Skip to content

ci: bump dependabot/fetch-metadata from 2 to 3#38

Merged
tablackburn merged 1 commit into
mainfrom
dependabot/github_actions/dependabot/fetch-metadata-3
Apr 15, 2026
Merged

ci: bump dependabot/fetch-metadata from 2 to 3#38
tablackburn merged 1 commit into
mainfrom
dependabot/github_actions/dependabot/fetch-metadata-3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026

Bumps dependabot/fetch-metadata from 2 to 3.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

New Contributors

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

v2.5.0

What's Changed

... (truncated)

Commits
  • ffa630c v3.0.0 (#686)
  • ec8fff2 Merge pull request #674 from dependabot/dependabot/npm_and_yarn/picomatch-2.3.2
  • caf48bd build(deps-dev): bump picomatch from 2.3.1 to 2.3.2
  • 13d8274 Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 (#678)
  • b603099 Upgrade @​actions/core from ^1.11.1 to ^3.0.0 (#677)
  • c5dc5b1 Enable noImplicitAny in tsconfig.json (#684)
  • a183f3c Add typecheck step to CI (#685)
  • 5e17564 Remove skipLibCheck from tsconfig.json (#683)
  • bb56eeb Switch tsconfig module resolution to bundler (#682)
  • 3632e3d Remove vestigial outDir from tsconfig.json (#681)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
ci: bump dependabot/fetch-metadata from 2 to 3
93c0445 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2 to 3.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@v2...v3)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code labels Apr 15, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 15, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@tablackburn tablackburn merged commit a2a1b1d into main Apr 15, 2026
14 checks passed
@tablackburn tablackburn deleted the dependabot/github_actions/dependabot/fetch-metadata-3 branch April 15, 2026 19:36
tablackburn added a commit that referenced this pull request Apr 27, 2026
@tablackburn @claude
docs: Backfill [Unreleased] changelog entries
134532d 
The [Unreleased] section had drifted empty even though user-facing work
landed since 0.10.3. Backfill the entries so the next release captures
them and so users browsing the changelog can see what's coming.

- Added: Update-PatServerToken (#31) — interactive/direct token refresh
  with vault or inline storage and post-update verification
- Added: CI integration token validation pre-flight step (#31) — fast
  actionable failure when PLEX_TOKEN is expired
- Changed: actionable 401 token recovery guidance from this PR (#39)

Pure CI/dev-tooling churn (#34/#35/#36/#37/#38) intentionally omitted —
Keep a Changelog focuses on user-facing changes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
tablackburn added a commit that referenced this pull request Apr 27, 2026
@tablackburn @claude
feat: Replace 401 errors with actionable token recovery guidance (#39)
9b04a27 
* feat: Replace 401 errors with actionable token recovery guidance

Plex API 401 responses now throw a message naming the cmdlets users can
run to recover (Update-PatServerToken, Get-PatStoredServer, -Token) instead
of bubbling up the raw HTTP status. Detection happens centrally in
Invoke-PatApi so every public cmdlet that hits the Plex API benefits.

Also fixes a latent test that constructed a [WebException] with an invalid
4-arg overload — the constructor failure was masking the assertion.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* refactor: Tighten 401 detection and preserve original error context

Address review feedback on PR #39:

- Drop the lone 'Unauthorized' regex clause; rely on \b401\b alone.
  Bare 'Unauthorized' could misfire on UnauthorizedAccessException, 403
  bodies that include the word, proxy/auth middleware errors, etc., and
  then incorrectly recommend Plex token recovery.
- Append 'Original error: <message>' to the 401 guidance so URL/inner-
  exception detail is retained for support and debugging.
- Tighten the raw-string 401 test to also assert on Update-PatServerToken
  so the cmdlet-naming contract is enforced for both message shapes.
- Add a regression test asserting that an UnauthorizedAccessException-
  style message does NOT trigger the 401 guidance.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs: Backfill [Unreleased] changelog entries

The [Unreleased] section had drifted empty even though user-facing work
landed since 0.10.3. Backfill the entries so the next release captures
them and so users browsing the changelog can see what's coming.

- Added: Update-PatServerToken (#31) — interactive/direct token refresh
  with vault or inline storage and post-update verification
- Added: CI integration token validation pre-flight step (#31) — fast
  actionable failure when PLEX_TOKEN is expired
- Changed: actionable 401 token recovery guidance from this PR (#39)

Pure CI/dev-tooling churn (#34/#35/#36/#37/#38) intentionally omitted —
Keep a Changelog focuses on user-facing changes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tablackburn tablackburn tablackburn approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tablackburn