chore(deps): bump dependabot/fetch-metadata from 2 to 3#8
Merged
topcoder1 merged 1 commit intoMay 22, 2026
Merged
Conversation
dependabot
Bot
added
dependencies
topcoder1
added a commit
that referenced
this pull request
May 1, 2026
…Rs (#16) claude-code-action@v1 currently crashes when invoked on a dependabot PR with the error: Internal error: directory mismatch for directory "/home/runner/work/_actions/anthropics/claude-code-action/v1/tsconfig.json", fd 4 Verified across #7, #8, #9 — three consecutive dependabot PRs, all FAILURE on `review / Claude Review`. The same action+version succeeds on human-authored PRs in the same repo, so the bug is specific to dependabot's restricted GITHUB_TOKEN scope. Even when the action does run on dep bumps, the value is low — diffs are upstream version metadata, not project logic. The risk classifier still labels them; humans still see the diff at merge time. Skipping Claude review here is signal, not loss. Implementation: a pre-check step posts a one-line "Skipped" PR comment when the PR author is dependabot[bot] or renovate[bot], sets a step output, and the claude-code-action step is gated on that output. The job remains green so branch rulesets that require `review / Claude Review` are satisfied. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
|
Reopening to trigger fresh CI |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2 to 3. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@v2...v3) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/github_actions/dependabot/fetch-metadata-3
branch
from
fb8cce6 to
8ee1e58
Compare
|
Skipped: bot-authored PR ( |
topcoder1
deleted the
dependabot/github_actions/dependabot/fetch-metadata-3
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps dependabot/fetch-metadata from 2 to 3.
Release notes
Sourced from dependabot/fetch-metadata's releases.
... (truncated)
Commits
25dd0e3v3.1.0 (#692)e073f50Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.140670e16build(deps-dev): bump hono from 4.12.12 to 4.12.147a7fe10Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...5168191Updating dist build23882e1build(deps): bump@actions/githubin the dependencies group1072469Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...43f8a00build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1b4d904aMerge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0c8046bbbuild(deps-dev): bump globals from 17.4.0 to 17.5.0