fetch-metadata icon indicating copy to clipboard operation
fetch-metadata copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Metadata

Extract information about the dependencies being updated by a Dependabot-generated PR.

Results 32 fetch-metadata issues
Sort by recently updated
recently updated
newest added

`fetch-metadata` action returns `/` for directory output

1 comment

I am using the `dependabot/fetch-metadata` action (latest version) in my workflow to handle Dependabot pull requests. However, I am encountering an issue where the `directory` output is returning `/` for...

navruzm avatar navruzm

bug

Multi-segment directory name malformed when using non-standard separator.

Given a branch name with a non-standard separator like: `dependabot|pip|dirname|dirname|stripe-8.1.0`: fetch-metadata incorrectly constructs the directory name as `/dirname|dirname` when it should be `/dirname/dirname`.

dreid avatar dreid

bug

Adds several fields for alerts

5 comment

timothy-humphrey avatar timothy-humphrey

Adds multiple path matching

1 comment

Covers situations where vulnerableManifestPath does not include a directory. Example: Dependency Names = nth-check, @svgr/webpack Directory = "/nth-check-and-svgr" Package Ecosystem = npm_and_yarn vulnerableManifestFilename = "package-lock.json" vulnerableManifestPath = "package-lock.json" ghsa-id =...

timothy-humphrey avatar timothy-humphrey

Allow for additional event types / Ignore "pull-request"+"pull-request-target" event types?

1 comment

Hello 👋 ! First of all, thanks for a great Github Actions plugin! Second, I'd like to create a feature-request in regards to which events being listened too (or rather,...

vegaasen avatar vegaasen

enhancement

Add alert number to outputs

1 comment

Having the alert number linked to the PR could be really useful when trying to get about the alert through the GitHub REST API

LeonardoBerlatto avatar LeonardoBerlatto

enhancement

Add `severity` to the action outputs

This would be really useful to have this value easily extracted and it would be possible to do many integrations with it. If the PR is linked to a security...

LeonardoBerlatto avatar LeonardoBerlatto

enhancement

Fetch Metadata action returns null update-type output for pull requests

14 comment

## Description I am using the `dependabot/fetch-metadata` action (v1.3.6) in my workflow to handle Dependabot pull requests. However, I am encountering an issue where the `update-type` output is returning null,...

oguzhanmeteozturk avatar oguzhanmeteozturk

bug

Support `newVersion` and `prevVersion` for updates with multiple dependencies

2 comment

Add support for the `newVersion` and `prevVersion` fields for updates with multiple dependencies. Right now these fields are empty when there are multiple dependencies, so this affects both [grouped updates](https://github.com/dependabot/fetch-metadata/pull/396/commits/b534cb5e81bd66664f33772f7d740d370980104d)...

Nishnha avatar Nishnha

enhancement

Auto-merge not adhering to Branch Protection Rules

3 comment

First and foremost, I am not 100% confident this is the right place to report this in. So, if not, feel free to move my request or me somewhere else....

smcvb avatar smcvb

Metadata

135
Stars
68
Forks
Watchers

Owner

verified publisher icon dependabot

Metadata

Extract information about the dependencies being updated by a Dependabot-generated PR.

Back