Bump @anthropic-ai/claude-code from 2.1.7 to 2.1.53 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: @anthropic-ai/claude-code.

Updates @anthropic-ai/claude-code from 2.1.7 to 2.1.53

Release notes

Sourced from @​anthropic-ai/claude-code's releases.

v2.1.53

What's changed

• Fixed a UI flicker where user input would briefly disappear after submission before the message rendered
• Fixed bulk agent kill (ctrl+f) to send a single aggregate notification instead of one per agent, and to properly clear the command queue
• Fixed graceful shutdown sometimes leaving stale sessions when using Remote Control by parallelizing teardown network calls
• Fixed --worktree sometimes being ignored on first launch
• Fixed a panic ("switch on corrupted value") on Windows
• Fixed a crash that could occur when spawning many processes on Windows
• Fixed a crash in the WebAssembly interpreter on Linux x64 & Windows x64
• Fixed a crash that sometimes occurred after 2 minutes on Windows ARM64

v2.1.52

What's changed

• VS Code: Fixed extension crash on Windows ("command 'claude-vscode.editor.openLast' not found")

v2.1.51

What's changed

• Added claude remote-control subcommand for external builds, enabling local environment serving for all users.
• Updated plugin marketplace default git timeout from 30s to 120s and added CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS to configure.
• Added support for custom npm registries and specific version pinning when installing plugins from npm sources
• BashTool now skips login shell (-l flag) by default when a shell snapshot is available, improving command execution performance. Previously this required setting CLAUDE_BASH_NO_LOGIN=true.
• Fixed a security issue where statusLine and fileSuggestion hook commands could execute without workspace trust acceptance in interactive mode.
• Tool results larger than 50K characters are now persisted to disk (previously 100K). This reduces context window usage and improves conversation longevity.
• Fixed a security issue where HTTP hooks could interpolate arbitrary environment variables from header values. Env var interpolation now requires an explicit allowedEnvVars list in the hook configuration.
• Fixed a bug where duplicate control_response messages (e.g. from WebSocket reconnects) could cause API 400 errors by pushing duplicate assistant messages into the conversation.
• Added CLAUDE_CODE_ACCOUNT_UUID, CLAUDE_CODE_USER_EMAIL, and CLAUDE_CODE_ORGANIZATION_UUID environment variables for SDK callers to provide account info synchronously, eliminating a race condition where early telemetry events lacked account metadata.
• Fixed slash command autocomplete crashing when a plugin's SKILL.md description is a YAML array or other non-string type
• HTTP hooks are now routed through the sandbox network proxy when sandboxing is enabled, enforcing the domain allowlist. HTTP hooks are not supported for SessionStart/Setup events.
• The /model picker now shows human-readable labels (e.g., "Sonnet 4.5") instead of raw model IDs for pinned model versions, with an upgrade hint when a newer version is available.

v2.1.50

What's changed

• Added support for startupTimeout configuration for LSP servers
• Added WorktreeCreate and WorktreeRemove hook events, enabling custom VCS setup and teardown when agent worktree isolation creates or removes worktrees.
• Fixed a bug where resumed sessions could be invisible when the working directory involved symlinks, because the session storage path was resolved at different times during startup. Also fixed session data loss on SSH disconnect by flushing session data before hooks and analytics in the graceful shutdown sequence.
• Linux: Fixed native modules not loading on systems with glibc older than 2.30 (e.g., RHEL 8)
• Fixed memory leak in agent teams where completed teammate tasks were never garbage collected from session state
• Fixed CLAUDE_CODE_SIMPLE to fully strip down skills, session memory, custom agents, and CLAUDE.md token counting
• Fixed /mcp reconnect freezing the CLI when given a server name that doesn't exist
• Fixed memory leak where completed task state objects were never removed from AppState
• Added support for isolation: worktree in agent definitions, allowing agents to declaratively run in isolated git worktrees.
• CLAUDE_CODE_SIMPLE mode now also disables MCP tools, attachments, hooks, and CLAUDE.md file loading for a fully minimal experience.
• Fixed bug where MCP tools were not discovered when tool search is enabled and a prompt is passed in as a launch argument
• Improved memory usage during long sessions by clearing internal caches after compaction
• Added claude agents CLI command to list all configured agents
• Improved memory usage during long sessions by clearing large tool results after they have been processed

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-code's changelog.

