fix(deps): update all non-major dependencies #1150
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Claude Code Review | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| # Skip reviews for non-code changes | |
| paths-ignore: | |
| - "**/*.md" | |
| - "**/package-lock.json" | |
| - "**/pnpm-lock.yaml" | |
| - "**/.gitignore" | |
| - "**/LICENSE" | |
| - "**/*.config.js" | |
| - "**/*.config.ts" | |
| - "**/tsconfig.json" | |
| - "**/.github/workflows/*.yml" | |
| - "**/docs/**" | |
| jobs: | |
| claude-review: | |
| # Skip review for bot PRs and WIP/skip-review PRs | |
| # Only run if changes are significant (>10 lines) | |
| if: | | |
| (github.event.pull_request.additions > 10 || github.event.pull_request.deletions > 10) && | |
| !contains(github.event.pull_request.title, '[skip-review]') && | |
| !contains(github.event.pull_request.title, '[WIP]') && | |
| !endsWith(github.event.pull_request.user.login, '[bot]') && | |
| github.event.pull_request.user.login != 'dependabot' && | |
| github.event.pull_request.user.login != 'renovate' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| issues: read | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run Claude Code Review | |
| id: claude-review | |
| uses: anthropics/claude-code-action@beta | |
| with: | |
| claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} | |
| # Optional: Specify model (defaults to Claude Sonnet 4, uncomment for Claude Opus 4) | |
| # model: "claude-opus-4-20250514" | |
| # Direct prompt for automated review (no @claude mention needed) | |
| direct_prompt: | | |
| IMPORTANT: Review ONLY the DIFF/CHANGESET - the actual lines that were added or modified in this PR. | |
| DO NOT review the entire file context, only analyze the specific changes being made. | |
| Look for HIGH-PRIORITY issues in the CHANGED LINES ONLY: | |
| 1. CRITICAL BUGS: Logic errors, null pointer issues, infinite loops, race conditions | |
| 2. SECURITY: SQL injection, XSS, authentication bypass, exposed secrets, unsafe operations | |
| 3. BREAKING CHANGES: API contract violations, removed exports, changed function signatures | |
| 4. DATA LOSS RISKS: Destructive operations without safeguards, missing data validation | |
| DO NOT comment on: | |
| - Code that wasn't changed in this PR | |
| - Style, formatting, or documentation | |
| - Test coverage (unless tests are broken by the changes) | |
| - Minor optimizations or best practices | |
| - Existing code issues that weren't introduced by this PR | |
| If you find no critical issues in the DIFF, respond with: "✅ No critical issues found in changes" | |
| Keep response under 10 lines. Reference specific line numbers from the diff when reporting issues. | |
| # Optional: Use sticky comments to make Claude reuse the same comment on subsequent pushes to the same PR | |
| use_sticky_comment: true | |
| # Context-aware review based on PR characteristics | |
| # Uncomment to enable different review strategies based on context | |
| # direct_prompt: | | |
| # ${{ | |
| # (github.event.pull_request.additions > 500) && | |
| # 'Large PR detected. Focus only on architectural issues and breaking changes. Skip minor issues.' || | |
| # contains(github.event.pull_request.title, 'fix') && | |
| # 'Bug fix PR: Verify the fix addresses the root cause and check for regression risks.' || | |
| # contains(github.event.pull_request.title, 'deps') && | |
| # 'Dependency update: Check for breaking changes and security advisories only.' || | |
| # contains(github.event.pull_request.title, 'refactor') && | |
| # 'Refactor PR: Verify no behavior changes and check for performance regressions.' || | |
| # contains(github.event.pull_request.title, 'feat') && | |
| # 'New feature: Check for security issues, edge cases, and integration problems only.' || | |
| # 'Standard review: Check for critical bugs, security issues, and breaking changes only.' | |
| # }} | |
| # Optional: Add specific tools for running tests or linting | |
| # allowed_tools: "Bash(npm run test),Bash(npm run lint),Bash(npm run typecheck)" | |
| # Optional: Skip review for certain conditions | |
| # if: | | |
| # !contains(github.event.pull_request.title, '[skip-review]') && | |
| # !contains(github.event.pull_request.title, '[WIP]') | |