dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-12 18:07:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
653 Commits 8 Branches 28 Tags
fc6f54062b51955c55d26b0806168ae60fee8d75
Commit Graph

653 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
fetch-metadata-action-automation[bot]
fc6f54062b Merge pull request #638 from dependabot/dependabot/github_actions/actions/create-github-app-token-2.1.4 
Bump actions/create-github-app-token from 2.1.1 to 2.1.4
 2025-10-10 13:16:47 -07:00
dependabot[bot]
500eae7acf Bump actions/create-github-app-token from 2.1.1 to 2.1.4 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.1.1 to 2.1.4.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](a8d6161485...6701853927)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-14 16:01:12 +00:00
fetch-metadata-action-automation[bot]
46cfd663b8 Merge pull request #635 from dependabot/dependabot/github_actions/actions/create-github-app-token-2.1.1 
Bump actions/create-github-app-token from 2.0.6 to 2.1.1
 2025-09-04 15:53:34 -07:00
dependabot[bot]
c1d60bae80 Bump actions/create-github-app-token from 2.0.6 to 2.1.1 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.0.6 to 2.1.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](df432ceedc...a8d6161485)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-17 16:34:29 +00:00
fetch-metadata-action-automation[bot]
496eb7a6d0 Merge pull request #629 from dependabot/dependabot/npm_and_yarn/dev-dependencies-0ce598d91d 
Bump the dev-dependencies group with 11 updates
 2025-05-16 19:34:02 +00:00
Jeff Widman
37e6fcd735 add npm run build output 2025-05-16 19:33:20 +00:00
dependabot[bot]
00912675f7 Bump the dev-dependencies group with 11 updates 
Bumps the dev-dependencies group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/eslintrc](https://github.com/eslint/eslintrc) | `3.3.0` | `3.3.1` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.22.0` | `9.26.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.13.11` | `22.15.17` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.27.0` | `8.32.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.27.0` | `8.32.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.4.7` | `16.5.0` |
| [eslint](https://github.com/eslint/eslint) | `9.22.0` | `9.26.0` |
| [nock](https://github.com/nock/nock) | `14.0.1` | `14.0.4` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.2.6` | `29.3.2` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.8.2` | `5.8.3` |
| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.7.1` |


Updates `@eslint/eslintrc` from 3.3.0 to 3.3.1
- [Release notes](https://github.com/eslint/eslintrc/releases)
- [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslintrc/compare/v3.3.0...v3.3.1)

Updates `@eslint/js` from 9.22.0 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.26.0/packages/js)

Updates `@types/node` from 22.13.11 to 22.15.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.27.0 to 8.32.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.27.0 to 8.32.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.0/packages/parser)

Updates `dotenv` from 16.4.7 to 16.5.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.4.7...v16.5.0)

Updates `eslint` from 9.22.0 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.22.0...v9.26.0)

Updates `nock` from 14.0.1 to 14.0.4
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.1...v14.0.4)

Updates `ts-jest` from 29.2.6 to 29.3.2
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.2.6...v29.3.2)

Updates `typescript` from 5.8.2 to 5.8.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.8.2...v5.8.3)

Updates `yaml` from 2.7.0 to 2.7.1
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.7.0...v2.7.1)

---
updated-dependencies:
- dependency-name: "@eslint/eslintrc"
  dependency-version: 3.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 22.15.17
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: dotenv
  dependency-version: 16.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 9.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: nock
  dependency-version: 14.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: ts-jest
  dependency-version: 29.3.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript
  dependency-version: 5.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: yaml
  dependency-version: 2.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-15 04:32:17 +00:00
fetch-metadata-action-automation[bot]
d7ff83c1b0 Merge pull request #628 from dependabot/dependabot/github_actions/actions/publish-immutable-action-0.0.4 
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4
 2025-05-14 22:28:40 -06:00
dependabot[bot]
b8623e7fe6 Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 
Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-version: 0.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-11 16:49:18 +00:00
fetch-metadata-action-automation[bot]
08eff52bf6 v2.4.0 (#594) 
Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v2.4.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v2.4.0 		2025-05-09 17:48:12 -06:00
fetch-metadata-action-automation[bot]
821b654251 Merge pull request #621 from dependabot/dependabot/github_actions/actions/create-github-app-token-2.0.6 
Bump actions/create-github-app-token from 2.0.2 to 2.0.6
 2025-05-09 17:42:22 -06:00
dependabot[bot]
2c22a370e3 Bump actions/create-github-app-token from 2.0.2 to 2.0.6 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.0.2 to 2.0.6.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](3ff1caaa28...df432ceedc)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-09 23:38:31 +00:00
Jeff Widman
6ad01a0495 Add workflow to publish new version of immutable action on every release (#623) 
Adds a workflow that publishes a new version of the immutable action package
for this action on every release.

Co-authored-by: Nish Sinha <nishnha@github.com>
 2025-05-09 17:37:39 -06:00
Jeff Widman
8ca800c164 Enable caching of npm install/npm ci for setup-node action (#618) 
They now support caching the results of `npm install`/`npm ci`:
https://github.blog/changelog/2021-07-02-github-actions-setup-node-now-supports-dependency-caching/
 2025-04-14 08:58:10 -07:00
fetch-metadata-action-automation[bot]
67876354ac Merge pull request #616 from dependabot/dependabot/github_actions/actions/create-github-app-token-2.0.2 
Bump actions/create-github-app-token from 1.11.3 to 2.0.2
 2025-04-11 11:37:43 -07:00
dependabot[bot]
a09d4affbb Bump actions/create-github-app-token from 1.11.3 to 2.0.2 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.11.3 to 2.0.2.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](67e27a7eb7...3ff1caaa28)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-11 16:34:33 +00:00
Jeff Widman
3a5ce46470 Remove unnecessary hardcoding of ref (#617) 
I'm copying the setup of one of these actions to another repo, and the
hardcoding of `ref` surprised me... these should be the same as the
defaault behavior. I checked with Barry who originally committed these
files, and he didn't remember why... possibly he'd hardcoded them when
testing the action and forgot to remove them.

So let's pull them out to remove confusion.
 2025-04-11 09:33:37 -07:00
Jeff Widman
798f45cdc5 Fixup some anchor tags that weren't deeplinking (#614) 2025-04-02 16:47:58 -04:00
Jeff Widman
6c031ac618 Tidy up examples slightly (#611) 
Tidies up the examples slightly
 2025-03-28 17:38:45 -07:00
fetch-metadata-action-automation[bot]
8a668d0946 Merge pull request #607 from dependabot/dependabot/npm_and_yarn/dev-dependencies-d1701f1a4e 
Bump the dev-dependencies group across 1 directory with 8 updates
 2025-03-21 19:47:50 +00:00
Jeff Widman
52024a6955 npm ci && npm run build 2025-03-21 19:47:15 +00:00
dependabot[bot]
cf55c3c50d Bump the dev-dependencies group across 1 directory with 8 updates 
Bumps the dev-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.12` | `29.5.14` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.11.20` | `22.13.11` |
| [@types/yargs](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/yargs) | `17.0.32` | `17.0.33` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.4.5` | `16.4.7` |
| [nock](https://github.com/nock/nock) | `13.5.3` | `14.0.1` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.1.2` | `29.2.6` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.3.3` | `5.8.2` |
| [yaml](https://github.com/eemeli/yaml) | `2.4.0` | `2.7.0` |



Updates `@types/jest` from 29.5.12 to 29.5.14
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Updates `@types/node` from 20.11.20 to 22.13.11
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/yargs` from 17.0.32 to 17.0.33
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/yargs)

Updates `dotenv` from 16.4.5 to 16.4.7
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.4.5...v16.4.7)

Updates `nock` from 13.5.3 to 14.0.1
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v13.5.3...v14.0.1)

Updates `ts-jest` from 29.1.2 to 29.2.6
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.1.2...v29.2.6)

Updates `typescript` from 5.3.3 to 5.8.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.3.3...v5.8.2)

Updates `yaml` from 2.4.0 to 2.7.0
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.4.0...v2.7.0)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: "@types/yargs"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: dotenv
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: yaml
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-21 19:29:32 +00:00
Jeff Widman
ed675a3d5f Make typescript compile to "es2022" (#609) 
Keeping back in `"es6"` is causing an issue over in a Dependabot PR where
another library wants to use newer Javascript features.

The reason `"es6"` was the previous target is because GitHub actions
used to use node 12, which didn't support some of the newer versions.
But now that GitHub Actions is on Node 20, which supports `"es2022"`,
it's safe to let Typescript compile using this much newer syntax.
 2025-03-21 12:27:38 -07:00
Jeff Widman
09e0b2cf63 Stop using a node16 devcontainer image (#608) 
This was originally added because actions was still on node 16, but
codespaces / devcontainers were running newer:
* https://github.com/dependabot/fetch-metadata/issues/334
* https://github.com/dependabot/fetch-metadata/pull/337

However, Actions has now migrated to node 20:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/

And we migrated this action here:
* https://github.com/dependabot/fetch-metadata/pull/443

So now we have the opposite problem, that our devcontainer is now
outdated.

I considered updating it, but we'd prefer not to manage these versions
unless we have to... as it's just one more thing to maintain on a repo
that doesn't see a lot of activity.

So instead I removed it and we'll just inherit the default for now. If
we later need a custom one, it's easy to re-add.
 2025-03-21 12:10:48 -07:00
Jeff Widman
553e555f81 Bump to ESLint 9 (#606) 
This bumps to ESLint 9:

* Bump the main `eslint` package to v9
* Remove the `eslint-config-standard` package as it doesn't yet support
  ESLint 9 and doesn't appear to be actively maintained... I considered
  some of the alternatives, but they've got some drama attached (https://github.com/standard/standard/issues/1948)
  so it seemed simplest for now to not worry about replacing it. This is
  a linter, so it's easy to switch to a different config if we want to
  later.
* Migrate to the new [Flat config format](https://eslint.org/docs/user-guide/configuring/configuration-files#using-the-flat-format).
 2025-03-21 11:25:45 -07:00
Jeff Widman
af0958cb2e Merge pull request #605 from dependabot/add-missing-octokit-package-to-package.json 
`src/main.ts` includes the import:
```javascript
import { RequestError } from '@octokit/request-error'
```

However, we weren't explicitly requiring this in `package.json`. It was implicitly coming in via `@actions/github` import, but best to be explicit about it.

Discovered via:
```shell
npm install -g npm-check
npm-check
```

Which reported the following error:
```
@octokit/request-error             😟  PKG ERR!  Not in the package.json. Found in: /src/main.test.ts, /src/main.ts
```

Note: There is a newer `v6` version of `@octokit/request-error` available. However, it threw a type error due a breaking change. So for now I only bumped to the `v5` version, and we can fix the upgrade later. It's a step in the right direction to at least make this import explicit.
 2025-03-21 10:24:25 -07:00
Jeff Widman
acbb0b07f3 try bumping to v5, I don't think it broke til v6 2025-03-21 06:05:01 +00:00
Jeff Widman
4b5bbe21fd Add missing @octokit/request-error to package.json 
`src/main.ts` includes the import:
```javascript
import { RequestError } from '@octokit/request-error'
```

However, we weren't explicitly requiring this in `package.json`.
It was implicitly coming in via `@actions/github` import, but best
to be explicit about it.

Discovered via:
```shell
npm install -g npm-check
npm-check
```

Which reported the following error:
```
@octokit/request-error             😟  PKG ERR!  Not in the package.json. Found in: /src/main.test.ts, /src/main.ts
```

Note: There is a _much_ newer version of `@octokit/request-error` available.
However, that threw some type errors due to breaking changes.
This `2.1.0` version was already pinned as a transitive dependency
in `package-lock.json`, so I went with that for now.
 2025-03-21 05:56:36 +00:00
fetch-metadata-action-automation[bot]
266c607354 Merge pull request #578 from dependabot/dependabot/npm_and_yarn/vercel/ncc-0.38.3 
Bump @vercel/ncc from 0.38.1 to 0.38.3
 2025-03-20 20:47:26 +00:00
Jeff Widman
1f1b88b7d0 npm ci && npm run build 2025-03-20 20:46:52 +00:00
dependabot[bot]
89a214ad0a Bump @vercel/ncc from 0.38.1 to 0.38.3 
Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.38.3)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-20 20:43:20 +00:00
fetch-metadata-action-automation[bot]
fa40ff438f Merge pull request #598 from dependabot/dependabot/github_actions/actions/create-github-app-token-1.11.3 
Bump actions/create-github-app-token from 1.11.0 to 1.11.3
 2025-03-19 22:58:03 -07:00
dependabot[bot]
ae47413891 Bump actions/create-github-app-token from 1.11.0 to 1.11.3 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.11.0 to 1.11.3.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](5d869da34e...67e27a7eb7)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-09 16:51:46 +00:00
Nish Sinha
d7267f607e Merge pull request #543 from dependabot/bump-to-v2.3.0 
v2.3.0
v2.3.0 		2025-01-24 14:28:12 -05:00
github-actions[bot]
e3dd295a04 v2.3.0 
Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v2.3.0
 2025-01-24 13:52:22 -05:00
Nish Sinha
3da9521b8c Merge pull request #565 from CloudNStoyan/main 
Handle branch names containing dependency group
 2025-01-24 13:49:05 -05:00
Stoyan Kolev
de52f60015 update build 2025-01-24 13:48:15 -05:00
Stoyan Kolev
59d2b1fb73 fix incorrect parsing of directory when using dependency-group 2025-01-24 13:48:15 -05:00
Nish Sinha
0d27069494 Merge pull request #564 from CatChen/fixed-missing-outputs-in-action-yml 
Fixed missing outputs in action.yml
 2025-01-24 13:43:12 -05:00
Cat Chen
5a7546a6e7 Fixed missing outputs in action.yml 2024-10-23 12:38:44 -07:00
Nish Sinha
06ea45a2e4 Merge pull request #563 from CloudNStoyan/main 
fix readme action example
 2024-10-23 12:23:02 -04:00
Stoyan Kolev
bbfca7ec1c fix readme action example 2024-10-21 20:44:00 +03:00
fetch-metadata-action-automation[bot]
b0d0393a82 Merge pull request #554 from dependabot/dependabot/github_actions/actions/create-github-app-token-1.11.0 
Bump actions/create-github-app-token from 1.10.3 to 1.11.0
 2024-09-27 08:18:08 -07:00
dependabot[bot]
d664895d57 Bump actions/create-github-app-token from 1.10.3 to 1.11.0 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.10.3 to 1.11.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](31c86eb3b3...5d869da34e)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-15 16:24:34 +00:00
Jeff Widman
efb8718212 Silence audit and funding messages from npm (#550) 
While reviewing some logs, I noticed the following:
```shell
added 1 package, changed 30 packages, and audited 382 packages in 6s

58 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
```

While I'm not against security, nor supporting OSS maintainers (I
co-maintain 10+ projects myself!), I am against noisy logs that add no
value.

So let's silence these:

1. When they appear in CI, they add no value.
1. We've got our own security tools for vulnerable deps, which we rely
   on instead of `npm audit` results.
1. When I'm skimming logs looking for debug information, these just get
   in my way.
1. There may be a speed boost if the audit/fix metadata requires an additional API call, 
   and silencing actually skips that rather than merely silencing it.

There's multiple ways to silence these: https://benjamincrozat.com/disable-packages-are-looking-for-funding

Originally I tackled this by adding `--no-audit --no-fund` flags, but
there's a lot of different entrypoints and workflows that call `npm ci`
or `npm install`. Even if I do manage to get them all, there's always a
risk someone will come along later and add another entrypoint. So that's
why I went the `.npmrc` route.

After this change, the logs are much better:
```shell
added 1 package, changed 30 packages, and audited 382 packages in 6s
```
 2024-09-04 10:46:08 -07:00
Nish Sinha
67945c0712 Merge pull request #548 from dependabot/nishnha/specify-if-conditional 
Update readme to include an if conditional
 2024-08-26 18:03:47 -04:00
Nish Sinha
46e21c91ff Add the pull_request_target permissions note 2024-08-26 17:55:25 -04:00
Nish Sinha
9e29706b9b pull_request_target -> pull_request 2024-08-26 17:49:24 -04:00
Nish Sinha
af75c3e1a2 Remove ${{ }} 2024-08-26 17:48:22 -04:00
Nish Sinha
e10dfc617d Specify if conditional 
Also update all fetch-metadata@v1 references to v2
 2024-08-26 16:47:17 -04:00