2.1.79

• Added --console flag to claude auth login for Anthropic Console (API billing) authentication
• Added "Show turn duration" toggle to the /config menu
• Fixed claude -p hanging when spawned as a subprocess without explicit stdin (e.g. Python subprocess.run)
• Fixed Ctrl+C not working in -p (print) mode
• Fixed /btw returning the main agent's output instead of answering the side question when triggered during streaming
• Fixed voice mode not activating correctly on startup when voiceEnabled: true is set
• Fixed left/right arrow tab navigation in /permissions
• Fixed CLAUDE_CODE_DISABLE_TERMINAL_TITLE not preventing terminal title from being set on startup
• Fixed custom status line showing nothing when workspace trust is blocking it
• Fixed enterprise users being unable to retry on rate limit (429) errors
• Fixed SessionEnd hooks not firing when using interactive /resume to switch sessions
• Improved startup memory usage by ~18MB across all scenarios
• Improved non-streaming API fallback with a 2-minute per-attempt timeout, preventing sessions from hanging indefinitely
• CLAUDE_CODE_PLUGIN_SEED_DIR now supports multiple seed directories separated by the platform path delimiter (: on Unix, ; on Windows)
• [VSCode] Added /remote-control — bridge your session to claude.ai/code to continue from a browser or phone
• [VSCode] Session tabs now get AI-generated titles based on your first message
• [VSCode] Fixed the thinking pill showing "Thinking" instead of "Thought for Ns" after a response completes
• [VSCode] Fixed missing session diff button when opening sessions from the left sidebar

2.1.78

• Added StopFailure hook event that fires when the turn ends due to an API error (rate limit, auth failure, etc.)
• Added ${CLAUDE_PLUGIN_DATA} variable for plugin persistent state that survives plugin updates; /plugin uninstall prompts before deleting it
• Added effort, maxTurns, and disallowedTools frontmatter support for plugin-shipped agents
• Terminal notifications (iTerm2/Kitty/Ghostty popups, progress bar) now reach the outer terminal when running inside tmux with set -g allow-passthrough on
• Response text now streams line-by-line as it's generated
• Fixed git log HEAD failing with "ambiguous argument" inside sandboxed Bash on Linux, and stub files polluting git status in the working directory
• Fixed cc log and --resume silently truncating conversation history on large sessions (>5 MB) that used subagents
• Fixed infinite loop when API errors triggered stop hooks that re-fed blocking errors to the model
• Fixed deny: ["mcp__servername"] permission rules not removing MCP server tools before sending to the model, allowing it to see and attempt blocked tools
• Fixed sandbox.filesystem.allowWrite not working with absolute paths (previously required // prefix)
• Fixed /sandbox Dependencies tab showing Linux prerequisites on macOS instead of macOS-specific info
• Security: Fixed silent sandbox disable when sandbox.enabled: true is set but dependencies are missing — now shows a visible startup warning
• Fixed .git, .claude, and other protected directories being writable without a prompt in bypassPermissions mode
• Fixed ctrl+u in normal mode scrolling instead of readline kill-line (ctrl+u/ctrl+d half-page scroll moved to transcript mode only)
• Fixed voice mode modifier-combo push-to-talk keybindings (e.g. ctrl+k) requiring a hold instead of activating immediately
• Fixed voice mode not working on WSL2 with WSLg (Windows 11); WSL1/Win10 users now get a clear error
• Fixed --worktree flag not loading skills and hooks from the worktree directory
• Fixed CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS and includeGitInstructions setting not suppressing the git status section in the system prompt
• Fixed Bash tool not finding Homebrew and other PATH-dependent binaries when VS Code is launched from Dock/Spotlight
• Fixed washed-out Claude orange color in VS Code/Cursor/code-server terminals that don't advertise truecolor support
• Added ANTHROPIC_CUSTOM_MODEL_OPTION env var to add a custom entry to the /model picker, with optional _NAME and _DESCRIPTION suffixed vars for display
• Fixed ANTHROPIC_BETAS environment variable being silently ignored when using Haiku models
• Fixed queued prompts being concatenated without a newline separator
• Improved memory usage and startup time when resuming large sessions
• [VSCode] Fixed a brief flash of the login screen when opening the sidebar while already authenticated
• [VSCode] Fixed "API Error: Rate limit reached" when selecting Opus — model dropdown no longer offers 1M context variant to subscribers whose plan tier is unknown

... (truncated)

Commits

• 6e7f65e chore: Update CHANGELOG.md
• 8799bb0 Merge pull request #28243 from anthropics/oct/non-write-users-check
• 05a2bde chore: Update CHANGELOG.md
• 3c917df Add non-write users check workflow
• 8f0fe03 chore: Update CHANGELOG.md
• baf29b8 chore: Update CHANGELOG.md
• 6aecb15 chore: Update CHANGELOG.md
• 76826f2 Merge pull request #27911 from anthropics/oct/use-label-script-for-triage
• 3592c8b Use wrapper script for label operations in issue triage
• 3ad3231 chore: Update CHANGELOG.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.