Bump @anthropic-ai/claude-code from 2.1.2 to 2.1.53

[dependabot]

Bumps @anthropic-ai/claude-code from 2.1.2 to 2.1.53.

Release notes

Sourced from @​anthropic-ai/claude-code's releases.

v2.1.53

What's changed

• Fixed a UI flicker where user input would briefly disappear after submission before the message rendered
• Fixed bulk agent kill (ctrl+f) to send a single aggregate notification instead of one per agent, and to properly clear the command queue
• Fixed graceful shutdown sometimes leaving stale sessions when using Remote Control by parallelizing teardown network calls
• Fixed --worktree sometimes being ignored on first launch
• Fixed a panic ("switch on corrupted value") on Windows
• Fixed a crash that could occur when spawning many processes on Windows
• Fixed a crash in the WebAssembly interpreter on Linux x64 & Windows x64
• Fixed a crash that sometimes occurred after 2 minutes on Windows ARM64

v2.1.52

What's changed

• VS Code: Fixed extension crash on Windows ("command 'claude-vscode.editor.openLast' not found")

v2.1.51

What's changed

• Added claude remote-control subcommand for external builds, enabling local environment serving for all users.
• Updated plugin marketplace default git timeout from 30s to 120s and added CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS to configure.
• Added support for custom npm registries and specific version pinning when installing plugins from npm sources
• BashTool now skips login shell (-l flag) by default when a shell snapshot is available, improving command execution performance. Previously this required setting CLAUDE_BASH_NO_LOGIN=true.
• Fixed a security issue where statusLine and fileSuggestion hook commands could execute without workspace trust acceptance in interactive mode.
• Tool results larger than 50K characters are now persisted to disk (previously 100K). This reduces context window usage and improves conversation longevity.
• Fixed a security issue where HTTP hooks could interpolate arbitrary environment variables from header values. Env var interpolation now requires an explicit allowedEnvVars list in the hook configuration.
• Fixed a bug where duplicate control_response messages (e.g. from WebSocket reconnects) could cause API 400 errors by pushing duplicate assistant messages into the conversation.
• Added CLAUDE_CODE_ACCOUNT_UUID, CLAUDE_CODE_USER_EMAIL, and CLAUDE_CODE_ORGANIZATION_UUID environment variables for SDK callers to provide account info synchronously, eliminating a race condition where early telemetry events lacked account metadata.
• Fixed slash command autocomplete crashing when a plugin's SKILL.md description is a YAML array or other non-string type
• HTTP hooks are now routed through the sandbox network proxy when sandboxing is enabled, enforcing the domain allowlist. HTTP hooks are not supported for SessionStart/Setup events.
• The /model picker now shows human-readable labels (e.g., "Sonnet 4.5") instead of raw model IDs for pinned model versions, with an upgrade hint when a newer version is available.

v2.1.50

What's changed

• Added support for startupTimeout configuration for LSP servers
• Added WorktreeCreate and WorktreeRemove hook events, enabling custom VCS setup and teardown when agent worktree isolation creates or removes worktrees.
• Fixed a bug where resumed sessions could be invisible when the working directory involved symlinks, because the session storage path was resolved at different times during startup. Also fixed session data loss on SSH disconnect by flushing session data before hooks and analytics in the graceful shutdown sequence.
• Linux: Fixed native modules not loading on systems with glibc older than 2.30 (e.g., RHEL 8)
• Fixed memory leak in agent teams where completed teammate tasks were never garbage collected from session state
• Fixed CLAUDE_CODE_SIMPLE to fully strip down skills, session memory, custom agents, and CLAUDE.md token counting
• Fixed /mcp reconnect freezing the CLI when given a server name that doesn't exist
• Fixed memory leak where completed task state objects were never removed from AppState
• Added support for isolation: worktree in agent definitions, allowing agents to declaratively run in isolated git worktrees.
• CLAUDE_CODE_SIMPLE mode now also disables MCP tools, attachments, hooks, and CLAUDE.md file loading for a fully minimal experience.
• Fixed bug where MCP tools were not discovered when tool search is enabled and a prompt is passed in as a launch argument
• Improved memory usage during long sessions by clearing internal caches after compaction
• Added claude agents CLI command to list all configured agents
• Improved memory usage during long sessions by clearing large tool results after they have been processed

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-code's changelog.

