chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0

[dependabot]

Bumps dependabot/fetch-metadata from 2.5.0 to 3.0.0.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

What's Changed

• feat: Parse versions from metadata links by @​ppkarwasz in dependabot/fetch-metadata#632
• Upgrade actions core and actions github packages by @​truggeri in dependabot/fetch-metadata#649
• docs: Add notes for using alert-lookup with App Token by @​sue445 in dependabot/fetch-metadata#656
• feat!: update Node.js version to v24 by @​sturman in dependabot/fetch-metadata#671
• Switch build tooling from ncc to esbuild by @​truggeri in dependabot/fetch-metadata#676
• Add --legal-comments=none to esbuild build commands by @​jeffwidman in dependabot/fetch-metadata#679
• Bump tsconfig target from es2022 to es2024 by @​jeffwidman in dependabot/fetch-metadata#680
• Remove vestigial outDir from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#681
• Switch tsconfig module resolution to bundler by @​jeffwidman in dependabot/fetch-metadata#682
• Remove skipLibCheck from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#683
• Add typecheck step to CI by @​jeffwidman in dependabot/fetch-metadata#685
• Enable noImplicitAny in tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#684
• Upgrade @​actions/core to ^3.0.0 by @​truggeri in dependabot/fetch-metadata#677
• Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 by @​truggeri in dependabot/fetch-metadata#678
• Bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in dependabot/fetch-metadata#651
• Bump hono from 4.11.1 to 4.11.4 by @​dependabot[bot] in dependabot/fetch-metadata#652
• Bump hono from 4.11.4 to 4.11.7 by @​dependabot[bot] in dependabot/fetch-metadata#653
• Bump hono from 4.11.7 to 4.12.0 by @​dependabot[bot] in dependabot/fetch-metadata#657
• Bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in dependabot/fetch-metadata#655
• Bump @​modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @​dependabot[bot] in dependabot/fetch-metadata#654
• Bump @​hono/node-server from 1.19.9 to 1.19.10 by @​dependabot[bot] in dependabot/fetch-metadata#665
• Bump hono from 4.12.2 to 4.12.5 by @​dependabot[bot] in dependabot/fetch-metadata#664
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in dependabot/fetch-metadata#667
• Bump hono from 4.12.5 to 4.12.7 by @​dependabot[bot] in dependabot/fetch-metadata#668
• Bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @​dependabot[bot] in dependabot/fetch-metadata#669
• Bump flatted from 3.3.3 to 3.4.2 by @​dependabot[bot] in dependabot/fetch-metadata#670
• build(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in dependabot/fetch-metadata#674

New Contributors

• @​ppkarwasz made their first contribution in dependabot/fetch-metadata#632
• @​truggeri made their first contribution in dependabot/fetch-metadata#649
• @​sue445 made their first contribution in dependabot/fetch-metadata#656
• @​sturman made their first contribution in dependabot/fetch-metadata#671

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

Commits

• ffa630c v3.0.0 (#686)
• ec8fff2 Merge pull request #674 from dependabot/dependabot/npm_and_yarn/picomatch-2.3.2
• caf48bd build(deps-dev): bump picomatch from 2.3.1 to 2.3.2
• 13d8274 Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 (#678)
• b603099 Upgrade @​actions/core from ^1.11.1 to ^3.0.0 (#677)
• c5dc5b1 Enable noImplicitAny in tsconfig.json (#684)
• a183f3c Add typecheck step to CI (#685)
• 5e17564 Remove skipLibCheck from tsconfig.json (#683)
• bb56eeb Switch tsconfig module resolution to bundler (#682)
• 3632e3d Remove vestigial outDir from tsconfig.json (#681)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[WomB0ComB0]

@copilot could you resolve the merge conflict?

[Copilot]

Pull request overview

This PR updates the pinned GitHub Action used to fetch Dependabot PR metadata in the auto-merge workflow, bringing it from dependabot/fetch-metadata v2.5.0 to v3.0.0.

Changes:

• Bump dependabot/fetch-metadata from v2.5.0 to v3.0.0 (pinned by commit SHA).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The inline version comment is now inaccurate: this SHA corresponds to dependabot/fetch-metadata v3.0.0, but the comment still says # v2. Update it to # v3/# v3.0.0 (or drop the comment) to avoid confusion during future updates/audits.

Suggested change

	uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v2
	uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0

[Copilot]

@copilot could you resolve the merge conflict?

Resolved in 8271662. The conflict was a modify/delete — origin/main deleted .github/workflows/auto-merge.yml in a recent sync commit, while this PR modified it. I merged main into the branch keeping the updated auto-merge.yml with fetch-metadata v3.0.0 (also corrected the inline comment from # v2 to # v3).