chore(deps): bump @anthropic-ai/claude-code from 2.1.12 to 2.1.116 in /npm

[dependabot]

Bumps @anthropic-ai/claude-code from 2.1.12 to 2.1.116.

Release notes

Sourced from @​anthropic-ai/claude-code's releases.

v2.1.116

What's changed

• /resume on large sessions is significantly faster (up to 67% on 40MB+ sessions) and handles sessions with many dead-fork entries more efficiently
• Faster MCP startup when multiple stdio servers are configured; resources/templates/list is now deferred to first @-mention
• Smoother fullscreen scrolling in VS Code, Cursor, and Windsurf terminals — /terminal-setup now configures the editor's scroll sensitivity
• Thinking spinner now shows progress inline ("still thinking", "thinking more", "almost done thinking"), replacing the separate hint row
• /config search now matches option values (e.g. searching "vim" finds the Editor mode setting)
• /doctor can now be opened while Claude is responding, without waiting for the current turn to finish
• /reload-plugins and background plugin auto-update now auto-install missing plugin dependencies from marketplaces you've already added
• Bash tool now surfaces a hint when gh commands hit GitHub's API rate limit, so agents can back off instead of retrying
• The Usage tab in Settings now shows your 5-hour and weekly usage immediately and no longer fails when the usage endpoint is rate-limited
• Agent frontmatter hooks: now fire when running as a main-thread agent via --agent
• Slash command menu now shows "No commands match" when your filter has zero results, instead of disappearing
• Security: sandbox auto-allow no longer bypasses the dangerous-path safety check for rm/rmdir targeting /, $HOME, or other critical system directories
• Fixed Devanagari and other Indic scripts rendering with broken column alignment in the terminal UI
• Fixed Ctrl+- not triggering undo in terminals using the Kitty keyboard protocol (iTerm2, Ghostty, kitty, WezTerm, Windows Terminal)
• Fixed Cmd+Left/Right not jumping to line start/end in terminals that use the Kitty keyboard protocol (Warp fullscreen, kitty, Ghostty, WezTerm)
• Fixed Ctrl+Z hanging the terminal when Claude Code is launched via a wrapper process (e.g. npx, bun run)
• Fixed scrollback duplication in inline mode where resizing the terminal or large output bursts would repeat earlier conversation history
• Fixed modal search dialogs overflowing the screen at short terminal heights, hiding the search box and keyboard hints
• Fixed scattered blank cells and disappearing composer chrome in the VS Code integrated terminal during scrolling
• Fixed an intermittent API 400 error related to cache control TTL ordering that could occur when a parallel request completed during request setup
• Fixed /branch rejecting conversations with transcripts larger than 50MB
• Fixed /resume silently showing an empty conversation on large session files instead of reporting the load error
• Fixed /plugin Installed tab showing the same item twice when it appears under Needs attention or Favorites
• Fixed /update and /tui not working after entering a worktree mid-session

v2.1.114

What's changed

• Fixed a crash in the permission dialog when an agent teams teammate requested tool permission

v2.1.113

What's changed

• Changed the CLI to spawn a native Claude Code binary (via a per-platform optional dependency) instead of bundled JavaScript
• Added sandbox.network.deniedDomains setting to block specific domains even when a broader allowedDomains wildcard would otherwise permit them
• Fullscreen mode: Shift+↑/↓ now scrolls the viewport when extending a selection past the visible edge
• Ctrl+A and Ctrl+E now move to the start/end of the current logical line in multiline input, matching readline behavior
• Windows: Ctrl+Backspace now deletes the previous word
• Long URLs in responses and bash output stay clickable when they wrap across lines (in terminals with OSC 8 hyperlinks)
• Improved /loop: pressing Esc now cancels pending wakeups, and wakeups display as "Claude resuming /loop wakeup" for clarity
• /extra-usage now works from Remote Control (mobile/web) clients
• Remote Control clients can now query @-file autocomplete suggestions
• Improved /ultrareview: faster launch with parallelized checks, diffstat in the launch dialog, and animated launching state
• Subagents that stall mid-stream now fail with a clear error after 10 minutes instead of hanging silently
• Bash tool: multi-line commands whose first line is a comment now show the full command in the transcript, closing a UI-spoofing vector
• Running cd <current-directory> && git … no longer triggers a permission prompt when the cd is a no-op
• Security: on macOS, /private/{etc,var,tmp,home} paths are now treated as dangerous removal targets under Bash(rm:*) allow rules

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-code's changelog.

