ci(deps): bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: anthropics/claude-code-action and dependabot/fetch-metadata.

Updates anthropics/claude-code-action from 1.0.27 to 1.0.29

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.29

What's Changed

• [Security] Fix HIGH vulnerability: CVE-2025-66414 by @​orbisai0security in anthropics/claude-code-action#792
• fix: use original title from webhook payload instead of fetched title by @​ashwin-ant in anthropics/claude-code-action#793
• feat: add path validation for commit_files MCP tool by @​ddworken in anthropics/claude-code-action#796
• feat: custom branch name templates by @​dylancdavis in anthropics/claude-code-action#571
• fix: add missing import and update tests for branch template feature by @​ashwin-ant in anthropics/claude-code-action#799

New Contributors

• @​orbisai0security made their first contribution in anthropics/claude-code-action#792
• @​dylancdavis made their first contribution in anthropics/claude-code-action#571

Full Changelog: anthropics/claude-code-action@v1...v1.0.29

v1.0.28

What's Changed

• fix: update broken link in cloud-providers.md by @​ashwin-ant in anthropics/claude-code-action#758
• chore: remove unused ci yaml file by @​kiwamizamurai in anthropics/claude-code-action#763
• feat: add instant "Fix this" links to PR code reviews by @​aiddun in anthropics/claude-code-action#773
• feat: add ssh_signing_key input for SSH commit signing by @​ashwin-ant in anthropics/claude-code-action#784
• feat: send user request as separate content block for slash command support by @​ashwin-ant in anthropics/claude-code-action#785
• feat: support local plugin marketplace paths by @​gor-st in anthropics/claude-code-action#761
• fix: prevent orphaned installer processes from blocking retries by @​ashwin-ant in anthropics/claude-code-action#790
• fix: set CLAUDE_CODE_ENTRYPOINT for SDK path to match CLI path by @​ashwin-ant in anthropics/claude-code-action#791

New Contributors

• @​kiwamizamurai made their first contribution in anthropics/claude-code-action#763
• @​aiddun made their first contribution in anthropics/claude-code-action#773

Full Changelog: anthropics/claude-code-action@v1...v1.0.28

Commits

• 1b8ee3b fix: add missing import and update tests for branch template feature (#799)
• c247cb1 feat: custom branch name templates (#571)
• cefa600 chore: bump Claude Code to 2.1.1 and Agent SDK to 0.2.1
• 7a708f6 chore: bump Claude Code to 2.1.0 and Agent SDK to 0.2.0
• 5da7ba5 feat: add path validation for commit_files MCP tool (#796)
• 964b835 fix: use original title from webhook payload instead of fetched title (#793)
• c83d67a fix: resolve high vulnerability CVE-2025-66414 (#792)
• c9ec2b0 fix: set CLAUDE_CODE_ENTRYPOINT for SDK path to match CLI path (#791)
• 63ea7e3 fix: prevent orphaned installer processes from blocking retries (#790)
• 653f9cd feat: support local plugin marketplace paths (#761)
• Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.4.0 to 2.5.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.5.0

What's Changed

• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot[bot] in dependabot/fetch-metadata#628
• Bump the dev-dependencies group with 11 updates by @​dependabot[bot] in dependabot/fetch-metadata#629
• Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by @​dependabot[bot] in dependabot/fetch-metadata#635
• Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by @​dependabot[bot] in dependabot/fetch-metadata#638
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#636
• Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in dependabot/fetch-metadata#637
• Bump actions/setup-node from 5 to 6 by @​dependabot[bot] in dependabot/fetch-metadata#639
• Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @​dependabot[bot] in dependabot/fetch-metadata#643
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in dependabot/fetch-metadata#642
• Bump actions/create-github-app-token from 2.2.0 to 2.2.1 by @​dependabot[bot] in dependabot/fetch-metadata#648
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in dependabot/fetch-metadata#644
• Bump express from 5.1.0 to 5.2.1 by @​dependabot[bot] in dependabot/fetch-metadata#645
• Bump @​modelcontextprotocol/sdk from 1.11.2 to 1.24.0 by @​dependabot[bot] in dependabot/fetch-metadata#647
• v2.5.0 by @​fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#631

Full Changelog: dependabot/fetch-metadata@v2...v2.5.0

Commits

• 21025c7 v2.5.0
• 252291c Merge pull request #647 from dependabot/dependabot/npm_and_yarn/modelcontextp...
• fa144c9 chore: Migrate jest expectation function
• 33c7a0b bug: Mock PR body in test
• 99c27ad Bump @​modelcontextprotocol/sdk from 1.11.2 to 1.24.0
• 3837dcc Merge pull request #645 from dependabot/dependabot/npm_and_yarn/express-5.2.1
• d411582 Bump express from 5.1.0 to 5.2.1
• 186ccbb Merge pull request #644 from dependabot/dependabot/npm_and_yarn/js-yaml-3.14.2
• 84c891e Bump js-yaml from 3.14.1 to 3.14.2
• 4542092 Merge pull request #648 from dependabot/dependabot/github_actions/actions/cre...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Upgrade CI workflows to pick up security and stability improvements. Bumps claude-code-action to v1.0.29 (includes a high-severity fix) and dependabot/fetch-metadata to v2.5.0.

• Dependencies
  • anthropics/claude-code-action: 1.0.27 → 1.0.29 (security fix and reliability improvements)
  • dependabot/fetch-metadata: 2.4.0 → 2.5.0 (minor updates)

^{Written for commit 4ecfec4. Summary will update on new commits.}

[dependabot]

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/StackOneHQ/stackone-ai-node/@stackone/ai@288

commit: 4ecfec4

[cubic-dev-ai]

No issues found across 2 files