add security vulnerability action

Author: nicohrubec

.github/workflows/fix-security-vulnerability.yml

@@ -0,0 +1,38 @@
+name: Fix Security Vulnerability
+
+on:
+  dependabot_alert:
+    types: [created]
+  workflow_dispatch:
+    inputs:
+      alert:
+        description: 'Dependabot alert number or URL (e.g. 1046 or https://github.com/getsentry/sentry-javascript/security/dependabot/1046)'
+        required: true
+
+concurrency:
+  group: fix-security-vuln-${{ github.event.alert.number || github.event.inputs.alert }}
+  cancel-in-progress: false
+
+jobs:
+  fix-vulnerability:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+      security-events: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: develop
+
+      - uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          prompt: |
+            /fix-security-vulnerability ${{ github.event.alert.number || github.event.inputs.alert }}
+
+            IMPORTANT: Do NOT dismiss any alerts. Do NOT wait for approval.
+            Create a branch, apply the fix, and open a PR with your analysis
+            in the PR description. Target the develop branch.
+          claude_args: "--max-turns 20"