chore(claude-code-action): update anthropics/claude-code-action action to v1.0.77#155
Merged
renovate[bot] merged 1 commit intomainfrom Mar 24, 2026
Conversation
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
![panicboat[bot]](https://avatars.githubusercontent.com/u/4182311?s=60&v=4){kind=small}
renovate
bot
deleted the
renovate/claude-code-actionanthropicsclaude-code-action
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.0.76→v1.0.77Release Notes
anthropics/claude-code-action (anthropics/claude-code-action)
v1.0.77Compare Source
Subprocess environment scrubbing for untrusted-input workflows
Workflows that configure
allowed_non_write_usersnow automatically getCLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1, which makes Claude Code (v2.1.79+) strip Anthropic and cloud provider credentials from the environment of subprocesses it spawns (Bash tool, hooks, MCP stdio servers). The parent Claude process keeps these vars for its own API calls — only child subprocess environments are scrubbed.Why: Workflows that process untrusted input (issue triage, PR review from non-write users) are exposed to prompt injection. A malicious issue body could trick Claude into running a Bash command that reads
$ANTHROPIC_API_KEYvia shell expansion and leaks it through an observable side channel. Scrubbing the subprocess environment removes the read primitive entirely.What's scrubbed: Anthropic auth tokens, cloud provider credentials, GitHub Actions OIDC and runtime tokens, OTEL auth headers.
What's kept:
GITHUB_TOKEN/GH_TOKEN— so wrapper scripts can still call the GitHub API.Opt out: Set
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB: "0"at the job or step level if your workflow legitimately needs a subprocess to inherit these credentials.No action required for most users — if you've configured
allowed_non_write_users, scrubbing is now on automatically. If your workflow breaks because a subprocess expected inherited credentials, re-inject them explicitly (e.g., via MCP serverenv:config) or use the opt-out.What's Changed
Full Changelog: anthropics/claude-code-action@v1.0.76...v1.0.77
Configuration
📅 Schedule: Branch creation - "before 4am every weekday" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.