build(deps-dev): bump handlebars from 4.7.8 to 4.7.9

Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9. - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9) --- updated-dependencies: - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-28 17:31:53 +08:00 · 2026-03-27 19:54:59 +00:00
12 changed files with 14608 additions and 17375 deletions
--- a/.licenses/npm/@actions/cache.dep.yml
+++ b/.licenses/npm/@actions/cache.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: "@actions/cache"
-version: 5.1.0
+version: 5.0.5
 type: npm
 summary: Actions cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/cache
--- a/.licenses/npm/@typespec/ts-http-runtime.dep.yml
+++ b/.licenses/npm/@typespec/ts-http-runtime.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: "@typespec/ts-http-runtime"
-version: 0.3.5
+version: 0.3.2
 type: npm
 summary: Isomorphic client library for making HTTP requests in node.js and browser.
 homepage: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/ts-http-runtime/
--- a/README.md
+++ b/README.md
@@ -109,14 +109,6 @@ The cache is scoped to the key, [version](#cache-version), and branch. The defau
 See [Matching a cache key](https://help.github.com/en/actions/configuring-and-managing-workflows/caching-dependencies-to-speed-up-workflows#matching-a-cache-key) for more info.
 ### Read-only access
 Some workflow runs only have read-only access to the cache. A common case is a workflow triggered by a pull request from a fork: such runs can **restore** existing caches but may not be permitted to **save** new ones.
 When the cache token is read-only, the save step does not fail the job. Instead, `@actions/cache` reports the denial once as a warning (for example, `Failed to save: ... cache write denied: ...`) and the step completes successfully without writing a cache entry. Restores in the same run continue to work as usual.
 > **Note** This applies to the action's normal save path as well as the standalone [Save action](./save/README.md). If you intentionally want a restore-only setup, see [Make cache read only / Reuse cache from centralized job](./caching-strategies.md#make-cache-read-only--reuse-cache-from-centralized-job).
 ### Example cache workflow
 #### Restoring and saving cache using a single action
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -25,11 +25,6 @@
 ## Changelog
 ### 5.1.0
 - Bump `@actions/cache` to v5.1.0 to pick up [actions/toolkit#2435 Handle cache write error due to read-only token](https://github.com/actions/toolkit/pull/2435)
 - Switch redundant "Cache save failed" warning to debug log in save-only
 ### 5.0.4
 - Bump `minimatch` to v3.1.5 (fixes ReDoS via globstar patterns)
--- a/tests/saveOnly.test.ts
+++ b/tests/saveOnly.test.ts
@@ -105,10 +105,8 @@ test("save with valid inputs uploads a cache", async () => {
    expect(failedMock).toHaveBeenCalledTimes(0);
 });
-test("save failing logs the debug message", async () => {
+test("save failing logs the warning message", async () => {
    const debugMock = jest.spyOn(core, "debug");
    const warningMock = jest.spyOn(core, "warning");
    const failedMock = jest.spyOn(core, "setFailed");
    const primaryKey = "Linux-node-bb828da54c148048dd17899ba9fda624811cfb43";
@@ -117,9 +115,6 @@ test("save failing logs the debug message", async () => {
    testUtils.setInput(Inputs.Path, inputPath);
    testUtils.setInput(Inputs.UploadChunkSize, "4000000");
    // A read-only / write-denied save surfaces to the action as saveCache resolving
    // to -1; the toolkit has already logged the underlying reason. The action
    // must not fail the job or emit its own warning.
