chore(deps): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-node	action	minor	v6.3.0 → v6.4.0
anthropics/claude-code-action (changelog)	action	digest	5fb8995 → 476e359
anthropics/claude-code-action	action	patch	v1.0.101 → v1.0.119
fpicalausa/remove-stale-branches	action	minor	v2.4.0 → v2.6.1
loft-sh/github-actions (changelog)	action	digest	4207288 → 53686d2
openai/codex-action	action	minor	v1.6 → v1.8
slackapi/slack-github-action	action	patch	v3.0.1 → v3.0.3

---

Release Notes

actions/setup-node (actions/setup-node)

v6.4.0

Compare Source

anthropics/claude-code-action (anthropics/claude-code-action)

v1.0.119

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.119

v1.0.118

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.118

v1.0.117

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.117

v1.0.116

Compare Source

What's Changed

• Update HackerOne links in SECURITY.md by @​OctavianGuzu in #​1268

Full Changelog: anthropics/claude-code-action@v1...v1.0.116

v1.0.115

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.115

v1.0.114

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.114

v1.0.113

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.113

v1.0.112

Compare Source

What's Changed

• fix: make trigger_phrase match case-insensitive by @​JustinBis in #​1279

New Contributors

• @​JustinBis made their first contribution in #​1279

Full Changelog: anthropics/claude-code-action@v1...v1.0.112

v1.0.111

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.111

v1.0.110

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.110

v1.0.109

Compare Source

What's Changed

• docs: pull_request_target guidance and base-action trust model by @​OctavianGuzu in #​1250

Full Changelog: anthropics/claude-code-action@v1...v1.0.109

v1.0.108

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.108

v1.0.107

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.107

v1.0.106

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.106

v1.0.105

Compare Source

What's Changed

• fix: allow + in branch names (generated by Claude Code EnterWorktree) by @​awakia in #​1248

New Contributors

• @​awakia made their first contribution in #​1248

Full Changelog: anthropics/claude-code-action@v1...v1.0.105

v1.0.104

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.104

v1.0.103

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.103

v1.0.102

Compare Source

What's Changed

• chore: bump oven-sh/setup-bun to v2.2.0 (Node.js 24) by @​ashwin-ant in #​1238
• docs: nit updates to security.md by @​OctavianGuzu in #​1240

Full Changelog: anthropics/claude-code-action@v1...v1.0.102

fpicalausa/remove-stale-branches (fpicalausa/remove-stale-branches)

v2.6.1

Compare Source

What's Changed

• chore: bump dependencies by @​fpicalausa in #​71
• Feat: GitHub action output by @​fpicalausa in #​72

Full Changelog: fpicalausa/remove-stale-branches@v2.5.0...v2.6.1

v2.5.0

Compare Source

What's Changed

• feat: allow optional repository by @​bainss in #​56
• chore(deps): bump undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​51
• docs: update readme example version by @​moret in #​59
• Fix GitHub wording and typos by @​kranthipoturaju in #​64
• Update the image to Node24 by @​fibbo in #​66
• chore(deps): bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​63
• chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in #​68

New Contributors

• @​bainss made their first contribution in #​56
• @​moret made their first contribution in #​59
• @​kranthipoturaju made their first contribution in #​64
• @​fibbo made their first contribution in #​66

Full Changelog: fpicalausa/remove-stale-branches@v2.4.0...v2.5.0

openai/codex-action (openai/codex-action)

v1.8

Compare Source

• #​91 tighten what bots are allowed

v1.7

Compare Source

• #​89 restrict bot permission bypass

slackapi/slack-github-action (slackapi/slack-github-action)

v3.0.3

Compare Source

v3.0.2: Slack GitHub Action v3.0.2

Compare Source

Patch Changes

• 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Claude finished @renovate[bot]'s task in 38s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. This PR makes four digest-pin bumps across workflow files:

• anthropics/claude-code-action: 5fb8995 → 905d4eb (3 files)
• loft-sh/github-actions validate-renovate workflow: 4207288 → 53686d2 (1 file)

All actions remain pinned to full commit SHAs, which is the correct security posture for supply chain protection. No logic changes, no configuration changes — safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 19s —— View job

---

No issues found. This PR is a routine digest-pin bump:

• anthropics/claude-code-action: 5fb8995 → 905d4eb (3 workflow files)
• loft-sh/github-actions reusable workflow: 4207288 → 53686d2 (1 workflow file)

All references remain pinned to full commit SHAs — correct security posture. No logic, configuration, or permission changes.

