Fetch Metadata from Dependabot PRs
Version updated for https://github.com/dependabot/fetch-metadata to version v2.5.0.
- This publisher is shown as ‘verified’ by GitHub.
- This action is used across all versions by 46,505 repositories.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The Fetch Metadata Action (dependabot/fetch-metadata) extracts detailed information about dependencies updated by Dependabot pull requests, enabling workflows to access metadata such as dependency names, types, update severity, and compatibility scores. It automates the process of gathering dependency-related insights, helping developers better understand and manage updates while improving security and compatibility analysis. Key capabilities include alert lookups, compatibility scoring, and structured outputs for further processing.
Release notes
What’s Changed
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/628
- Bump the dev-dependencies group with 11 updates by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/629
- Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/635
- Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/638
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/636
- Bump actions/setup-node from 4 to 5 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/637
- Bump actions/setup-node from 5 to 6 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/639
- Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/643
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/642
- Bump actions/create-github-app-token from 2.2.0 to 2.2.1 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/648
- Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/644
- Bump express from 5.1.0 to 5.2.1 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/645
- Bump @modelcontextprotocol/sdk from 1.11.2 to 1.24.0 by @dependabot[bot] in https://github.com/dependabot/fetch-metadata/pull/647
- v2.5.0 by @fetch-metadata-action-automation[bot] in https://github.com/dependabot/fetch-metadata/pull/631
Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v2...v2.5.0