Update GitHub Action Versions

[morisil]

GitHub Actions Version Updates

• anthropics/claude-code-action published a new release v1.0.99 on 2026-04-16T20:01:19Z

[claude]

Code Review: Update GitHub Action Versions

Overview

This PR bumps anthropics/claude-code-action from v1.0.97 to v1.0.99 in both workflow files:

• .github/workflows/claude-code.yml
• .github/workflows/claude-code-review.yml

The change is minimal, consistent, and straightforward — exactly what a dependency update PR should look like.

---

Code Quality & Style

• The update is applied symmetrically across both files that reference the action, which is correct.
• No extraneous whitespace or formatting changes — clean diff.

---

Potential Issues / Risks

• Skipped version (v1.0.98): The bump goes from v1.0.97 directly to v1.0.99, skipping v1.0.98. This is not necessarily a problem (patch releases are often superseded quickly), but it is worth confirming that v1.0.99 is the intended latest stable release and that no breaking changes were introduced across the skipped patch increment.
• No SHA pinning: Both workflows pin to a mutable semver tag rather than an immutable commit SHA (e.g. anthropics/claude-code-action@<sha>). Mutable tags can be force-pushed, which is a supply-chain security risk. For a .github meta-repository whose workflows are consumed by the whole organization, pinning to a SHA and maintaining it via a tool like Dependabot or this repo's own action-version-updater.yml would be the safest approach. That said, this is a pre-existing pattern and out of scope for this PR.

---

Security

No new security concerns introduced by this PR. The version bump is low-risk; the SHA-pinning gap noted above is a pre-existing posture issue, not something introduced here.

---

Verdict

The change is correct and safe to merge. The version bump is consistent across both workflow files, the diff is minimal, and no logic is altered. Recommend approving.