[github-actions]

Claude finished @renovate[bot]'s task in 20s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 16s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 24s —— View job

---

Smoke Test: chore(deps): update github-actions

• Gather context
• Review changed files
• Verify digest updates
• Post findings

---

Findings: ✅ No issues found.

This PR updates action digests in 5 files:

• anthropics/claude-code-action → c3d45e8e941e1b2ad7b278c57482d9c5bf1f35b3 (4 files: ai-pr-review/action.yml, claude-code-review.yaml, claude.yaml, claude.yml)
• loft-sh/github-actions → 53686d2452bc48398252887a37ad248c38a7f1eb (1 file: ci.yaml)

All references remain pinned to full commit SHAs — correct security posture. No logic, configuration, or permission changes.

[github-actions]

Claude finished @renovate[bot]'s task in 18s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 15s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 20s —— View job

---

Smoke Test: chore(deps): update github-actions

• Gather context
• Review changed files
• Verify digest updates
• Post findings

---

Findings: ✅ No issues found.

This PR updates action digests in 5 files:

• anthropics/claude-code-action → 0d2971c (4 files: ai-pr-review/action.yml, claude-code-review.yaml, claude.yaml, claude.yml)
• loft-sh/github-actions → 53686d2 (1 file: ci.yaml)

All references remain pinned to full commit SHAs — correct security posture. No logic, configuration, or permission changes.

---

[github-actions]

Claude finished @renovate[bot]'s task in 19s —— View job

---

Smoke Test: chore(deps): update github-actions

• Gather context
• Review changed files
• Verify digest updates
• Post findings

---

Findings: ✅ No issues found.

This PR updates action digests in 5 files:

• anthropics/claude-code-action → 38ec876 (4 files: ai-pr-review/action.yml, claude-code-review.yaml, claude.yaml, claude.yml)
• loft-sh/github-actions → 53686d2 (1 file: ci.yaml)

All references remain pinned to full commit SHAs — correct security posture. No logic, configuration, or permission changes.

---

[github-actions]

Claude finished @renovate[bot]'s task in 19s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 23s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

No issues found. All 6 changes are pure digest/version pin bumps:

• anthropics/claude-code-action: 5fb8995 → 38ec876 (4 files)
• loft-sh/github-actions reusable workflow: 4207288 → 53686d2 (1 file)
• actions/setup-node: v6.3.0 → v6.4.0 / SHA pin updated (1 file)

All references remain pinned to full commit SHAs. No logic, configuration, or permission changes. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 28s —— View job

---

Smoke Test: chore(deps): update github-actions

• Gather context
• Review changed files
• Verify digest updates
• Post findings

---

Findings: ✅ No issues found.

This PR updates action digests across 6 files:

• anthropics/claude-code-action → 38ec876 (4 files: ai-pr-review/action.yml, claude-code-review.yaml, claude.yaml, claude.yml)
• loft-sh/github-actions → 53686d2 (1 file: ci.yaml)
• actions/setup-node → v6.4.0 (1 file: test-semver-validation.yaml)

Verification:

• ✅ All action references remain pinned to full commit SHAs — correct security posture
• ✅ No logic or configuration changes
• ✅ No permission changes
• ✅ Version tags properly maintained in comments
• ✅ All updates match PR description

Safe to merge.