2.1.116

• /resume on large sessions is significantly faster (up to 67% on 40MB+ sessions) and handles sessions with many dead-fork entries more efficiently
• Faster MCP startup when multiple stdio servers are configured; resources/templates/list is now deferred to first @-mention
• Smoother fullscreen scrolling in VS Code, Cursor, and Windsurf terminals — /terminal-setup now configures the editor's scroll sensitivity
• Thinking spinner now shows progress inline ("still thinking", "thinking more", "almost done thinking"), replacing the separate hint row
• /config search now matches option values (e.g. searching "vim" finds the Editor mode setting)
• /doctor can now be opened while Claude is responding, without waiting for the current turn to finish
• /reload-plugins and background plugin auto-update now auto-install missing plugin dependencies from marketplaces you've already added
• Bash tool now surfaces a hint when gh commands hit GitHub's API rate limit, so agents can back off instead of retrying
• The Usage tab in Settings now shows your 5-hour and weekly usage immediately and no longer fails when the usage endpoint is rate-limited
• Agent frontmatter hooks: now fire when running as a main-thread agent via --agent
• Slash command menu now shows "No commands match" when your filter has zero results, instead of disappearing
• Security: sandbox auto-allow no longer bypasses the dangerous-path safety check for rm/rmdir targeting /, $HOME, or other critical system directories
• Fixed Devanagari and other Indic scripts rendering with broken column alignment in the terminal UI
• Fixed Ctrl+- not triggering undo in terminals using the Kitty keyboard protocol (iTerm2, Ghostty, kitty, WezTerm, Windows Terminal)
• Fixed Cmd+Left/Right not jumping to line start/end in terminals that use the Kitty keyboard protocol (Warp fullscreen, kitty, Ghostty, WezTerm)
• Fixed Ctrl+Z hanging the terminal when Claude Code is launched via a wrapper process (e.g. npx, bun run)
• Fixed scrollback duplication in inline mode where resizing the terminal or large output bursts would repeat earlier conversation history
• Fixed modal search dialogs overflowing the screen at short terminal heights, hiding the search box and keyboard hints
• Fixed scattered blank cells and disappearing composer chrome in the VS Code integrated terminal during scrolling
• Fixed an intermittent API 400 error related to cache control TTL ordering that could occur when a parallel request completed during request setup
• Fixed /branch rejecting conversations with transcripts larger than 50MB
• Fixed /resume silently showing an empty conversation on large session files instead of reporting the load error
• Fixed /plugin Installed tab showing the same item twice when it appears under Needs attention or Favorites
• Fixed /update and /tui not working after entering a worktree mid-session

2.1.114

• Fixed a crash in the permission dialog when an agent teams teammate requested tool permission

2.1.113

• Changed the CLI to spawn a native Claude Code binary (via a per-platform optional dependency) instead of bundled JavaScript
• Added sandbox.network.deniedDomains setting to block specific domains even when a broader allowedDomains wildcard would otherwise permit them
• Fullscreen mode: Shift+↑/↓ now scrolls the viewport when extending a selection past the visible edge
• Ctrl+A and Ctrl+E now move to the start/end of the current logical line in multiline input, matching readline behavior
• Windows: Ctrl+Backspace now deletes the previous word
• Long URLs in responses and bash output stay clickable when they wrap across lines (in terminals with OSC 8 hyperlinks)
• Improved /loop: pressing Esc now cancels pending wakeups, and wakeups display as "Claude resuming /loop wakeup" for clarity
• /extra-usage now works from Remote Control (mobile/web) clients
• Remote Control clients can now query @-file autocomplete suggestions
• Improved /ultrareview: faster launch with parallelized checks, diffstat in the launch dialog, and animated launching state
• Subagents that stall mid-stream now fail with a clear error after 10 minutes instead of hanging silently
• Bash tool: multi-line commands whose first line is a comment now show the full command in the transcript, closing a UI-spoofing vector
• Running cd <current-directory> && git … no longer triggers a permission prompt when the cd is a no-op
• Security: on macOS, /private/{etc,var,tmp,home} paths are now treated as dangerous removal targets under Bash(rm:*) allow rules
• Security: Bash deny rules now match commands wrapped in env/sudo/watch/ionice/setsid and similar exec wrappers
• Security: Bash(find:*) allow rules no longer auto-approve find -exec/-delete
• Fixed MCP concurrent-call timeout handling where a message for one tool call could silently disarm another call's watchdog

... (truncated)

Commits

• fe53778 chore: Update CHANGELOG.md
• 0385848 chore: Update CHANGELOG.md
• 71366ec chore: Update CHANGELOG.md
• 2b53fac chore: Update CHANGELOG.md
• bf77ee6 chore: Update CHANGELOG.md
• 5a7bf28 chore: Update CHANGELOG.md
• 4fb8aa4 chore: Update CHANGELOG.md
• 45ae2f5 chore: Update CHANGELOG.md
• f348a16 chore: Update CHANGELOG.md
• 5c18c78 chore: Update CHANGELOG.md
• Additional commits viewable in compare view

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[blocksorg]

Mention Blocks like a regular teammate with your question or request:

@blocks review this pull request
@blocks make the following changes ...
@blocks create an issue from what was mentioned in the following comment ...
@blocks explain the following code ...
@blocks are there any security or performance concerns?

Run @blocks /help for more information.

Workspace settings | Disable this message