2.1.53

• Fixed a UI flicker where user input would briefly disappear after submission before the message rendered
• Fixed bulk agent kill (ctrl+f) to send a single aggregate notification instead of one per agent, and to properly clear the command queue
• Fixed graceful shutdown sometimes leaving stale sessions when using Remote Control by parallelizing teardown network calls
• Fixed --worktree sometimes being ignored on first launch
• Fixed a panic ("switch on corrupted value") on Windows
• Fixed a crash that could occur when spawning many processes on Windows
• Fixed a crash in the WebAssembly interpreter on Linux x64 & Windows x64
• Fixed a crash that sometimes occurred after 2 minutes on Windows ARM64

2.1.52

• VS Code: Fixed extension crash on Windows ("command 'claude-vscode.editor.openLast' not found")

2.1.51

• Added claude remote-control subcommand for external builds, enabling local environment serving for all users.
• Updated plugin marketplace default git timeout from 30s to 120s and added CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS to configure.
• Added support for custom npm registries and specific version pinning when installing plugins from npm sources
• BashTool now skips login shell (-l flag) by default when a shell snapshot is available, improving command execution performance. Previously this required setting CLAUDE_BASH_NO_LOGIN=true.
• Fixed a security issue where statusLine and fileSuggestion hook commands could execute without workspace trust acceptance in interactive mode.
• Tool results larger than 50K characters are now persisted to disk (previously 100K). This reduces context window usage and improves conversation longevity.
• Fixed a bug where duplicate control_response messages (e.g. from WebSocket reconnects) could cause API 400 errors by pushing duplicate assistant messages into the conversation.
• Added CLAUDE_CODE_ACCOUNT_UUID, CLAUDE_CODE_USER_EMAIL, and CLAUDE_CODE_ORGANIZATION_UUID environment variables for SDK callers to provide account info synchronously, eliminating a race condition where early telemetry events lacked account metadata.
• Fixed slash command autocomplete crashing when a plugin's SKILL.md description is a YAML array or other non-string type
• The /model picker now shows human-readable labels (e.g., "Sonnet 4.5") instead of raw model IDs for pinned model versions, with an upgrade hint when a newer version is available.
• Managed settings can now be set via macOS plist or Windows Registry. Learn more at https://code.claude.com/docs/en/settings#settings-files

2.1.50

• Added support for startupTimeout configuration for LSP servers
• Added WorktreeCreate and WorktreeRemove hook events, enabling custom VCS setup and teardown when agent worktree isolation creates or removes worktrees.
• Fixed a bug where resumed sessions could be invisible when the working directory involved symlinks, because the session storage path was resolved at different times during startup. Also fixed session data loss on SSH disconnect by flushing session data before hooks and analytics in the graceful shutdown sequence.
• Linux: Fixed native modules not loading on systems with glibc older than 2.30 (e.g., RHEL 8)
• Fixed memory leak in agent teams where completed teammate tasks were never garbage collected from session state
• Fixed CLAUDE_CODE_SIMPLE to fully strip down skills, session memory, custom agents, and CLAUDE.md token counting
• Fixed /mcp reconnect freezing the CLI when given a server name that doesn't exist
• Fixed memory leak where completed task state objects were never removed from AppState
• Added support for isolation: worktree in agent definitions, allowing agents to declaratively run in isolated git worktrees.
• CLAUDE_CODE_SIMPLE mode now also disables MCP tools, attachments, hooks, and CLAUDE.md file loading for a fully minimal experience.
• Fixed bug where MCP tools were not discovered when tool search is enabled and a prompt is passed in as a launch argument
• Improved memory usage during long sessions by clearing internal caches after compaction
• Added claude agents CLI command to list all configured agents
• Improved memory usage during long sessions by clearing large tool results after they have been processed
• Fixed a memory leak where LSP diagnostic data was never cleaned up after delivery, causing unbounded memory growth in long sessions
• Fixed a memory leak where completed task output was not freed from memory, reducing memory usage in long sessions with many tasks
• Improved startup performance for headless mode (-p flag) by deferring Yoga WASM and UI component imports
• Fixed prompt suggestion cache regression that reduced cache hit rates
• Fixed unbounded memory growth in long sessions by capping file history snapshots

... (truncated)

Commits

• 6e7f65e chore: Update CHANGELOG.md
• 8799bb0 Merge pull request #28243 from anthropics/oct/non-write-users-check
• 05a2bde chore: Update CHANGELOG.md
• 3c917df Add non-write users check workflow
• 8f0fe03 chore: Update CHANGELOG.md
• baf29b8 chore: Update CHANGELOG.md
• 6aecb15 chore: Update CHANGELOG.md
• 76826f2 Merge pull request #27911 from anthropics/oct/use-label-script-for-triage
• 3592c8b Use wrapper script for label operations in issue triage
• 3ad3231 chore: Update CHANGELOG.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud