Bump the actions group across 1 directory with 2 updates by dependabot[bot] · Pull Request #670 · trailofbits/publications

dependabot · 2026-04-15T05:16:21Z

Bumps the actions group with 2 updates in the / directory: anthropics/claude-code-action and dependabot/fetch-metadata.

Updates anthropics/claude-code-action from 0.0.63 to 1.0.103

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.103

Full Changelog: anthropics/claude-code-action@v1...v1.0.103

v1.0.102

What's Changed

chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) by @ashwin-ant in anthropics/claude-code-action#1238

docs: nit updates to security.md by @OctavianGuzu in anthropics/claude-code-action#1240

Full Changelog: anthropics/claude-code-action@v1...v1.0.102

v1.0.101

Full Changelog: anthropics/claude-code-action@v1...v1.0.101

v1.0.100

What's Changed

Upgrade Claude model from opus-4-6 to opus-4-7 by @ashwin-ant in anthropics/claude-code-action#1227

fix: pass install.sh binary path to Agent SDK after 0.2.113 bump by @ashwin-ant in anthropics/claude-code-action#1235

Full Changelog: anthropics/claude-code-action@v1...v1.0.100

v1.0.99

Full Changelog: anthropics/claude-code-action@v1...v1.0.99

v1.0.98

Full Changelog: anthropics/claude-code-action@v1...v1.0.98

v1.0.97

Full Changelog: anthropics/claude-code-action@v1...v1.0.97

v1.0.96

What's Changed

fix: handle fork PRs by fetching via refs/pull/N/head by @stakeswky in anthropics/claude-code-action#963

New Contributors

@stakeswky made their first contribution in anthropics/claude-code-action#963

Full Changelog: anthropics/claude-code-action@v1...v1.0.96

v1.0.95

Full Changelog: anthropics/claude-code-action@v1...v1.0.95

v1.0.94

What's Changed

Prepend system bin dirs to PATH when allowed_non_write_users is set by @OctavianGuzu in anthropics/claude-code-action#1208

Full Changelog: anthropics/claude-code-action@v1...v1.0.94

... (truncated)

Commits

4e5d8b1 chore: bump Claude Code to 2.1.117 and Agent SDK to 0.2.117
5d5c10a chore: bump Claude Code to 2.1.116 and Agent SDK to 0.2.116
632a368 docs: nit updates to security.md (#1240)
4c682d8 chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) (#1238)
38ec876 chore: bump Claude Code to 2.1.114 and Agent SDK to 0.2.114
0d2971c fix: pass install.sh binary path explicitly to Agent SDK (#1235)
c68f82c chore: bump Claude Code to 2.1.113 and Agent SDK to 0.2.113
78758ed chore: bump model version in workflows (#1227)
c3d45e8 chore: bump Claude Code to 2.1.112 and Agent SDK to 0.2.112
931e620 chore: bump Claude Code to 2.1.111 and Agent SDK to 0.2.111
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.5.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

Add permissions to all workflows by @truggeri in dependabot/fetch-metadata#687

build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @dependabot[bot] in dependabot/fetch-metadata#690

build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in dependabot/fetch-metadata#693

build(deps-dev): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in dependabot/fetch-metadata#694

build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in dependabot/fetch-metadata#695

Dynamically update the tracking tag in action by @truggeri in dependabot/fetch-metadata#696

fix: handle duplicate dependency names in parseMetadataLinks by @devantler in dependabot/fetch-metadata#700

fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @devantler in dependabot/fetch-metadata#698

Updates to README for permissions clarification by @truggeri in dependabot/fetch-metadata#697

fix: resolve update-type null for Python, Composer, and Terraform PRs by @vitorsdcs in dependabot/fetch-metadata#704

build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in dependabot/fetch-metadata#703

build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot[bot] in dependabot/fetch-metadata#701

build(deps): bump @actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @dependabot[bot] in dependabot/fetch-metadata#702

build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in dependabot/fetch-metadata#705

v3.1.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

@devantler made their first contribution in dependabot/fetch-metadata#700

@vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

feat: Parse versions from metadata links by @ppkarwasz in dependabot/fetch-metadata#632

Upgrade actions core and actions github packages by @truggeri in dependabot/fetch-metadata#649

docs: Add notes for using alert-lookup with App Token by @sue445 in dependabot/fetch-metadata#656

feat!: update Node.js version to v24 by @sturman in dependabot/fetch-metadata#671

Switch build tooling from ncc to esbuild by @truggeri in dependabot/fetch-metadata#676

Add --legal-comments=none to esbuild build commands by @jeffwidman in dependabot/fetch-metadata#679

Bump tsconfig target from es2022 to es2024 by @jeffwidman in dependabot/fetch-metadata#680

Remove vestigial outDir from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#681

Switch tsconfig module resolution to bundler by @jeffwidman in dependabot/fetch-metadata#682

Remove skipLibCheck from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#683

Add typecheck step to CI by @jeffwidman in dependabot/fetch-metadata#685

Enable noImplicitAny in tsconfig.json by @jeffwidman in dependabot/fetch-metadata#684

Upgrade @actions/core to ^3.0.0 by @truggeri in dependabot/fetch-metadata#677

Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 by @truggeri in dependabot/fetch-metadata#678

Bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in dependabot/fetch-metadata#651

Bump hono from 4.11.1 to 4.11.4 by @dependabot[bot] in dependabot/fetch-metadata#652

Bump hono from 4.11.4 to 4.11.7 by @dependabot[bot] in dependabot/fetch-metadata#653

Bump hono from 4.11.7 to 4.12.0 by @dependabot[bot] in dependabot/fetch-metadata#657

Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in dependabot/fetch-metadata#655

Bump @modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @dependabot[bot] in dependabot/fetch-metadata#654

Bump @hono/node-server from 1.19.9 to 1.19.10 by @dependabot[bot] in dependabot/fetch-metadata#665

Bump hono from 4.12.2 to 4.12.5 by @dependabot[bot] in dependabot/fetch-metadata#664

... (truncated)

Commits

25dd0e3 v3.1.0 (#692)
e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
5168191 Updating dist build
23882e1 build(deps): bump @actions/github in the dependencies group
1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
Additional commits viewable in compare view

Bumps the actions group with 2 updates in the / directory: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata). Updates `anthropics/claude-code-action` from 0.0.63 to 1.0.103 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@28f8362...4e5d8b1) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...25dd0e3) --- updated-dependencies: - dependency-name: anthropics/claude-code-action dependency-version: 1.0.90 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 15, 2026

dependabot Bot force-pushed the dependabot/github_actions/actions-72087fde26 branch from ea5f548 to d63dc49 Compare April 22, 2026 05:16

dependabot Bot force-pushed the dependabot/github_actions/actions-72087fde26 branch from d63dc49 to 8c05180 Compare April 29, 2026 05:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 2 updates#670

Bump the actions group across 1 directory with 2 updates#670
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/actions-72087fde26

dependabot Bot commented on behalf of github Apr 15, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.0.103

v1.0.102

What's Changed

v1.0.101

v1.0.100

What's Changed

v1.0.99

v1.0.98

v1.0.97

v1.0.96

What's Changed

New Contributors

v1.0.95

v1.0.94

What's Changed

v3.1.0

What's Changed

New Contributors

v3.0.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 15, 2026 •

edited

Loading