    const cacheId = -1;
    const saveCacheMock = jest
        .spyOn(cache, "saveCache")
@@ -139,7 +134,6 @@ test("save failing logs the debug message", async () => {
        false
    );
-    expect(debugMock).toHaveBeenCalledWith("Cache was not saved.");
+    expect(warningMock).toHaveBeenCalledTimes(1);
-    expect(warningMock).not.toHaveBeenCalled();
+    expect(warningMock).toHaveBeenCalledWith("Cache save failed.");
    expect(failedMock).not.toHaveBeenCalled();
 });
--- a/dist/restore-only/index.js
+++ b/dist/restore-only/index.js
--- a/dist/restore/index.js
+++ b/dist/restore/index.js
--- a/dist/save-only/index.js
+++ b/dist/save-only/index.js
--- a/dist/save/index.js
+++ b/dist/save/index.js
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,15 +1,15 @@
 {
  "name": "cache",
-  "version": "5.1.0",
+  "version": "5.0.4",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "cache",
-      "version": "5.1.0",
+      "version": "5.0.4",
      "license": "MIT",
      "dependencies": {
-        "@actions/cache": "^5.1.0",
+        "@actions/cache": "^5.0.5",
        "@actions/core": "^2.0.3",
        "@actions/exec": "^2.0.0",
        "@actions/io": "^2.0.0"
@@ -39,9 +39,9 @@
      }
    },
    "node_modules/@actions/cache": {
-      "version": "5.1.0",
+      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-5.0.5.tgz",
-      "integrity": "sha512-kTIj4YPrjjRPKSGlj7f8eq+Pijoy/SKBEbJcAwNsQTFGEF29NGqj1mqD02/PmhV6r4bRAixycexAWpmUJ2aCwg==",
+      "integrity": "sha512-jiQSg0gfd+C2KPgcmdCOq7dCuCIQQWQ4b1YfGIRaaA9w7PJbRwTOcCz4LiFEUnqZGf0ha/8OKL3BeNwetHzYsQ==",
      "license": "MIT",
      "dependencies": {
        "@actions/core": "^2.0.0",
@@ -1945,9 +1945,9 @@
      }
    },
    "node_modules/@typespec/ts-http-runtime": {
-      "version": "0.3.5",
+      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/@typespec/ts-http-runtime/-/ts-http-runtime-0.3.5.tgz",
+      "resolved": "https://registry.npmjs.org/@typespec/ts-http-runtime/-/ts-http-runtime-0.3.2.tgz",
-      "integrity": "sha512-yURCknZhvywvQItHMMmFSo+fq5arCUIyz/CVk7jD89MSai7dkaX8ufjCWp3NttLojoTVbcE72ri+be/TnEbMHw==",
+      "integrity": "sha512-IlqQ/Gv22xUC1r/WQm4StLkYQmaaTsXAhUVsNE0+xiyf0yRFiH5++q78U3bw6bLKDCTmh0uqKB9eG9+Bt75Dkg==",
      "license": "MIT",
      "dependencies": {
        "http-proxy-agent": "^7.0.0",
@@ -4167,9 +4167,9 @@
      "license": "MIT"
    },
    "node_modules/handlebars": {
-      "version": "4.7.8",
+      "version": "4.7.9",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
-      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "cache",
-  "version": "5.1.0",
+  "version": "5.0.4",
  "private": true,
  "description": "Cache dependencies and build outputs",
  "main": "dist/restore/index.js",
@@ -23,7 +23,7 @@
  "author": "GitHub",
  "license": "MIT",
  "dependencies": {
-    "@actions/cache": "^5.1.0",
+    "@actions/cache": "^5.0.5",
    "@actions/core": "^2.0.3",
    "@actions/exec": "^2.0.0",
    "@actions/io": "^2.0.0"
--- a/src/saveImpl.ts
+++ b/src/saveImpl.ts
@@ -84,11 +84,7 @@ export async function saveOnlyRun(
    try {
        const cacheId = await saveImpl(new NullStateProvider());
        if (cacheId === -1) {
-            // The toolkit's saveCache already logs the underlying reason at
+            core.warning(`Cache save failed.`);
            // the appropriate severity (warning for most failures, info for
            // benign concurrency races, error for 5xx). Avoid emitting a
            // generic warning here that would duplicate or mask that signal.
            core.debug(`Cache was not saved.`);
        }
    } catch (err) {
        console.error(err);