chore(deps): Bump anthropics/claude-code-action from 1.0.133 to 1.0.140#406
chore(deps): Bump anthropics/claude-code-action from 1.0.133 to 1.0.140#406dependabot[bot] wants to merge 2 commits into
Conversation
Bumps [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) from 1.0.133 to 1.0.140. - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@787c5a0...fbda2eb) --- updated-dependencies: - dependency-name: anthropics/claude-code-action dependency-version: 1.0.140 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
![dependabot-automerge-petry[bot]](https://avatars.githubusercontent.com/u/258516906?s=60&v=4){kind=small}
…code-action-1.0.140
|
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: bebf64642b2097b5564548443d70ba97da369ec4
Review mode: triage-approved (single reviewer)
Summary
Dependabot patch bump of anthropics/claude-code-action from 1.0.133 → 1.0.140. Two workflows are updated and the only change in each is the pinned commit SHA (still pinned by SHA, comment updated). The new SHA fbda2eb1bdc90d319b8d853f5deb53bca199a7c1 matches the head commit referenced in the upstream release notes for v1.0.140, so the pin is consistent with the advertised version.
Linked issue analysis
No linked issues; this is a routine automated dependency update generated by Dependabot.
Findings
- Pin hygiene: Both call sites remain pinned by full commit SHA with a version comment — best practice preserved.
- Scope: Only
.github/workflows/compliance-audit-and-improvement.ymland.github/workflows/feature-ideation-reusable.ymlare touched, +2/-2 lines total. No secrets, permissions, orwith:inputs are altered. - Upstream delta: Release notes show patch-level bumps to Claude Code (2.1.161–2.1.168) and the Agent SDK (0.3.161–0.3.168), a Node.js 24 / setup-node upgrade in test workflows, and the addition of workload-identity-federation support in the upstream base action. Nothing in the diff exposes new attack surface in this repo's usage.
- No issues detected.
CI status
All required checks are green: AgentShield, CodeQL (Analyze (actions) and aggregate), SonarCloud (workflow + Code Analysis), CI (Lint, ShellCheck, Agent Security Scan, Secret scan / gitleaks), Dependency audit, Feature Ideation Tests, Dependabot auto-merge, and PR Auto-Review readiness checks. SonarCloud quality gate passed with 0 new issues and 0 security hotspots.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: bebf64642b2097b5564548443d70ba97da369ec4
Review mode: triage-approved (single reviewer)
Summary
Dependabot patch bump of anthropics/claude-code-action from 1.0.133 → 1.0.140. Two workflow files are touched (+2/-2 lines total) and the only change in each is the pinned commit SHA — both call sites remain pinned by full commit SHA with an updated version comment. The new SHA fbda2eb1bdc90d319b8d853f5deb53bca199a7c1 matches the head commit referenced in the upstream release notes for v1.0.140.
Linked issue analysis
No linked issues; this is a routine automated dependency update generated by Dependabot.
Findings
- Pin hygiene: Both call sites in
.github/workflows/compliance-audit-and-improvement.ymland.github/workflows/feature-ideation-reusable.ymlremain pinned by full commit SHA with a version comment — best practice preserved. - Scope: Only the
uses:SHA changes; nowith:inputs,env:, secrets, orpermissions:are altered. - Upstream delta: Patch-level bumps to Claude Code (2.1.161–2.1.168) and the Agent SDK (0.3.161–0.3.168), a Node.js 24 / setup-node upgrade in upstream test workflows, and the addition of workload-identity-federation support in the upstream base action. Nothing in the diff exposes new attack surface in this repo's usage.
- Triage confirmation: Triage classification (LOW risk, low-risk automated dependency update) is correct.
- No issues detected.
CI status
All required checks are green: AgentShield, CodeQL (Analyze (actions) and aggregate), SonarCloud (workflow + Code Analysis), CI (Lint, ShellCheck, Agent Security Scan, Secret scan / gitleaks), Dependency audit, Feature Ideation Tests, Dependabot auto-merge, and PR Auto-Review readiness checks. SonarCloud quality gate passed with 0 new issues and 0 security hotspots.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
dismissed
their stale review
Superseded by automated re-review at bebf646.
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: bebf64642b2097b5564548443d70ba97da369ec4
Review mode: triage-approved (single reviewer)
Summary
Dependabot patch bump of anthropics/claude-code-action from 1.0.133 → 1.0.140. Two workflow files are touched (+2/-2 lines total); the only change in each is the pinned commit SHA. Both call sites remain pinned by full commit SHA with an updated version comment. The new SHA fbda2eb1bdc90d319b8d853f5deb53bca199a7c1 matches the head commit referenced in the upstream release notes for v1.0.140.
Linked issue analysis
No linked issues; this is a routine automated dependency update generated by Dependabot.
Findings
- Pin hygiene: Both call sites in
.github/workflows/compliance-audit-and-improvement.ymland.github/workflows/feature-ideation-reusable.ymlremain pinned by full commit SHA with a version comment — best practice preserved. - Scope: Only the
uses:SHA (and the trailing version comment infeature-ideation-reusable.yml) change; nowith:inputs,env:, secrets, orpermissions:are altered. - Upstream delta: Patch-level bumps to Claude Code (2.1.161–2.1.168) and the Agent SDK (0.3.161–0.3.168), a Node.js 24 / setup-node upgrade in upstream test workflows, and the addition of workload-identity-federation support in the upstream base action. Nothing in the diff exposes new attack surface in this repo's usage.
- Triage confirmation: Triage classification (LOW risk, routine automated dependency update) is correct.
- No issues detected.
CI status
All required checks are green: AgentShield, CodeQL (Analyze (actions) and aggregate), SonarCloud (workflow + Code Analysis), CI (Lint, ShellCheck, Agent Security Scan, Secret scan / gitleaks), Dependency audit, Feature Ideation Tests, Dependabot auto-merge, and PR Auto-Review readiness checks. SonarCloud quality gate passed with 0 new issues and 0 security hotspots.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
dismissed
their stale review
Superseded by automated re-review at bebf646.
Automated review — human attention neededThis PR has been through 3 automated review cycles (cap: 3) without converging on an approval-and-merge state. Further automated review has been paused to avoid infinite loops. Please take a look manually, or close this PR if it's no longer needed. Once a human review resolves the situation, remove the Posted by the donpetry-bot PR-review cascade. |
|
@dev-lead please process and advance this PR — fix any failing CI, resolve outstanding review threads, and enable auto-merge once it's green and approvable. |
2 participants
Bumps anthropics/claude-code-action from 1.0.133 to 1.0.140.
Release notes
Sourced from anthropics/claude-code-action's releases.
Commits
fbda2ebchore: bump Claude Code to 2.1.168 and Agent SDK to 0.3.16864de744chore: bump Claude Code to 2.1.167 and Agent SDK to 0.3.1674101658chore: bump Claude Code to 2.1.166 and Agent SDK to 0.3.16641ea764chore: bump Claude Code to 2.1.165 and Agent SDK to 0.3.1650b1b620chore: bump Claude Code to 2.1.163 and Agent SDK to 0.3.16370a6e52chore: bump Claude Code to 2.1.162 and Agent SDK to 0.3.16236a69b6chore: bump Claude Code to 2.1.161 and Agent SDK to 0.3.161bfad70dci: bump checkout and setup-bun in test workflows to Node 24 releases (#1379)dc081a3chore: bump actions/setup-node from v4.4.0 to v6.4.0 (Node.js 24) (#1377)420335dAdd workload identity federation support to base-action (#1378)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)