ci(deps): bump the all-actions group with 4 updates

[dependabot]

Bumps the all-actions group with 4 updates: jdx/mise-action, anomalyco/opencode, actions/cache and softprops/action-gh-release.

Updates jdx/mise-action from 3.6.3 to 4.0.0

Release notes

Sourced from jdx/mise-action's releases.

v4.0.0

What's Changed

• chore(deps): lock file maintenance by @​renovate[bot] in jdx/mise-action#392
• chore(deps): update actions/setup-node digest to 53b8394 by @​renovate[bot] in jdx/mise-action#396
• feat!: Update Node.js version from 20 to 24 by @​tumerorkun in jdx/mise-action#395
• chore(deps): update github/codeql-action digest to 820e316 by @​renovate[bot] in jdx/mise-action#397
• chore: release v4.0.0 by @​mise-en-dev in jdx/mise-action#398

New Contributors

• @​tumerorkun made their first contribution in jdx/mise-action#395

Full Changelog: jdx/mise-action@v3...v4.0.0

Changelog

Sourced from jdx/mise-action's changelog.

Changelog

---

4.0.0 - 2026-03-13

🚀 Features

• breaking Update Node.js version from 20 to 24 (#395) by @​tumerorkun in #395

New Contributors

• @​tumerorkun made their first contribution in #395

---

3.6.3 - 2026-03-06

🐛 Bug Fixes

• pass cwd to all exec calls in exportMiseEnv() (#390) by @​andrewthauer in #390

New Contributors

• @​andrewthauer made their first contribution in #390

---

3.6.2 - 2026-03-02

🐛 Bug Fixes

• move file_hash to end of cache key template to prevent prefix matching (#384) by @​altendky in #384

New Contributors

• @​altendky made their first contribution in #384

---

3.6.1 - 2026-01-20

🔍 Other Changes

• Revert "fix(cache): isolate cache keys per working_directory in monorepos" (#364) by @​jdx in #364

---

3.6.0 - 2026-01-18

🚀 Features

• add option to disable shims in PATH (#340) by @​jdx in #340

🐛 Bug Fixes

... (truncated)

Commits

• c1ecc8f chore: release v4.0.0 (#398)
• 1cbe8c5 chore(deps): update github/codeql-action digest to 820e316 (#397)
• 35ed1d3 feat!: Update Node.js version from 20 to 24 (#395)
• 02bfe73 chore(deps): update actions/setup-node digest to 53b8394 (#396)
• 9a9bfbd chore(deps): lock file maintenance (#392)
• See full diff in compare view

Updates anomalyco/opencode from 1.2.13 to 1.2.27

Release notes

Sourced from anomalyco/opencode's releases.

v1.2.27

Core

• Fixed VCS watcher if statement logic
• Delete legacy permission module
• Clean up pending entry when question is aborted
• Remove SIGHUP exit handler
• Effectify PermissionNext and fix InstanceState ALS bug
• Inline branded ID schemas
• Refactor QuestionService to use effects
• Ensure that compaction message is tracked as agent initiated
• Increase default chunk timeout from 2 minutes to 5 minutes
• Fix lost sessions across worktrees and orphan branches (@​michaeldwan)

Desktop

• Remove open label from UI
• Handle multiline web paste in prompt composer

Thank you to 4 community contributors:

• @​michaeldwan:
  • fix(opencode): lost sessions across worktrees and orphan branches (#16389)
• @​marcusschiesser:
  • fix(ui): prevent long filenames from overlapping actions (#17151)
• @​Gojer16:
  • docs(es): fix Spanish intro page translation, grammar, and terminology (#17563)
• @​erikengervall:
  • docs: Add opencode-firecrawl to ecosystem documentation (#17672)

v1.2.26

Core

• Scaffold effect-to-zod bridge for schema conversion
• Serialize configuration for Bun installations
• Support text attachments in app
• Paginate session history for improved server performance
• Sessions lost after git init in existing project (@​michaeldwan)
• Fail fast on config dependency installs in end-to-end tests
• Filter empty content blocks for Bedrock provider (@​Tom-Ryder)
• Refactor ProviderAuthService to use Effect pattern
• Add console account subcommands to CLI
• Refactor AuthService to use Effect pattern

TUI

• Hide console command from help output
• Remove OpenRouter warning
• Reorder provider list in providers login

Desktop

• Model selection now persists by session
• Polish prompt composer controls
• Synchronize sidebar state across the application
• Use new-session icon in sidebar buttons
• Avoid clipping new session during sidebar animation
• Animate titlebar controls on sidebar open
• Restore sidebar dash and sync session spinner colors

... (truncated)

Commits

• 4ee426b release: v1.2.27
• 5103742 fix: vcs watcher if statement (#17673)
• aedbece docs: Add opencode-firecrawl to ecosystem documentation (#17672)
• 9c00669 zen: update claude prices
• b9f6b40 tweak(ui): remove open label (#17512)
• ad06d8f docs(es): fix Spanish intro page translation, grammar, and terminology (#17563)
• 2fc06c5 chore(permission): delete legacy permission module (#17534)
• 52877d8 fix(question): clean up pending entry on abort (#17533)
• 8f957b8 remove sighup exit (#17254)
• 0befa1e chore: generate
• Additional commits viewable in compare view

Updates actions/cache from 5.0.3 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
• 984a21b Add traffic sanity check step
• acf2f1f Fix resolution
• 95a07c5 Add wait for proxy
• Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.5.0 to 2.6.1

Release notes

Sourced from softprops/action-gh-release's releases.

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

• feat: support previous_tag for generate_release_notes by @​pocesar in softprops/action-gh-release#372

Bug fixes 🐛

• fix: recover concurrent asset metadata 404s by @​chenrui333 in softprops/action-gh-release#760

Other Changes 🔄

• docs: clarify reused draft release behavior by @​chenrui333 in softprops/action-gh-release#759
• docs: clarify working_directory input by @​chenrui333 in softprops/action-gh-release#761
• ci: verify dist bundle freshness by @​chenrui333 in softprops/action-gh-release#762
• fix: clarify immutable prerelease uploads by @​chenrui333 in softprops/action-gh-release#763

v2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

• feat: support previous_tag for generate_release_notes by @​pocesar in softprops/action-gh-release#372

Bug fixes 🐛

• fix: recover concurrent asset metadata 404s by @​chenrui333 in softprops/action-gh-release#760

Other Changes 🔄

• docs: clarify reused draft release behavior by @​chenrui333 in softprops/action-gh-release#759
• docs: clarify working_directory input by @​chenrui333 in softprops/action-gh-release#761
• ci: verify dist bundle freshness by @​chenrui333 in softprops/action-gh-release#762
• fix: clarify immutable prerelease uploads by @​chenrui333 in softprops/action-gh-release#763

2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

... (truncated)

Commits

• 153bb8e release 2.6.1
• 569deb8 fix: preserve discussion category when publishing releases (#765)
• 26e8ad2 release 2.6.0
• b959f31 fix: clarify immutable prerelease uploads (#763)
• 8a8510e ci: verify dist bundle freshness (#762)
• 438c15d docs: clarify working_directory input (#761)
• 6ca3b5d fix: recover concurrent asset metadata 404s (#760)
• 11f9176 chore: add RELEASE.md
• 1f3f350 feat: add AGENTS.md
• 37819cb docs: clarify reused draft release behavior (#759)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated, ci. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.