chore: update deps, pin Node 24 via mise, harden Claude code review workflow

- Bump better-auth, shadcn, oxfmt, oxlint, postcss, and pnpm to latest versions - Add mise.toml to pin Node 24 as the project runtime - Restrict claude-code-review to non-draft, non-bot, non-fork PRs; pin model to claude-opus-4-6 and scope allowed tools - Set claude-opus-4-6 as default model in the main Claude workflow
2026-04-17 10:28:46 -04:00 · 2026-04-08 09:23:38 -04:00
parent 5a1636baa3
commit 22ea1aa0bc
5 changed files with 305 additions and 294 deletions
--- a/.github/workflows/claude-code-review.yml
+++ b/.github/workflows/claude-code-review.yml
@@ -12,11 +12,12 @@ on:

 jobs:
  claude-review:
-    # Optional: Filter by PR author
-    # if: |
-    #   github.event.pull_request.user.login == 'external-contributor' ||
-    #   github.event.pull_request.user.login == 'new-developer' ||
-    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+    # Skip for bot PRs and fork PRs due to OIDC token limitations in pull_request_target
+    # Fork PRs fail because the actor in OIDC context is the fork contributor (read-only)
+    if: |
+      github.event.pull_request.draft == false &&
+      github.event.pull_request.user.type != 'Bot' &&
+      github.event.pull_request.head.repo.full_name == github.repository

    runs-on: ubuntu-latest
    permissions:
@@ -41,3 +42,7 @@ jobs:
          prompt: "/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}"
          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
          # or https://code.claude.com/docs/en/cli-reference for available options
+          track_progress: true
+          claude_args: |
+            --model 'claude-opus-4-6'
+            --allowedTools 'mcp__github_inline_comment__create_inline_comment,Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*)'
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -46,4 +46,4 @@ jobs:
          # Optional: Add claude_args to customize behavior and configuration
          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
          # or https://code.claude.com/docs/en/cli-reference for available options
-          # claude_args: '--allowed-tools Bash(gh pr:*)'
+          claude_args: "--model claude-opus-4-6"
--- a/mise.toml
+++ b/mise.toml
@@ -0,0 +1,2 @@
+[tools]
+node = "24"
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
    "@vercel/analytics": "^2.0.1",
    "@vercel/functions": "^3.4.3",
    "@vercel/speed-insights": "^2.0.0",
-    "better-auth": "^1.5.6",
+    "better-auth": "^1.6.0",
    "cheerio": "^1.2.0",
    "class-variance-authority": "^0.7.1",
    "clsx": "^2.1.1",
@@ -70,7 +70,7 @@
    "remark-smartypants": "^3.0.2",
    "remark-strip-mdx-imports-exports": "^1.0.1",
    "server-only": "0.0.1",
-    "shadcn": "^4.1.2",
+    "shadcn": "^4.2.0",
    "shiki": "^4.0.2",
    "sonner": "^2.0.7",
    "tailwind-merge": "^3.5.0",
@@ -89,9 +89,9 @@
    "cross-env": "^10.1.0",
    "dotenv": "^17.4.1",
    "drizzle-kit": "^0.31.10",
-    "oxfmt": "^0.43.0",
-    "oxlint": "^1.58.0",
-    "postcss": "^8.5.8",
+    "oxfmt": "^0.44.0",
+    "oxlint": "^1.59.0",
+    "postcss": "^8.5.9",
    "schema-dts": "^2.0.0",
    "tailwindcss": "^4.2.2",
    "tw-animate-css": "^1.4.0",
@@ -100,7 +100,7 @@
  "engines": {
    "node": ">=24.x"
  },
-  "packageManager": "pnpm@10.30.0+sha512.2b5753de015d480eeb88f5b5b61e0051f05b4301808a82ec8b840c9d2adf7748eb352c83f5c1593ca703ff1017295bc3fdd3119abb9686efc96b9fcb18200937",
+  "packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319",
  "pnpm": {
    "onlyBuiltDependencies": [
      "esbuild",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml