Skip to content

chore(deps): update bump-dependencies#38

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate.bump-dependencies
Open

chore(deps): update bump-dependencies#38
renovate[bot] wants to merge 1 commit intomainfrom
renovate.bump-dependencies

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 6, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Update Pending
@anthropic-ai/claude-code 2.1.1212.1.128 age confidence patch 2.1.132 (+2)
@google/gemini-cli 0.39.10.40.1 age confidence minor 0.41.2 (+2)
go (source) 1.26.11.26.3 age confidence patch
opencode-ai 1.14.281.14.33 age confidence patch 1.14.41 (+7)

Release Notes

anthropics/claude-code (@​anthropic-ai/claude-code)

v2.1.128

Compare Source

  • Bare /color (no args) now picks a random session color
  • /mcp now shows the tool count for connected servers and flags servers that connected with 0 tools
  • --plugin-dir now accepts .zip plugin archives in addition to directories
  • --channels now works with console (API key) authentication — console orgs with managed settings must set channelsEnabled: true to enable
  • Updated /model picker: collapsed duplicate Opus 4.7 entries, and current Opus now shows as "Opus" instead of "Opus 4.7"
  • Subprocesses (Bash, hooks, MCP, LSP) no longer inherit OTEL_* environment variables, so OTEL-instrumented apps run via the Bash tool no longer pick up the CLI's own OTLP endpoint
  • MCP: workspace is now a reserved server name — existing servers with that name will be skipped with a warning
  • Reconnecting MCP servers no longer flood the conversation with full tool-name lists on every reconnect — re-announced tools are summarized by server prefix
  • SDK hosts now receive a persistent localSettings suggestion for Bash permission prompts, so "Always allow" writes to .claude/settings.local.json
  • EnterWorktree now creates the new branch from local HEAD as documented, instead of origin/<default-branch> — unpushed commits are no longer dropped
  • Auto mode: when the classifier can't evaluate an action, the error now includes a hint (retry, /compact, or run with --debug)
  • Fixed focus mode briefly dimming the previous response when submitting a new prompt
  • Fixed stray "4;0;" desktop notification on every /exit in Kitty and other terminals that interpret OSC 9 as a notification
  • Fixed Remote Control showing an empty "Opening your options…" message on rate limit instead of actionable upsell options
  • Fixed drag-and-drop image upload hanging on "Pasting text…" when the image read fails
  • Fixed crash loop when piping very large input (>10 MB) to claude -p via stdin
  • Fixed long URLs not being individually clickable on every wrapped row in fullscreen mode
  • Fixed /plugin Components panel showing "Marketplace 'inline' not found" for plugins loaded via --plugin-dir
  • Fixed MCP tool results dropping images when the server returns both structured content and content blocks
  • Fixed fenced code blocks inside list items carrying leading whitespace into the clipboard on copy-paste
  • Fixed tab navigation in /config stranding focus — the tab header now stays focused so arrows and Esc keep working
  • Fixed markdown link labels being lost on terminals without OSC 8 hyperlink support — links now render as label (url) instead of just the URL
  • Fixed sessions on 1M-context models with a smaller autocompact window being falsely blocked with "Prompt is too long" before reaching the actual API limit
  • Fixed parallel shell tool calls: a failing read-only command (grep, git diff, ls) no longer cancels sibling calls
  • Fixed banner showing "with X effort" on models that don't support effort
  • Fixed /fast on 3P providers fuzzy-matching to an unrelated skill instead of showing "not available"
  • Fixed Bedrock default model resolving to global.* instead of the region-appropriate prefix
  • Fixed vim mode: Space in NORMAL mode now moves the cursor right, matching standard vi/vim behavior
  • Fixed terminal progress indicator (OSC 9;4) flickering off between tool calls — stays visible across the full turn
  • Fixed /rename without args failing on resumed sessions whose last entry is a compact boundary
  • Fixed stale "remote-control is active" status lines from prior sessions appearing after --resume/--continue
  • Fixed stale installed_plugins.json entries pointing at deleted cache directories polluting PATH
  • Fixed MCP stdio servers receiving corrupted arguments when CLAUDE_CODE_SHELL_PREFIX is set and an argument contains spaces or shell metacharacters
  • Fixed sub-agent progress summaries missing the prompt cache (~3× cache_creation reduction)
  • Fixed /plugin update never detecting new versions of npm-sourced plugins
  • Fixed sub-agent summaries firing repeatedly while a sub-agent's transcript is static, capping worst-case token cost on idle sub-agents
  • Headless --output-format stream-json: init.plugin_errors now includes --plugin-dir load failures in addition to dependency demotions

