This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new c00ee58 chore(setup): bump pinned claude-code 2.1.150 -> 2.1.165
(#463)
c00ee58 is described below
commit c00ee58798b69c607e641ed4c89c2a4432e32b0c
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sat Jun 6 23:58:15 2026 +0200
chore(setup): bump pinned claude-code 2.1.150 -> 2.1.165 (#463)
Aged past the tool's 1-day cooldown (released 2026-06-05). Changelog
across 2.1.151-2.1.165 reviewed: forward improvements and security
hardening (2.1.162 hardened cross-session messaging, 2.1.160 added a
guard before writing shell startup files, 2.1.163 fixed a $TMPDIR
regression) - nothing that changes the framework's permission-rule,
sandbox, or prompt-injection semantics.
Also realigns the install commands in docs/setup/secure-agent-setup.md,
which still pinned the stale 2.1.141 (the prior 2.1.150 bump did not
sync the doc).
Generated-by: Claude Code (Opus 4.8)
---
docs/setup/secure-agent-setup.md | 4 ++--
tools/agent-isolation/pinned-versions.toml | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/setup/secure-agent-setup.md b/docs/setup/secure-agent-setup.md
index 1e5ff5d..be8cd79 100644
--- a/docs/setup/secure-agent-setup.md
+++ b/docs/setup/secure-agent-setup.md
@@ -154,7 +154,7 @@ The same flow, condensed to commands you run yourself:
# section: "Required tools (pinned versions)" below.
sudo apt-get install --no-install-recommends \
bubblewrap=0.11.2-* socat=1.8.1.1-*
-npm install -g --no-save @anthropic-ai/[email protected]
+npm install -g --no-save @anthropic-ai/[email protected]
# 2. Project-scope `.claude/settings.json`. Copy the framework's
# sandbox / permissions.deny / permissions.ask / allowedDomains
@@ -252,7 +252,7 @@ version, no pin enforced — Homebrew rolls forward, so the
```bash
# npm distribution (the only stable channel today)
-npm install -g --no-save @anthropic-ai/[email protected]
+npm install -g --no-save @anthropic-ai/[email protected]
```
### Distro-specific shortcut — Linux Mint 22.x / Ubuntu 24.04 Noble
diff --git a/tools/agent-isolation/pinned-versions.toml
b/tools/agent-isolation/pinned-versions.toml
index e93a0ad..06d89af 100644
--- a/tools/agent-isolation/pinned-versions.toml
+++ b/tools/agent-isolation/pinned-versions.toml
@@ -52,7 +52,7 @@
# When this file was last touched. The check script uses this as the
# minimum age the entries below claim to satisfy.
-pinned_at = "2026-05-25"
+pinned_at = "2026-06-06"
[tools.bubblewrap]
version = "0.11.2"
@@ -91,8 +91,8 @@ install.dnf = "dnf install socat-1.8.1.1"
install.from_source =
"http://www.dest-unreach.org/socat/download/socat-1.8.1.1.tar.gz";
[tools.claude-code]
-version = "2.1.150"
-released = "2026-05-23"
+version = "2.1.165"
+released = "2026-06-05"
# Override the framework-wide 7-day default. Claude Code releases
# cadence is high (multiple releases per week) and any regression
# that affects the framework's permission-rule semantics, sandbox
@@ -118,5 +118,5 @@ upstream_releases =
"https://api.github.com/repos/anthropics/claude-code/release
# Claude Code is distributed via npm; use `--no-save` so the global
# install doesn't drift the local lockfile of any project the user
# installs from.
-install.npm = "npm install -g --no-save @anthropic-ai/[email protected]"
-install.brew = "# brew tap anthropics/claude-code; brew install
[email protected] (when available)"
+install.npm = "npm install -g --no-save @anthropic-ai/[email protected]"
+install.brew = "# brew tap anthropics/claude-code; brew install
[email protected] (when available)"
