[Snyk] Security upgrade @actions/cache from 3.2.213 to 4.0.0

[adityamaru]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	863

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[cursor]

Bug: Cache Dependency Version Mismatch

The @actions/cache dependency has an inconsistent version: package.json specifies exact "4.0.0", while package-lock.json uses caret "^4.0.0". This conflicts with the caret ranges used for other @actions packages and can lead to different versions being installed across environments or prevent automatic patch/minor updates.

package-lock.json#L11-L12

setup-rust/package-lock.json

Lines 11 to 12 in 643d2a4

	"dependencies": {
	"@actions/cache": "^4.0.0",

package.json#L18-L19

setup-rust/package.json

Lines 18 to 19 in 643d2a4

	"dependencies": {
	"@actions/cache": "4.0.0",

Fix in Cursor • Fix in Web

---

Was this report helpful? Give feedback by reacting with 👍 or 👎