chore(deps): bump dependabot/fetch-metadata from 2 to 3

[dependabot]

Bumps dependabot/fetch-metadata from 2 to 3.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

• feat: Parse versions from metadata links by @​ppkarwasz in dependabot/fetch-metadata#632
• Upgrade actions core and actions github packages by @​truggeri in dependabot/fetch-metadata#649
• docs: Add notes for using alert-lookup with App Token by @​sue445 in dependabot/fetch-metadata#656
• feat!: update Node.js version to v24 by @​sturman in dependabot/fetch-metadata#671
• Switch build tooling from ncc to esbuild by @​truggeri in dependabot/fetch-metadata#676
• Add --legal-comments=none to esbuild build commands by @​jeffwidman in dependabot/fetch-metadata#679
• Bump tsconfig target from es2022 to es2024 by @​jeffwidman in dependabot/fetch-metadata#680
• Remove vestigial outDir from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#681
• Switch tsconfig module resolution to bundler by @​jeffwidman in dependabot/fetch-metadata#682
• Remove skipLibCheck from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#683
• Add typecheck step to CI by @​jeffwidman in dependabot/fetch-metadata#685
• Enable noImplicitAny in tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#684
• Upgrade @​actions/core to ^3.0.0 by @​truggeri in dependabot/fetch-metadata#677
• Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 by @​truggeri in dependabot/fetch-metadata#678
• Bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in dependabot/fetch-metadata#651
• Bump hono from 4.11.1 to 4.11.4 by @​dependabot[bot] in dependabot/fetch-metadata#652
• Bump hono from 4.11.4 to 4.11.7 by @​dependabot[bot] in dependabot/fetch-metadata#653
• Bump hono from 4.11.7 to 4.12.0 by @​dependabot[bot] in dependabot/fetch-metadata#657
• Bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in dependabot/fetch-metadata#655
• Bump @​modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @​dependabot[bot] in dependabot/fetch-metadata#654
• Bump @​hono/node-server from 1.19.9 to 1.19.10 by @​dependabot[bot] in dependabot/fetch-metadata#665
• Bump hono from 4.12.2 to 4.12.5 by @​dependabot[bot] in dependabot/fetch-metadata#664
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in dependabot/fetch-metadata#667
• Bump hono from 4.12.5 to 4.12.7 by @​dependabot[bot] in dependabot/fetch-metadata#668
• Bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @​dependabot[bot] in dependabot/fetch-metadata#669
• Bump flatted from 3.3.3 to 3.4.2 by @​dependabot[bot] in dependabot/fetch-metadata#670
• build(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in dependabot/fetch-metadata#674

New Contributors

• @​ppkarwasz made their first contribution in dependabot/fetch-metadata#632
• @​truggeri made their first contribution in dependabot/fetch-metadata#649
• @​sue445 made their first contribution in dependabot/fetch-metadata#656
• @​sturman made their first contribution in dependabot/fetch-metadata#671

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

v2.5.0

What's Changed

• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot[bot] in dependabot/fetch-metadata#628
• Bump the dev-dependencies group with 11 updates by @​dependabot[bot] in dependabot/fetch-metadata#629
• Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by @​dependabot[bot] in dependabot/fetch-metadata#635
• Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by @​dependabot[bot] in dependabot/fetch-metadata#638
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#636
• Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#637
• Bump actions/setup-node from 5 to 6 by @​dependabot[bot] in dependabot/fetch-metadata#639
• Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @​dependabot[bot] in dependabot/fetch-metadata#643

... (truncated)

Commits

• 25dd0e3 v3.1.0 (#692)
• e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
• 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
• 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
• 5168191 Updating dist build
• 23882e1 build(deps): bump @​actions/github in the dependencies group
• 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
• 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
• b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
• c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[chrome-grid]

🟪🔷 netrunner :: intrusion report

░▒▓ N E T R U N N E R ▓▒░
   🟪 GRID STATUS: JACKED IN   |   netrunner-review: pass

💉 CHROME · dependabot/fetch-metadata ⏫ 2 → 3

Dependency bump from dependabot/fetch-metadata v2 to v3. CI passed successfully, and there are no high-severity issues.

---

📡 NETWATCH · gate checks

✅ codecov/patch — success
✅ Run vitest — success
✅ Run nextest — success
✅ Convention & traceability gate — success
✅ Rust Security Audit — success
✅ automerge — success
✅ npm Security Audit — success
✅ dependency-review — success

☠️ GLITCH TRACE · flaws & patches

⚪ TRACE · .github/workflows/dependabot-automerge.yml — The dependency bump from v2 to v3 of dependabot/fetch-metadata is straightforward and doesn't introduce any known CVEs or compatibility issues. This is a safe upgrade.

🟢 VERDICT // JACKED IN — deck's clean, netrunner-review gate open.

"Looks clean, choom. Keep your deck shiny and your chrome updated."
— netrunner 🟪🔷

_{verdict: APPROVE · model: mistral-medium-2508}