v2.1.126

  • The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway
    • Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports --dry-run, -y/--yes, -i/--interactive, and --all
  • --dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)
  • claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)
  • claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")
  • Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running
  • Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry
  • Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected
  • Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash
  • Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models
  • Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block
  • Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried
  • Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin
  • Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost
  • Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token
  • Fixed API retry countdown sticking at "0s" instead of counting down between attempts
  • Fixed "Stream idle timeout" error after waking Mac from sleep mid-request
  • Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses
  • Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns
  • Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals
  • Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state
  • Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode
  • Fixed Ctrl+L clearing the prompt input — it now only forces a screen redraw, matching readline behavior
  • Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn
  • Fixed plan-mode tools being unavailable in interactive sessions launched with --channels
  • Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"
  • Bounded total size of file-modified reminders when a linter touches many files at once
  • Fixed /remote-control retries appearing stuck on "connecting…" — each retry now shows its result
  • Fixed Remote Control failure notification not showing the error reason for initial connection failures
  • Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard
  • PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token
  • Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch

v2.1.123

Compare Source

  • Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set

v2.1.122

Compare Source

  • Added ANTHROPIC_BEDROCK_SERVICE_TIER environment variable to select a Bedrock service tier (default, flex, or priority), sent as the X-Amzn-Bedrock-Service-Tier header
  • Pasting a PR URL into the /resume search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)
  • /mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate
  • Clarified the /mcp message shown when an MCP server is still unauthorized after the browser sign-in flow
  • OpenTelemetry: numeric attributes on api_request/api_error log events are now emitted as numbers, not strings
  • OpenTelemetry: added claude_code.at_mention log event for @-mention resolution
  • Fixed /branch producing forks that fail with "tool_use ids were found without tool_result blocks" when the source session contained entries from rewound timelines
  • Fixed /model not showing the Effort option for Bedrock application inference profile ARNs, and those ARNs not receiving output_config.effort
  • Fixed Vertex AI / Bedrock returning invalid_request_error: output_config: Extra inputs are not permitted on session-title generation and other structured-output queries
  • Fixed Vertex AI count_tokens endpoint returning 400 errors for users behind proxy gateways
  • Fixed spinnerTipsOverride.excludeDefault not suppressing the time-based spinner tips
  • Fixed ToolSearch missing MCP tools that connected after session start in nonblocking mode
  • Fixed !exit / !quit in bash mode terminating the CLI instead of running as a shell command
  • Fixed images sent to newer models being resized to 2576px per side instead of the correct 2000px maximum
  • Fixed remote control session idle status redrawing twice per second, which could flood tmux -CC control pipes and pause the terminal
  • Fixed assistant messages appearing blank in some sessions due to a stale view preference
  • Fixed a malformed hooks entry in settings.json no longer invalidating the entire file
  • Voice mode: keybindings bound to Caps Lock now show an error since terminals don't deliver Caps Lock as a key event
google-gemini/gemini-cli (@​google/gemini-cli)

v0.40.1

Compare Source

What's Changed

Full Changelog: google-gemini/gemini-cli@v0.40.0...v0.40.1

v0.40.0

Compare Source

What's Changed

New Contributors

Full Changelog: google-gemini/gemini-cli@v0.39.1...v0.40.0

v0.40.0-preview.5

Compare Source

What's Changed

Full Changelog: google-gemini/gemini-cli@v0.40.0-preview.4...v0.40.0-preview.5

v0.40.0-preview.4

Compare Source

What's Changed

Full Changelog: google-gemini/gemini-cli@v0.40.0-preview.3...v0.40.0-preview.4

v0.40.0-preview.3

Compare Source

Full Changelog: google-gemini/gemini-cli@v0.40.0-preview.2...v0.40.0-preview.3

v0.40.0-preview.2

Compare Source

What's Changed

New Contributors

Full Changelog: google-gemini/gemini-cli@v0.39.0-preview.2...v0.40.0-preview.2

v0.40.0-nightly.20260415.g06e7621b2

Compare Source

What's Changed

New Contributors

Full Changelog: google-gemini/gemini-cli@v0.39.0-nightly.20260414.gdaf500623...v0.40.0-nightly.20260415.g06e7621b2

golang/go (go)

v1.26.3

v1.26.2

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Only on Wednesday (* * * * 3)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label May 6, 2026
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 6, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Dockerfile
Post-upgrade command './scripts/update-go-shas.sh' has not been added to the allowed list in allowedCommands

@renovate renovate Bot force-pushed the renovate.bump-dependencies branch from 1534509 to d5c6221 Compare May 7, 2026 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants