Bump the actions group across 1 directory with 2 updates by dependabot[bot] · Pull Request #670 · trailofbits/publications

dependabot · 2026-04-15T05:16:21Z

Bumps the actions group with 2 updates in the / directory: anthropics/claude-code-action and dependabot/fetch-metadata.

Updates anthropics/claude-code-action from 0.0.63 to 1.0.122

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.122

Full Changelog: anthropics/claude-code-action@v1...v1.0.122

v1.0.121

Full Changelog: anthropics/claude-code-action@v1...v1.0.121

v1.0.120

Full Changelog: anthropics/claude-code-action@v1...v1.0.120

v1.0.119

Full Changelog: anthropics/claude-code-action@v1...v1.0.119

v1.0.118

Full Changelog: anthropics/claude-code-action@v1...v1.0.118

v1.0.117

Full Changelog: anthropics/claude-code-action@v1...v1.0.117

v1.0.116

What's Changed

Update HackerOne links in SECURITY.md by @OctavianGuzu in anthropics/claude-code-action#1268

Full Changelog: anthropics/claude-code-action@v1...v1.0.116

v1.0.115

Full Changelog: anthropics/claude-code-action@v1...v1.0.115

v1.0.114

Full Changelog: anthropics/claude-code-action@v1...v1.0.114

v1.0.113

Full Changelog: anthropics/claude-code-action@v1...v1.0.113

v1.0.112

What's Changed

fix: make trigger_phrase match case-insensitive by @JustinBis in anthropics/claude-code-action#1279

New Contributors

@JustinBis made their first contribution in anthropics/claude-code-action#1279

Full Changelog: anthropics/claude-code-action@v1...v1.0.112

v1.0.111

Full Changelog: anthropics/claude-code-action@v1...v1.0.111

v1.0.110

Full Changelog: anthropics/claude-code-action@v1...v1.0.110

v1.0.109

... (truncated)

Commits

86eb26b chore: bump Claude Code to 2.1.141 and Agent SDK to 0.2.141
f4fb5c6 chore: bump Claude Code to 2.1.140 and Agent SDK to 0.2.140
dde2242 chore: bump Claude Code to 2.1.139 and Agent SDK to 0.2.139
476e359 chore: bump Claude Code to 2.1.138 and Agent SDK to 0.2.138
ad67978 chore: bump Claude Code to 2.1.137 and Agent SDK to 0.2.137
034cbdb chore: bump Claude Code to 2.1.136 and Agent SDK to 0.2.136
939ae9c chore: bump Claude Code to 2.1.133 and Agent SDK to 0.2.133
e9c374d Update HackerOne links in SECURITY.md (#1268)
9db782c chore: bump Claude Code to 2.1.132 and Agent SDK to 0.2.132
62238dd chore: bump Claude Code to 2.1.131 and Agent SDK to 0.2.131
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.5.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

Add permissions to all workflows by @truggeri in dependabot/fetch-metadata#687

build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @dependabot[bot] in dependabot/fetch-metadata#690

build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in dependabot/fetch-metadata#693

build(deps-dev): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in dependabot/fetch-metadata#694

build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in dependabot/fetch-metadata#695

Dynamically update the tracking tag in action by @truggeri in dependabot/fetch-metadata#696

fix: handle duplicate dependency names in parseMetadataLinks by @devantler in dependabot/fetch-metadata#700

fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @devantler in dependabot/fetch-metadata#698

Updates to README for permissions clarification by @truggeri in dependabot/fetch-metadata#697

fix: resolve update-type null for Python, Composer, and Terraform PRs by @vitorsdcs in dependabot/fetch-metadata#704

build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in dependabot/fetch-metadata#703

build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot[bot] in dependabot/fetch-metadata#701

build(deps): bump @actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @dependabot[bot] in dependabot/fetch-metadata#702

build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in dependabot/fetch-metadata#705

v3.1.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

@devantler made their first contribution in dependabot/fetch-metadata#700

@vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

feat: Parse versions from metadata links by @ppkarwasz in dependabot/fetch-metadata#632

Upgrade actions core and actions github packages by @truggeri in dependabot/fetch-metadata#649

docs: Add notes for using alert-lookup with App Token by @sue445 in dependabot/fetch-metadata#656

feat!: update Node.js version to v24 by @sturman in dependabot/fetch-metadata#671

Switch build tooling from ncc to esbuild by @truggeri in dependabot/fetch-metadata#676

Add --legal-comments=none to esbuild build commands by @jeffwidman in dependabot/fetch-metadata#679

Bump tsconfig target from es2022 to es2024 by @jeffwidman in dependabot/fetch-metadata#680

Remove vestigial outDir from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#681

Switch tsconfig module resolution to bundler by @jeffwidman in dependabot/fetch-metadata#682

Remove skipLibCheck from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#683

Add typecheck step to CI by @jeffwidman in dependabot/fetch-metadata#685

Enable noImplicitAny in tsconfig.json by @jeffwidman in dependabot/fetch-metadata#684

Upgrade @actions/core to ^3.0.0 by @truggeri in dependabot/fetch-metadata#677

Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 by @truggeri in dependabot/fetch-metadata#678

Bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in dependabot/fetch-metadata#651

Bump hono from 4.11.1 to 4.11.4 by @dependabot[bot] in dependabot/fetch-metadata#652

Bump hono from 4.11.4 to 4.11.7 by @dependabot[bot] in dependabot/fetch-metadata#653

Bump hono from 4.11.7 to 4.12.0 by @dependabot[bot] in dependabot/fetch-metadata#657

Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in dependabot/fetch-metadata#655

Bump @modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @dependabot[bot] in dependabot/fetch-metadata#654

Bump @hono/node-server from 1.19.9 to 1.19.10 by @dependabot[bot] in dependabot/fetch-metadata#665

Bump hono from 4.12.2 to 4.12.5 by @dependabot[bot] in dependabot/fetch-metadata#664

... (truncated)

Commits

25dd0e3 v3.1.0 (#692)
e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
5168191 Updating dist build
23882e1 build(deps): bump @actions/github in the dependencies group
1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
Additional commits viewable in compare view

Bumps the actions group with 2 updates in the / directory: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata). Updates `anthropics/claude-code-action` from 0.0.63 to 1.0.122 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@28f8362...86eb26b) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...25dd0e3) --- updated-dependencies: - dependency-name: anthropics/claude-code-action dependency-version: 1.0.90 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 15, 2026

dependabot Bot force-pushed the dependabot/github_actions/actions-72087fde26 branch from ea5f548 to d63dc49 Compare April 22, 2026 05:16

dependabot Bot force-pushed the dependabot/github_actions/actions-72087fde26 branch 2 times, most recently from 8c05180 to 5207943 Compare May 6, 2026 05:17

dependabot Bot force-pushed the dependabot/github_actions/actions-72087fde26 branch from 5207943 to 87b9a63 Compare May 13, 2026 05:20

dependabot Bot force-pushed the dependabot/github_actions/actions-72087fde26 branch from 87b9a63 to 0601fac Compare May 20, 2026 09:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 2 updates#670

Bump the actions group across 1 directory with 2 updates#670
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions-72087fde26

dependabot Bot commented on behalf of github Apr 15, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.0.122

v1.0.121

v1.0.120

v1.0.119

v1.0.118

v1.0.117

v1.0.116

What's Changed

v1.0.115

v1.0.114

v1.0.113

v1.0.112

What's Changed

New Contributors

v1.0.111

v1.0.110

v1.0.109

v3.1.0

What's Changed

New Contributors

v3.0.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 15, 2026 •

edited

Loading