v5.0.2

What's Changed

• refactor(web): share connectors explainer copy across login and upsell menus by @msukkari in #1280
• chore: add release workflow for setup-sourcebot by @brendan-kellam in #1279
• chore: upgrade protobufjs to ^7.6.2 by @brendan-kellam in #1281
• feat(web): support for anthropic prompt caching and UI cached token display by @jsourcebot in #1278
• fix(web): fix GitLab MR inline comment 400 errors on context lines and renames by @fatmcgav in #1149
• chore: upgrade qs to ^6.15.2 to address CVE-2026-8723 by @brendan-kellam in #1282
• chore: upgrade picomatch to ^4.0.4 to address CVE-2026-33671, CVE-2026-33672 by @brendan-kellam in #1283
• chore: ignore CVE-2026-41305 (postcss build-time XSS) in Trivy by @brendan-kellam in #1288
• chore: upgrade ws to ^8.20.1 to address CVE-2026-45736 by @brendan-kellam in #1286
• chore: upgrade hono to ^4.12.24 to address CVE-2026-47673, CVE-2026-47674, CVE-2026-47675, CVE-2026-47676 by @brendan-kellam in #1289
• chore: bump zoekt submodule to upgrade go-git to v5.19.1 (CVE-2026-45571) by @brendan-kellam in #1290
• fix(web): surface actionable error when Lighthouse is unreachable by @brendan-kellam in #1293
• fix(web): stop rapid localStorage flip when removing a language model by @brendan-kellam in #1295
• feat(web): resolve Anthropic thinking config from model capabilities by @brendan-kellam in #1294
• feat(web): add isLanguageModelConfigured to service ping by @brendan-kellam in #1296
• chore: remove deprecated env-var identity provider configuration by @brendan-kellam in #1297
• fix(web): Support multiple IDPs of the same type by @brendan-kellam in #1177
• fix(backend): prevent duplicate index jobs from indexedAt race by @brendan-kellam in #1298
• chore: upgrade shell-quote to ^1.8.4 to address CVE-2026-9277 by @jsourcebot in #1299
• fix(worker): pass logger to getAuthCredentialsForRepo during repo sync by @brendan-kellam in #1300

Full Changelog: v5.0.1...v5.0.2