---

[github-actions]

Claude finished @renovate[bot]'s task in 16s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 15s —— View job

---

No issues found. Routine digest-pin bumps — all references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 23s —— View job

---

No issues found. Pure digest/version pin bumps across 6 files — no logic, config, or permission changes:

• anthropics/claude-code-action → 5d5c10a (4 files, v1.0.101→v1.0.102 in ai-pr-review, v1 digest update in the three workflow files)
• loft-sh/github-actions → 53686d2 (ci.yaml)
• actions/setup-node → 48b55a0 (v6.3.0→v6.4.0, test-semver-validation.yaml)

All references remain pinned to full commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 38s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

No issues found. Pure digest/version pin bumps across 6 files — all SHA pins are valid 40-char hex digests, no logic or permission changes. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 27s —— View job

---

No issues found. Pure digest/version pin bumps across 9 files — all SHA pins are valid 40-char hex digests, no logic or permission changes. Safe to merge.

Notable: openai/codex-action v1.7 includes a security fix ("restrict bot permission bypass"), making this update beneficial beyond routine maintenance.

[github-actions]

Claude finished @renovate[bot]'s task in 32s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

No issues found. All 9 files contain only digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → b3c0320 (v1.0.101 → v1.0.109): 4 files
• openai/codex-action c25d10f → 5c3f4cc (v1.6 → v1.7): 1 file — includes security fix (restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 03ea5433 (v3.0.1 → v3.0.2): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: 1 file
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): 1 file

All references remain pinned to full 40-char commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 32s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

No issues found. All 9 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → ef50f12 (v1.0.101 → v1.0.110): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → ef50f12 (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → 5c3f4cc (v1.6 → v1.7): ai-pr-review/action.yml — includes security fix (restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 03ea5433 (v3.0.1 → v3.0.2): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references remain pinned to full 40-char commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 20s —— View job

---

No issues found. All 9 files are pure digest/version pin bumps — no logic, configuration, or permission changes.

[github-actions]

Claude finished @renovate[bot]'s task in 34s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

No issues found. Pure digest/version pin bumps across 9 files — no logic, configuration, or permission changes:

• anthropics/claude-code-action → fefa07e (v1.0.111): 4 files
• openai/codex-action → e0fdf01 (v1.8): 1 file — includes security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action → 03ea543 (v3.0.2): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions → 53686d2: ci.yaml
• actions/setup-node → 48b55a0 (v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.110 for claude-code-action but the branch was synchronized to v1.0.111 — expected Renovate rebase behavior.

[github-actions]

Claude finished @renovate[bot]'s task in 34s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. Pure digest/version pin bumps across 9 files — no logic, configuration, or permission changes:

• anthropics/claude-code-action → fefa07e (v1.0.111): 4 files
• openai/codex-action → e0fdf01 (v1.8): 1 file — includes security fixes (tighten bot allowlist, restrict bot permission bypass from v1.7/v1.8)
• slackapi/slack-github-action → 45a88b9 (v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions → 53686d2: ci.yaml
• actions/setup-node → 48b55a0 (v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 30s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. All 9 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → 2cc1ac1 (v1.0.101 → v1.0.112): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → 2cc1ac1 (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → e0fdf01 (v1.6 → v1.8): ai-pr-review/action.yml — includes security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.111 for claude-code-action but branch was rebased to v1.0.112 — expected Renovate behavior.

[github-actions]

Claude finished @renovate[bot]'s task in 23s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. All 9 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → 7d7d305 (v1.0.101 → v1.0.113): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → 7d7d305 (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → e0fdf01 (v1.6 → v1.8): ai-pr-review/action.yml — includes security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 28s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. All 10 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → 62238dd (v1.0.101 → v1.0.114): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → 62238dd (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → e0fdf01 (v1.6 → v1.8): ai-pr-review/action.yml — includes security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches 7c4f2af → b8aaebc (v2.4.0 → v2.5.0): cleanup-backport-branches.yaml — Node24 upgrade
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 23s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. All 10 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → 62238dd (v1.0.101 → v1.0.114): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → 62238dd (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → e0fdf01 (v1.6 → v1.8): ai-pr-review/action.yml — security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches 7c4f2af → 9b829bc (v2.4.0 → v2.6.1): cleanup-backport-branches.yaml — Node24 upgrade
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

[github-actions]

Claude finished @renovate[bot]'s task in 23s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. All 10 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → 9db782c (v1.0.101 → v1.0.115): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → 9db782c (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → e0fdf01 (v1.6 → v1.8): ai-pr-review/action.yml — security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches 7c4f2af → 9b829bc (v2.4.0 → v2.6.1): cleanup-backport-branches.yaml — Node24 upgrade
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.114 for claude-code-action but the branch was rebased to v1.0.115 — expected Renovate behavior.

[github-actions]

Claude finished @renovate[bot]'s task in 26s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No issues found. All 10 files are pure digest/version pin bumps — no logic, configuration, or permission changes:

• anthropics/claude-code-action 38ec876 → 939ae9c (v1.0.101 → v1.0.116): ai-pr-review/action.yml
• anthropics/claude-code-action 5fb8995 → 939ae9c (v1 digest): claude-code-review.yaml, claude.yaml, claude.yml
• openai/codex-action c25d10f → e0fdf01 (v1.6 → v1.8): ai-pr-review/action.yml — security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action af78098 → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions 4207288 → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches 7c4f2af → 9b829bc (v2.4.0 → v2.6.1): cleanup-backport-branches.yaml — Node24 upgrade
• actions/setup-node 53b8394 → 48b55a0 (v6.3.0 → v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.115 for claude-code-action but the branch was rebased to v1.0.116 — expected Renovate behavior.

[github-actions]

Claude finished @renovate[bot]'s task in 25s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No bugs, security issues, or performance problems found. All 10 files contain only digest/version pin bumps:

• anthropics/claude-code-action → 034cbdb (v1.0.117): 4 files
• openai/codex-action → e0fdf01 (v1.6 → v1.8): 1 file — security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action → 45a88b9 (v3.0.1 → v3.0.3): 3 files
• loft-sh/github-actions → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches → 9b829bc (v2.4.0 → v2.6.1): cleanup-backport-branches.yaml
• actions/setup-node → 48b55a0 (v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.116 for claude-code-action but the branch was rebased to v1.0.117 — expected Renovate behavior.

[github-actions]

Claude finished @renovate[bot]'s task in 26s —— View job

---

PR Review: chore(deps): update github-actions

• Gather context
• Review changed files
• Post findings

---

No bugs, security issues, or performance problems found. All 10 files contain only digest/version pin bumps:

• anthropics/claude-code-action → ad67978 (v1.0.118): 4 files
• openai/codex-action → e0fdf01 (v1.6 → v1.8): 1 file — security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches → 9b829bc (v2.4.0 → v2.6.1): cleanup-backport-branches.yaml — Node24 upgrade
• actions/setup-node → 48b55a0 (v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.117 for claude-code-action but the branch was rebased to v1.0.118 — expected Renovate behavior.

[github-actions]

Claude finished @renovate[bot]'s task in 33s —— View job

---

PR Review: chore(deps): update github-actions

No bugs, security issues, or performance problems found. All 10 files contain only digest/version pin bumps:

• anthropics/claude-code-action → 476e359 (v1.0.119): 4 files
• openai/codex-action → e0fdf01 (v1.6 → v1.8): 1 file — security fixes (tighten bot allowlist, restrict bot permission bypass)
• slackapi/slack-github-action → 45a88b9 (v3.0.1 → v3.0.3): 3 files — fixes url.parse deprecation warning
• loft-sh/github-actions → 53686d2: ci.yaml
• fpicalausa/remove-stale-branches → 9b829bc (v2.4.0 → v2.6.1): cleanup-backport-branches.yaml — Node24 upgrade
• actions/setup-node → 48b55a0 (v6.4.0): test-semver-validation.yaml

All references pinned to full 40-char commit SHAs. Safe to merge.

Note: PR description mentions v1.0.118 (ad67978) for claude-code-action but the branch was rebased to v1.0.119 (476e359) — expected Renovate behavior.