Update GitHub Action Versions

[morisil]

GitHub Actions Version Updates

• anthropics/claude-code-action published a new release v1.0.133 on 2026-05-23T04:05:39Z

[claude]

Code Review

Overview

This PR bumps anthropics/claude-code-action from v1.0.127 to v1.0.133 in two workflow files:

• .github/workflows/claude-code.yml
• .github/workflows/claude-code-review.yml

The change is minimal (4 lines total), consistent, and generated by the automated action-version-updater workflow.

Code Quality

• The update is applied symmetrically to both workflow files that use this action — no inconsistency introduced.
• The change is straightforward and follows the existing pattern in the repo.

Potential Concerns

Security — tag mutability: Both files pin to a version tag (e.g., @v1.0.133) rather than an immutable commit SHA. Tags can be force-pushed, which means the resolved code could silently change after merge. For a first-party Anthropic action used with a sensitive CLAUDE_CODE_OAUTH_TOKEN secret, consider pinning to the commit SHA instead (e.g., anthropics/claude-code-action@<sha> # v1.0.133). This is a pre-existing pattern in the repo, not introduced by this PR, but worth noting.

No changelog review noted: The PR body links to the release tag but doesn't summarize what changed between v1.0.127 and v1.0.133 (6 patch releases). For an action that handles OAuth tokens and makes code/PR changes, it's worth reviewing the release notes before merging.

Summary

The change itself is correct and low-risk as a routine dependency bump. The two points above are pre-existing patterns in the repo rather than regressions. Safe to merge once the release notes between v1.0.127–v1.0.133 have been briefly reviewed.

Review generated by Claude via claude-code-action