Pin dependencies - gh-action_cache v1.5.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
SonarSource/gh-action_cache	action	minor	v1.4.4 → v1.5.0

---

Release Notes

SonarSource/gh-action_cache (SonarSource/gh-action_cache)

v1.5.0

Compare Source

What's Changed

New Features

• BUILD-11294 Add cache-size-bytes output and pipeline runtime metrics JSON by @​julien-carsique-sonarsource in #​62

Bug Fixes

• BUILD-11297 Simplify CI_METRICS_ENABLED gate — strict 'true', no bash step by @​julien-carsique-sonarsource in #​68
• BUILD-11297 Fix container self-reference and pre-commit git-clean regressions by @​julien-carsique-sonarsource in #​69

Full Changelog: SonarSource/gh-action_cache@v1.4.5...v1.5.0

v1.4.5

Compare Source

Improvements

• PREQ-5729: fix argument list too long in cache cleanup by @​mikolaj-matuszny-ext-sonarsource in #​61

Full Changelog: SonarSource/gh-action_cache@v1.4.4...v1.4.5

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • "after 7am every weekday,before 8pm every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Post-upgrade command 'pre-commit autoupdate --freeze || true' has not been added to the allowed list in allowedCommands

[sonar-review-alpha]

Summary

Renovate-generated dependency update pinning three GitHub Actions to specific commits. Primary change: gh-action_cache upgraded from v1.4.4 to v1.5.0 across 8 action files. The v1.5.0 release includes new cache metrics features and fixes a pre-commit regression. All changes are mechanical reference updates with consistent version comments.

What reviewers should know

Scope: Review the consistency of version updates across all 8 files—each should pin gh-action_cache to the same commit hash (bdecdb...).

What changed: Lines containing uses: SonarSource/gh-action_cache@ were updated. The comment suffix changed from # v1.4.4 to # v1.5.0, and the commit hash was updated to match that version tag.

Release highlights (from the description): v1.5.0 adds cache-size-bytes output for metrics, simplifies the CI_METRICS_ENABLED gate, and fixes a container self-reference regression from earlier patches. These are improvements, not breaking changes.

Note: No functional code changes—this is a dependency pinning update. The files being modified are all GitHub Actions configuration files (action.yml).

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[hashicorp-vault-sonar-prod]

Renovate Jira issue ID: BUILD-11421

[sonar-review-alpha]

LGTM! ✅

Clean, mechanical Renovate PR with no issues found. All 8 gh-action_cache references use the identical v1.5.0 digest (bdecdb7…), and both workflow-level pins are consistent — every external uses: reference in the repo is now digest-pinned. The only unpinned references are local ./.actions/… paths, which correctly cannot and do not need digest pinning.

🗣️ Give feedback

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud