From 25f20b8860f08baf4122df1d953bbc31e74496bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= <speed47_github@speed47.net>
Date: Sat, 18 Apr 2026 13:29:54 +0000
Subject: [PATCH] chore: fix workflow perms (#558)

---
 .github/workflows/vuln-scan.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
index bf2e4b3..7e61bdf 100644
--- a/.github/workflows/vuln-scan.yml
+++ b/.github/workflows/vuln-scan.yml
@@ -8,6 +8,7 @@ on:
 permissions:
   contents: read
   actions: read           # needed to list/download previous run artifacts
+  id-token: write
 
 concurrency:
   group: vuln-scan
@@ -72,7 +73,7 @@ jobs:
       # state/seen.json, the 25-hour window, the output files to write,
       # and how to rewrite state/seen.json at the end of the run.
       - name: Run vulnerability scan with Claude Opus
-        uses: anthropics/claude-code-base-action@v1
+        uses: anthropics/claude-code-action@v1
         env:
           SCAN_DATE: ${{ github.run_started_at }}
         with: