This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new 110820e1 chore(agent-isolation): bump pinned claude-code 2.1.165 →
2.1.172 (#505)
110820e1 is described below
commit 110820e1c1f8f753eaf646a2b92bdf4335b94659
Author: Jarek Potiuk <[email protected]>
AuthorDate: Fri Jun 12 01:37:30 2026 +0200
chore(agent-isolation): bump pinned claude-code 2.1.165 → 2.1.172 (#505)
Upstream 2.1.172 (released 2026-06-10) is past the 1-day cooldown for
claude-code. Changelog reviewed for the secure setup: no weakening of
permission-rule semantics, sandbox flags, or prompt-injection
mitigations. Several entries strengthen the posture —
- 2.1.166: relayed SendMessage tool requests no longer carry user
authority (no permission escalation across sessions); glob deny
rules in tool-name position; managed-settings policy enforcement
hardened.
- 2.1.169: untrusted project settings can no longer set OTEL
client-cert paths without trust confirmation.
- 2.1.172: WebFetch allow/deny/ask domain-wildcard rules now match
subdomains correctly (was a silent permission gap).
2.1.170 ships Claude Fable 5. Bumps pinned_at to today and both
install commands in docs/setup/secure-agent-setup.md.
Generated-by: Claude Code (Opus 4.8 1M)
---
docs/setup/secure-agent-setup.md | 4 ++--
tools/agent-isolation/pinned-versions.toml | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/docs/setup/secure-agent-setup.md b/docs/setup/secure-agent-setup.md
index 745db14c..584c04b0 100644
--- a/docs/setup/secure-agent-setup.md
+++ b/docs/setup/secure-agent-setup.md
@@ -158,7 +158,7 @@ The same flow, condensed to commands you run yourself:
# section: "Required tools (pinned versions)" below.
sudo apt-get install --no-install-recommends \
bubblewrap=0.11.2-* socat=1.8.1.1-*
-npm install -g --no-save @anthropic-ai/[email protected]
+npm install -g --no-save @anthropic-ai/[email protected]
# 2. Project-scope `.claude/settings.json`. Copy the framework's
# sandbox / permissions.deny / permissions.ask / allowedDomains
@@ -256,7 +256,7 @@ version, no pin enforced — Homebrew rolls forward, so the
```bash
# npm distribution (the only stable channel today)
-npm install -g --no-save @anthropic-ai/[email protected]
+npm install -g --no-save @anthropic-ai/[email protected]
```
### Distro-specific shortcut — Linux Mint 22.x / Ubuntu 24.04 Noble
diff --git a/tools/agent-isolation/pinned-versions.toml
b/tools/agent-isolation/pinned-versions.toml
index 06d89af0..0fd4999f 100644
--- a/tools/agent-isolation/pinned-versions.toml
+++ b/tools/agent-isolation/pinned-versions.toml
@@ -52,7 +52,7 @@
# When this file was last touched. The check script uses this as the
# minimum age the entries below claim to satisfy.
-pinned_at = "2026-06-06"
+pinned_at = "2026-06-12"
[tools.bubblewrap]
version = "0.11.2"
@@ -91,8 +91,8 @@ install.dnf = "dnf install socat-1.8.1.1"
install.from_source =
"http://www.dest-unreach.org/socat/download/socat-1.8.1.1.tar.gz";
[tools.claude-code]
-version = "2.1.165"
-released = "2026-06-05"
+version = "2.1.172"
+released = "2026-06-10"
# Override the framework-wide 7-day default. Claude Code releases
# cadence is high (multiple releases per week) and any regression
# that affects the framework's permission-rule semantics, sandbox
@@ -118,5 +118,5 @@ upstream_releases =
"https://api.github.com/repos/anthropics/claude-code/release
# Claude Code is distributed via npm; use `--no-save` so the global
# install doesn't drift the local lockfile of any project the user
# installs from.
-install.npm = "npm install -g --no-save @anthropic-ai/[email protected]"
-install.brew = "# brew tap anthropics/claude-code; brew install
[email protected] (when available)"
+install.npm = "npm install -g --no-save @anthropic-ai/[email protected]"
+install.brew = "# brew tap anthropics/claude-code; brew install
[email protected] (when available)"
