GitHub secret).

What I found

Based on all four investigator agents' findings, I have a clear picture now. Let me synthesize this:

Root Cause

The CI failure is NOT related to the actions/cache v4 to v5 bump in the PR. The failure is in the Claude Code Review workflow (claude-code-review.yml), which requires CLAUDE_CODE_OAUTH_TOKEN to be configured as a GitHub repository secret. This secret is either missing or not accessible.

Fix

This is NOT fixable with code. The failure is due to a missing GitHub repository secret (CLAUDE_CODE_OAUTH_TOKEN). The actual changes in this PR (bumping actions/cache from v4 to v5) are completely fine and unrelated to the error.

The error:

Error: Environment variable validation failed:
  - Either ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN is required when using direct Anthropic API.

This happens in the claude-code-review.yml workflow which uses the anthropics/claude-code-action@beta action. The main CI workflow (ci.yml) that runs the actual tests, linting, type checking, and builds is separate from this review workflow.

To fix this, the repository owner needs to:

1. Go to GitHub Repository Settings → Secrets and variables → Actions
2. Add a secret named CLAUDE_CODE_OAUTH_TOKEN with a valid Claude Code OAuth token

The PR itself (bumping actions/cache from v4 to v5) is valid and should work fine once the Claude Code Review workflow has proper credentials configured.

This is UNFIXABLE via code changes - it requ

What needs to happen

This likely requires human intervention — maybe setting up secrets, configuring external services, or other non-code changes.

---

🤖 Generated by kaylee — I tried, Captain!