ci(deps): bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: anthropics/claude-code-action, dependabot/fetch-metadata and actions/setup-node.

Updates anthropics/claude-code-action from 1.0.27 to 1.0.30

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.30

What's Changed

• fix: parse ALL --allowed-tools flags, not just the first one by @​AlexanderBartash in anthropics/claude-code-action#801
• docs: clarify that Claude does not auto-create PRs by default by @​ashwin-ant in anthropics/claude-code-action#824
• fix: add checkHumanActor to agent mode by @​ashwin-ant in anthropics/claude-code-action#826
• chore: comment out release-base-action job in release workflow by @​ashwin-ant in anthropics/claude-code-action#833

New Contributors

• @​AlexanderBartash made their first contribution in anthropics/claude-code-action#801

Full Changelog: anthropics/claude-code-action@v1...v1.0.30

v1.0.29

What's Changed

• [Security] Fix HIGH vulnerability: CVE-2025-66414 by @​orbisai0security in anthropics/claude-code-action#792
• fix: use original title from webhook payload instead of fetched title by @​ashwin-ant in anthropics/claude-code-action#793
• feat: add path validation for commit_files MCP tool by @​ddworken in anthropics/claude-code-action#796
• feat: custom branch name templates by @​dylancdavis in anthropics/claude-code-action#571
• fix: add missing import and update tests for branch template feature by @​ashwin-ant in anthropics/claude-code-action#799

New Contributors

• @​orbisai0security made their first contribution in anthropics/claude-code-action#792
• @​dylancdavis made their first contribution in anthropics/claude-code-action#571

Full Changelog: anthropics/claude-code-action@v1...v1.0.29

v1.0.28

What's Changed

• fix: update broken link in cloud-providers.md by @​ashwin-ant in anthropics/claude-code-action#758
• chore: remove unused ci yaml file by @​kiwamizamurai in anthropics/claude-code-action#763
• feat: add instant "Fix this" links to PR code reviews by @​aiddun in anthropics/claude-code-action#773
• feat: add ssh_signing_key input for SSH commit signing by @​ashwin-ant in anthropics/claude-code-action#784
• feat: send user request as separate content block for slash command support by @​ashwin-ant in anthropics/claude-code-action#785
• feat: support local plugin marketplace paths by @​gor-st in anthropics/claude-code-action#761
• fix: prevent orphaned installer processes from blocking retries by @​ashwin-ant in anthropics/claude-code-action#790
• fix: set CLAUDE_CODE_ENTRYPOINT for SDK path to match CLI path by @​ashwin-ant in anthropics/claude-code-action#791

New Contributors

• @​kiwamizamurai made their first contribution in anthropics/claude-code-action#763
• @​aiddun made their first contribution in anthropics/claude-code-action#773

Full Changelog: anthropics/claude-code-action@v1...v1.0.28

Commits

• a017b83 chore: comment out release-base-action job in release workflow (#833)
• 75f52e5 chore: bump Claude Code to 2.1.9 and Agent SDK to 0.2.9
• 1bbc9e7 fix: add checkHumanActor to agent mode (#826)
• 625ea15 docs: clarify that Claude does not auto-create PRs by default (#824)
• a9171f0 chore: bump Claude Code to 2.1.7 and Agent SDK to 0.2.7
• 4778aea chore: bump Claude Code to 2.1.6 and Agent SDK to 0.2.6
• b6e5a9f chore: bump Claude Code to 2.1.4 and Agent SDK to 0.2.4
• 5d91d7d chore: bump Claude Code to 2.1.3 and Agent SDK to 0.2.3
• 90006bc chore: bump Claude Code to 2.1.2 and Agent SDK to 0.2.2
• 005436f fix: parse ALL --allowed-tools flags, not just the first one (#801)
• Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.4.0 to 2.5.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.5.0

What's Changed

• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot[bot] in dependabot/fetch-metadata#628
• Bump the dev-dependencies group with 11 updates by @​dependabot[bot] in dependabot/fetch-metadata#629
• Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by @​dependabot[bot] in dependabot/fetch-metadata#635
• Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by @​dependabot[bot] in dependabot/fetch-metadata#638
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#636
• Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#637
• Bump actions/setup-node from 5 to 6 by @​dependabot[bot] in dependabot/fetch-metadata#639
• Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @​dependabot[bot] in dependabot/fetch-metadata#643
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in dependabot/fetch-metadata#642
• Bump actions/create-github-app-token from 2.2.0 to 2.2.1 by @​dependabot[bot] in dependabot/fetch-metadata#648
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in dependabot/fetch-metadata#644
• Bump express from 5.1.0 to 5.2.1 by @​dependabot[bot] in dependabot/fetch-metadata#645
• Bump @​modelcontextprotocol/sdk from 1.11.2 to 1.24.0 by @​dependabot[bot] in dependabot/fetch-metadata#647
• v2.5.0 by @​fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#631

Full Changelog: dependabot/fetch-metadata@v2...v2.5.0

Commits

• 21025c7 v2.5.0
• 252291c Merge pull request #647 from dependabot/dependabot/npm_and_yarn/modelcontextp...
• fa144c9 chore: Migrate jest expectation function
• 33c7a0b bug: Mock PR body in test
• 99c27ad Bump @​modelcontextprotocol/sdk from 1.11.2 to 1.24.0
• 3837dcc Merge pull request #645 from dependabot/dependabot/npm_and_yarn/express-5.2.1
• d411582 Bump express from 5.1.0 to 5.2.1
• 186ccbb Merge pull request #644 from dependabot/dependabot/npm_and_yarn/js-yaml-3.14.2
• 84c891e Bump js-yaml from 3.14.1 to 3.14.2
• 4542092 Merge pull request #648 from dependabot/dependabot/github_actions/actions/cre...
• Additional commits viewable in compare view

Updates actions/setup-node from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-node's releases.

v6.2.0

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @​mahabaleshwars in actions/setup-node#1454
• Correct mirror option typos by @​MikeMcC399 in actions/setup-node#1442
• Readme update on checkout version v6 by @​deining in actions/setup-node#1446
• Readme typo fixes @​munyari in actions/setup-node#1226
• Advanced document update on checkout version v6 by @​aparnajyothi-y in actions/setup-node#1468

Dependency updates:

• Upgrade @​actions/cache to v5.0.1 by @​salmanmkc in actions/setup-node#1449

New Contributors

• @​mahabaleshwars made their first contribution in actions/setup-node#1454
• @​MikeMcC399 made their first contribution in actions/setup-node#1442
• @​deining made their first contribution in actions/setup-node#1446
• @​munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

Commits

• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• 21ddc7b Correct mirror option typos (#1442)
• 65d868f Update Documentation for Lockfile (#1454)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Updates three GitHub Actions to newer versions for improved security and reliability. Workflow logic is unchanged; only pinned SHAs are updated.

• Dependencies
  • anthropics/claude-code-action: 1.0.27 → 1.0.30 (includes security and stability fixes). No config changes.
  • dependabot/fetch-metadata: 2.4.0 → 2.5.0 (maintenance updates).
  • actions/setup-node: 6.1.0 → 6.2.0 (updates caching dependency). No behavior change expected.

^{Written for commit ce1aaa1. Summary will update on new commits.}

[dependabot]

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/StackOneHQ/stackone-ai-node/@stackone/ai@304

commit: ce1aaa1

[cubic-dev-ai]

No issues found across 3 files