Update GitHub Action Versions

[morisil]

GitHub Actions Version Updates

• anthropics/claude-code-action published a new release v1.0.132 on 2026-05-22T22:11:06Z

[claude]

Code Review

Overview

This PR bumps anthropics/claude-code-action from v1.0.127 to v1.0.132 in two workflow files:

• .github/workflows/claude-code.yml
• .github/workflows/claude-code-review.yml

The change is minimal, consistent across both files, and generated by the action-version-updater automation — exactly the intended use case.

---

Code Quality

• Correctness: Both files are updated consistently. No drift between them.
• Scope: The diff is appropriately minimal — only the version string changes, nothing else.
• Conventions: Matches the existing pattern in the repo.

---

Security Consideration (non-blocking)

Both workflows use mutable version tags (e.g. @v1.0.132) rather than immutable commit SHAs. Tags can be force-pushed, which is a supply chain risk: if the upstream action repo were compromised and the tag moved to malicious code, your workflows would silently execute it.

Given that these workflows have write permissions for contents, PRs, and issues, the blast radius of such a compromise would be significant.

Recommendation (for a future improvement, not this PR): Consider pinning to a full commit SHA, e.g.:

uses: anthropics/claude-code-action@<full-sha>  # v1.0.132

This is a known trade-off and many repos accept the risk for maintainability. Since this is an automated update PR, changing the pinning strategy is out of scope here — just worth tracking.

---

Summary

Approve. This is a clean, automated maintenance update with no logic changes. The only note is the mutable-tag pinning pattern, which is pre-existing and out of scope for this PR.