Update github actions (main) (patch)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	patch	v5.0.4 → v5.0.5
actions/checkout	action	patch	v6.0.2 → v6.0.3
codecov/codecov-action	action	patch	v5.5.4 → v5.5.5
peter-evans/create-pull-request	action	patch	v8.1.0 → v8.1.1

---

Release Notes

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

codecov/codecov-action (codecov/codecov-action)

v5.5.5

Compare Source

peter-evans/create-pull-request (peter-evans/create-pull-request)

v8.1.1: Create Pull Request v8.1.1

Compare Source

What's Changed

• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in #​4305
• build(deps): bump minimatch by @​dependabot[bot] in #​4311
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in #​4316
• build(deps): bump @​tootallnate/once and jest-environment-jsdom by @​dependabot[bot] in #​4323
• build(deps-dev): bump undici from 6.23.0 to 6.24.0 by @​dependabot[bot] in #​4328
• build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in #​4334
• build(deps): bump picomatch by @​dependabot[bot] in #​4339
• build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by @​dependabot[bot] in #​4344
• build(deps-dev): bump the npm group with 3 updates by @​dependabot[bot] in #​4349
• fix: retry post-creation API calls on 422 eventual consistency errors by @​peter-evans in #​4356

Full Changelog: peter-evans/create-pull-request@v8.1.0...v8.1.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 1:03 AM UTC · Completed 1:09 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

Review

Findings

High

• [protected-path] .github/workflows/ — All 6 changed files are under the .github/ protected path: checks-codecov.yaml, codeql.yaml, lint.yaml, release.yaml, scorecard.yml, update-go-containerregistry.yaml. This PR has no linked issue justifying the modification of governance/infrastructure files. Human approval is required for all changes to protected paths, regardless of whether the changes are automated dependency bumps.
  Remediation: A maintainer should verify that the updated commit SHAs correspond to the expected patch releases (actions/cache v5.0.5, actions/checkout v6.0.3, codecov/codecov-action v5.5.5, peter-evans/create-pull-request v8.1.1) and approve.

Info

• [sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model claude-sonnet-4-5@20250929 is not available on the deployment. Given the mechanical nature of this version-bump PR, no style findings are expected.

[fullsend-ai-review]

See the review comment for full details.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	53.56% <ø> (ø)
generative	16.87% <ø> (ø)
integration	27.80% <ø> (ø)
unit	69.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.