chore: bump Claude Code version to 2.0.13

chore: bump Claude Code version to 2.0.12
chore: bump Claude Code version to 2.0.11
2026-01-23 23:14:13 +08:00 · 2025-10-09 17:53:02 +00:00 · 2025-10-09 16:41:48 +00:00 · 2025-10-08 20:36:56 +00:00 · 2025-10-07 21:14:39 +00:00 · 2025-10-06 21:57:24 +00:00
3 changed files with 6 additions and 2 deletions
--- a/action.yml
+++ b/action.yml
@@ -177,7 +177,7 @@ runs:
        # Install Claude Code if no custom executable is provided
        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
          echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.2
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.13
          echo "$HOME/.local/bin" >> "$GITHUB_PATH"
        else
          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
--- a/base-action/action.yml
+++ b/base-action/action.yml
@@ -99,7 +99,7 @@ runs:
      run: |
        if [ -z "${{ inputs.path_to_claude_code_executable }}" ]; then
          echo "Installing Claude Code..."
-          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.2
+          curl -fsSL https://claude.ai/install.sh | bash -s 2.0.13
        else
          echo "Using custom Claude Code executable: ${{ inputs.path_to_claude_code_executable }}"
          # Add the directory containing the custom executable to PATH
--- a/docs/security.md
+++ b/docs/security.md
@@ -13,6 +13,10 @@
 - **No Cross-Repository Access**: Each action invocation is limited to the repository where it was triggered
 - **Limited Scope**: The token cannot access other repositories or perform actions beyond the configured permissions
 ## ⚠️ Prompt Injection Risks
 **Beware of potential hidden markdown when tagging Claude on untrusted content.** External contributors may include hidden instructions through HTML comments, invisible characters, hidden attributes, or other techniques. The action sanitizes content by stripping HTML comments, invisible characters, markdown image alt text, hidden HTML attributes, and HTML entities, but new bypass techniques may emerge. We recommend reviewing the raw content of all input coming from external contributors before allowing Claude to process it.
 ## GitHub App Permissions
 The [Claude Code GitHub app](https://github.com/apps/claude) requires these permissions:
Author	SHA1	Message	Date
GitHub Actions	777ffcbfc9	chore: bump Claude Code version to 2.0.13	2025-10-09 17:53:02 +00:00
GitHub Actions	dc58efed33	chore: bump Claude Code version to 2.0.12	2025-10-09 16:41:48 +00:00
GitHub Actions	e5437bfbc5	chore: bump Claude Code version to 2.0.11	2025-10-08 20:36:56 +00:00
GitHub Actions	b2dd1006a0	chore: bump Claude Code version to 2.0.10	2025-10-07 21:14:39 +00:00
GitHub Actions	ac1a3207f3	chore: bump Claude Code version to 2.0.9	2025-10-06 21:57:24 +00:00
Ashwin Bhat	521d069da7	docs: add prompt injection security note (#604 ) * docs: add prompt injection security note Add warning about potential hidden markdown in untrusted content from external contributors. Documents existing sanitization measures while acknowledging new bypass techniques may emerge. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * Update docs/security.md Co-authored-by: David Dworken <dworken@anthropic.com> * format --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: David Dworken <dworken@anthropic.com>	2025-10-06 09:51:50 -07:00
GitHub Actions	7e4b782d5f	chore: bump Claude Code version to 2.0.8	2025-10-04 23:17:33 +00:00
GitHub Actions	4fb0ef3be0	chore: bump Claude Code version to 2.0.5	2025-10-02 19:29:43 +00:00
GitHub Actions	14ac8aa20e	chore: bump Claude Code version to 2.0.1	2025-10-01 02:30:10 +00:00