chore(deps): update anthropics/claude-code-action action to v1.0.77

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
anthropics/claude-code-action	action	patch	v1.0.76 → v1.0.77	v1.0.81 (+3)

---

Release Notes

anthropics/claude-code-action (anthropics/claude-code-action)

v1.0.77

Compare Source

Subprocess environment scrubbing for untrusted-input workflows

Workflows that configure allowed_non_write_users now automatically get CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1, which makes Claude Code (v2.1.79+) strip Anthropic and cloud provider credentials from the environment of subprocesses it spawns (Bash tool, hooks, MCP stdio servers). The parent Claude process keeps these vars for its own API calls — only child subprocess environments are scrubbed.

Why: Workflows that process untrusted input (issue triage, PR review from non-write users) are exposed to prompt injection. A malicious issue body could trick Claude into running a Bash command that reads $ANTHROPIC_API_KEY via shell expansion and leaks it through an observable side channel. Scrubbing the subprocess environment removes the read primitive entirely.

What's scrubbed: Anthropic auth tokens, cloud provider credentials, GitHub Actions OIDC and runtime tokens, OTEL auth headers.

What's kept: GITHUB_TOKEN / GH_TOKEN — so wrapper scripts can still call the GitHub API.

Opt out: Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB: "0" at the job or step level if your workflow legitimately needs a subprocess to inherit these credentials.

No action required for most users — if you've configured allowed_non_write_users, scrubbing is now on automatically. If your workflow breaks because a subprocess expected inherited credentials, re-inject them explicitly (e.g., via MCP server env: config) or use the opt-out.

What's Changed

• Auto-set subprocess env scrub when allowed_non_write_users is configured by @​OctavianGuzu in #​1093

Full Changelog: anthropics/claude-code-action@v1.0.76...v1.0.77

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Change: v1.0.76 → v1.0.77 (patch update)

Major Changes:

• Introduces automatic subprocess environment scrubbing feature for workflows that configure allowed_non_write_users
• When allowed_non_write_users is set, the action automatically enables CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1
• This security enhancement requires Claude Code v2.1.79+ to function

Security Enhancement Details:

• Purpose: Protects against prompt injection attacks in workflows processing untrusted input
• Mechanism: Strips sensitive credentials from subprocess environments (Bash tool, hooks, MCP servers)
• Credentials Scrubbed:
  • Anthropic auth tokens
  • Cloud provider credentials
  • GitHub Actions OIDC and runtime tokens
  • OTEL auth headers
• Credentials Preserved: GITHUB_TOKEN / GH_TOKEN (for GitHub API access)
• Opt-out Available: Set CLAUDE_CODE_SUBPROCESS_ENV_SCRUB: "0" if needed

Breaking Changes: None

Bug Fixes: None explicitly mentioned

🎯 Impact Scope Investigation

Usage Locations Identified:

1. .github/workflows/ci.yml (line 232) - Content review job
2. .github/workflows/ci.yml (line 321) - Code review job
3. .github/workflows/claude.yml (line 35) - Interactive Claude job

Configuration Analysis:

• ❌ None of the workflows use allowed_non_write_users parameter
• ✅ Workflows use allowed_bots (ci.yml) or no user restrictions (claude.yml)
• ✅ No existing CLAUDE_CODE_SUBPROCESS_ENV_SCRUB configuration
• ✅ Workflows only use permitted Bash commands via --allowed-tools or claude_args

Dependency Impact:

• No package.json changes
• No transitive dependency updates
• Action only updates Git SHA reference in workflow files

Environment/Configuration Impact:

• No changes to environment variables required
• No changes to secrets management
• No impact on current subprocess behavior (feature only activates with allowed_non_write_users)

💡 Recommended Actions

Immediate Action:

• ✅ Safe to merge immediately - This is a backward-compatible security enhancement that does not affect current workflow configurations

Post-Merge Recommendations:

• None required - the new security feature is opt-in via allowed_non_write_users configuration

Future Considerations:

• If workflows are updated to process untrusted user input (e.g., PRs from non-write users), the subprocess environment scrubbing will activate automatically for added security
• Consider the security benefits if planning to enable broader user access in the future

🔗 Reference Links

• Release Notes v1.0.77
• Comparison v1.0.76...v1.0.77
• Pull Request #1093

Generated by koki-develop/claude-renovate-review