Skip to content

chore(deps): bump dependabot/fetch-metadata from 2 to 3#8

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependabot/fetch-metadata-3
Open

chore(deps): bump dependabot/fetch-metadata from 2 to 3#8
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependabot/fetch-metadata-3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps dependabot/fetch-metadata from 2 to 3.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

New Contributors

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

v2.5.0

What's Changed

... (truncated)

Commits
  • 25dd0e3 v3.1.0 (#692)
  • e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
  • 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
  • 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
  • 5168191 Updating dist build
  • 23882e1 build(deps): bump @​actions/github in the dependencies group
  • 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
  • 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
  • b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
  • c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 30, 2026
@topcoder1 topcoder1 mentioned this pull request May 1, 2026
Merged
topcoder1 added a commit that referenced this pull request May 1, 2026
@topcoder1 @claude
fix(claude-review): skip claude-code-action for dependabot/renovate P…
bd507f6 
…Rs (#16)

claude-code-action@v1 currently crashes when invoked on a dependabot
PR with the error:

  Internal error: directory mismatch for directory
  "/home/runner/work/_actions/anthropics/claude-code-action/v1/tsconfig.json", fd 4

Verified across #7, #8, #9 — three consecutive
dependabot PRs, all FAILURE on `review / Claude Review`. The same
action+version succeeds on human-authored PRs in the same repo, so
the bug is specific to dependabot's restricted GITHUB_TOKEN scope.

Even when the action does run on dep bumps, the value is low —
diffs are upstream version metadata, not project logic. The risk
classifier still labels them; humans still see the diff at merge
time. Skipping Claude review here is signal, not loss.

Implementation: a pre-check step posts a one-line "Skipped" PR
comment when the PR author is dependabot[bot] or renovate[bot],
sets a step output, and the claude-code-action step is gated on
that output. The job remains green so branch rulesets that require
`review / Claude Review` are satisfied.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@topcoder1
Copy link
Copy Markdown
Owner

topcoder1 commented May 1, 2026

Reopening to trigger fresh CI

@topcoder1 topcoder1 closed this May 1, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 1, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@topcoder1 topcoder1 reopened this May 1, 2026
@dependabot
chore(deps): bump dependabot/fetch-metadata from 2 to 3
8ee1e58 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2 to 3.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@v2...v3)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump dependabot/fetch-metadata from 2 to 3 chore(deps): bump dependabot/fetch-metadata from 2 to 3 May 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dependabot/fetch-metadata-3 branch from fb8cce6 to 8ee1e58 Compare May 1, 2026 22:37
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026

Skipped: bot-authored PR (dependabot[bot]). Dependency bumps are reviewed by the risk classifier and human merge gate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@topcoder1