chore(deps): bump the ci group across 1 directory with 3 updates

[dependabot]

Bumps the ci group with 3 updates in the / directory: actions/cache, release-drafter/release-drafter and anchore/sbom-action.

Updates actions/cache from 5.0.1 to 5.0.2

Release notes

Sourced from actions/cache's releases.

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

• Bump @actions/cache to v4.1.0

4.2.4

• Bump @actions/cache to v4.0.5

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

4.2.1

• Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

... (truncated)

Commits

• 8b402f5 Merge pull request #1692 from GhadimiR/main
• 304ab5a license for httpclient
• 609fc19 Update licensed record for cache
• b22231e Build
• 93150cd Add PR link to releases
• 9b8ca9f Bump actions/cache to 5.0.3
• See full diff in compare view

Updates release-drafter/release-drafter from 6.1.0 to 6.2.0

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.2.0

What's Changed

New

• Add config option for history-limit (#1470) @​gjvoosten
• Add 'commits-since' configuration option for release drafts (#1451) @​slawekjaranowski

Maintenance

• build: support OIDC for npmjs publishing (#1480) @​cchanche

Documentation

• Update README.md (#1434) @​kunaljubce

Full Changelog: release-drafter/release-drafter@v6.1.1...v6.2.0

v6.1.1

What's Changed

Bug Fixes

• Honor Version Template (#1459) @​ChronosMasterOfAllTime

Documentation

• docs: Add missing action inputs to README (#1472) @​sasamuku

Full Changelog: release-drafter/release-drafter@v6.1.0...v6.1.1

Commits

• 6db134d ci: add diff for debugging unstaged files
• a9305a6 chore: fix package.json and lockfile
• 309083b chore: bump to v6.2.0
• 923fffe Add config option for history-limit (#1470)
• fa20e47 docs: typo in README.md (#1434)
• 4178e5a feat: 'commits-since' configuration option (#1451)
• 686295d build: support OIDC for npmjs publishing (#1480)
• 9928b92 setup oidc release flow
• 267d2e0 chore: bump to v6.1.1
• 60cac2b ci: disable npmjs publishing
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.21.1 to 0.22.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

• chore(deps-dev): bump the dev-dependencies group with 19 updates (#566) [@​dependabot]
• chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567) [@​dependabot]
• chore(deps): update Syft to v1.40.1 (#563) [@​anchore-actions-token-generator[bot]]

Commits

• 62ad528 chore: update release-drafter, dependencies (#571)
• 2657179 chore(deps-dev): bump the dev-dependencies group with 19 updates (#566)
• 61140b1 chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567)
• f99cf3e ci: enable dependabot with groups (#565)
• 28b3d8f Chore better zizmor (#564)
• 3363a57 chore(deps): update Syft to v1.40.1 (#563)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.