ci(deps): bump dependabot/fetch-metadata from 2.3.0 to 3.1.0 by dependabot[bot] · Pull Request #5 · littlebearapps/.github

dependabot · 2026-01-11T22:03:54Z

Bumps dependabot/fetch-metadata from 2.3.0 to 3.1.0.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

Add permissions to all workflows by @truggeri in dependabot/fetch-metadata#687

build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @dependabot[bot] in dependabot/fetch-metadata#690

build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in dependabot/fetch-metadata#693

build(deps-dev): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in dependabot/fetch-metadata#694

build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in dependabot/fetch-metadata#695

Dynamically update the tracking tag in action by @truggeri in dependabot/fetch-metadata#696

fix: handle duplicate dependency names in parseMetadataLinks by @devantler in dependabot/fetch-metadata#700

fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @devantler in dependabot/fetch-metadata#698

Updates to README for permissions clarification by @truggeri in dependabot/fetch-metadata#697

fix: resolve update-type null for Python, Composer, and Terraform PRs by @vitorsdcs in dependabot/fetch-metadata#704

build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in dependabot/fetch-metadata#703

build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot[bot] in dependabot/fetch-metadata#701

build(deps): bump @actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @dependabot[bot] in dependabot/fetch-metadata#702

build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in dependabot/fetch-metadata#705

v3.1.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

@devantler made their first contribution in dependabot/fetch-metadata#700

@vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

feat: Parse versions from metadata links by @ppkarwasz in dependabot/fetch-metadata#632

Upgrade actions core and actions github packages by @truggeri in dependabot/fetch-metadata#649

docs: Add notes for using alert-lookup with App Token by @sue445 in dependabot/fetch-metadata#656

feat!: update Node.js version to v24 by @sturman in dependabot/fetch-metadata#671

Switch build tooling from ncc to esbuild by @truggeri in dependabot/fetch-metadata#676

Add --legal-comments=none to esbuild build commands by @jeffwidman in dependabot/fetch-metadata#679

Bump tsconfig target from es2022 to es2024 by @jeffwidman in dependabot/fetch-metadata#680

Remove vestigial outDir from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#681

Switch tsconfig module resolution to bundler by @jeffwidman in dependabot/fetch-metadata#682

Remove skipLibCheck from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#683

Add typecheck step to CI by @jeffwidman in dependabot/fetch-metadata#685

Enable noImplicitAny in tsconfig.json by @jeffwidman in dependabot/fetch-metadata#684

Upgrade @actions/core to ^3.0.0 by @truggeri in dependabot/fetch-metadata#677

Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 by @truggeri in dependabot/fetch-metadata#678

Bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in dependabot/fetch-metadata#651

Bump hono from 4.11.1 to 4.11.4 by @dependabot[bot] in dependabot/fetch-metadata#652

Bump hono from 4.11.4 to 4.11.7 by @dependabot[bot] in dependabot/fetch-metadata#653

Bump hono from 4.11.7 to 4.12.0 by @dependabot[bot] in dependabot/fetch-metadata#657

Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in dependabot/fetch-metadata#655

Bump @modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @dependabot[bot] in dependabot/fetch-metadata#654

Bump @hono/node-server from 1.19.9 to 1.19.10 by @dependabot[bot] in dependabot/fetch-metadata#665

Bump hono from 4.12.2 to 4.12.5 by @dependabot[bot] in dependabot/fetch-metadata#664

... (truncated)

Commits

25dd0e3 v3.1.0 (#692)
e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
5168191 Updating dist build
23882e1 build(deps): bump @actions/github in the dependencies group
1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot · 2026-01-11T22:03:54Z

Labels

The following labels could not be found: automated, ci, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Nathan Schram (nathanschram) · 2026-05-11T04:11:53Z

Dependabot (@dependabot) recreate

Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2.3.0 to 3.1.0. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@d7267f6...25dd0e3) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot requested a review from Nathan Schram (nathanschram) as a code owner January 11, 2026 22:03

dependabot Bot mentioned this pull request Jan 11, 2026

ci(deps): bump dependabot/fetch-metadata from 2.3.0 to 2.4.0 #3

Closed

dependabot Bot changed the title ~~ci(deps): bump dependabot/fetch-metadata from 2.3.0 to 2.5.0~~ ci(deps): bump dependabot/fetch-metadata from 2.3.0 to 3.1.0 May 11, 2026

dependabot Bot force-pushed the dependabot/github_actions/dependabot/fetch-metadata-2.5.0 branch from f4c93b2 to 1355d47 Compare May 11, 2026 04:12

Nathan Schram (nathanschram) merged commit e58431f into main May 11, 2026
4 of 5 checks passed

Nathan Schram (nathanschram) deleted the dependabot/github_actions/dependabot/fetch-metadata-2.5.0 branch May 11, 2026 04:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump dependabot/fetch-metadata from 2.3.0 to 3.1.0#5

ci(deps): bump dependabot/fetch-metadata from 2.3.0 to 3.1.0#5
Nathan Schram (nathanschram) merged 1 commit into
mainfrom
dependabot/github_actions/dependabot/fetch-metadata-2.5.0

dependabot Bot commented on behalf of github Jan 11, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jan 11, 2026

Uh oh!

Nathan Schram (nathanschram) commented May 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jan 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.1.0

What's Changed

New Contributors

v3.0.0

What's Changed

Uh oh!

dependabot Bot commented on behalf of github Jan 11, 2026

Labels

Uh oh!

Nathan Schram (nathanschram) commented May 11, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jan 11, 2026 •

edited

Loading