[ca] CLI Updates: Claude Code 2.1.139, Copilot 1.0.45, Codex 0.130.0, GitHub MCP v1.0.4, Playwright Browser v1.60.0

[github-actions]

Summary

Five CLI/MCP tools have new stable releases since the last check. All updates appear low-to-medium risk and contain bug fixes, performance improvements, and new features.

Tool	Previous	New	Risk
Claude Code	2.1.133	2.1.139	Low
Copilot CLI	1.0.43	1.0.45	Low
Codex	0.129.0	0.130.0	Low
GitHub MCP Server	v1.0.3	v1.0.4	Low
Playwright Browser	v1.59.1	v1.60.0	Medium

No updates needed for: MCP Gateway (v0.3.6), Playwright MCP (0.0.75), Playwright CLI (0.1.13).

Critical Information

• Playwright v1.60.0 contains breaking changes — removes long-deprecated APIs (Locator.ariaRef(), handle option on exposeBinding, logger option on connect/connectOverCDP, videosPath/videoSize context options). Review workflows using Playwright for usage of these APIs.
• All other updates are non-breaking.

---

Update Claude Code

• Previous: 2.1.133 → New: 2.1.139
• Timeline: 2026-05-07 → 2026-05-11 (4 days, 4 intermediate versions: 2.1.136, 2.1.137, 2.1.138)

View Details

Claude Code is published on NPM only and does not have a public GitHub repository, so detailed per-version release notes are not available. The version progression spans 6 patch releases over 4 days indicating active bug-fix iteration.

Package Links

• NPM Package: https://www.npmjs.com/package/`@anthropic-ai/claude-code`

Impact Assessment

• Risk: Low
• Patch-level releases with no documented breaking changes

---

Update Copilot CLI

• Previous: 1.0.43 → New: 1.0.45
• Timeline: 2026-05-08 (v1.0.44) → 2026-05-11 (v1.0.45)

Key Features (1.0.45)

• New /autopilot slash command to toggle between interactive and autopilot modes
• New /fork command to fork the current session into a new independent session
• OpenTelemetry output now aligns with GenAI semantic conventions (tool_call spans, gen_ai.client.operation.duration metric)
• ~1.5s faster CLI startup on terminals with limited OSC color query support
• Falls back to Windows PowerShell (powershell.exe) when PowerShell 7+ (pwsh) is unavailable on Windows

Key Features (1.0.44)

• Slash commands can appear mid-input; multiple skills can be invoked in a single message
• userPromptSubmitted hooks can handle requests directly, bypassing the LLM
• Faster /user list and /user switch for multi-account users
• Added optional prerelease argument to copilot update and /update

View Full Changelog

Bug Fixes (1.0.45)

• Sessions with extension permission prompts can now be resumed without "Session file is corrupted" error
• agentStop hook now fires correctly when the agent stops via task_complete

Bug Fixes (1.0.44)

• Path completion in /add-dir no longer flickers or gets intercepted by @ and # pickers
• Shell commands via ! prefix work correctly with all shell configurations; shell aliases and rc file settings now work in ! commands
• Quota display correctly shows remaining usage for Free users instead of always showing 100% used
• Tool permissions granted in autopilot mode are preserved after /clear
• Effort level applies correctly when switching models via the /model picker
• Pressing Ctrl+C while a permission prompt is pending no longer causes the CLI to hang
• Project info remains visible in slash command picker when no results match
• Invalid URL entries in settings.json no longer crash CLI startup; they are skipped with a warning
• Timeline shows the resolved model for rubber-duck sub-agents (e.g. Rubber-duck(claude-opus-4.7))

CLI Discovery

• New top-level slash commands: /autopilot, /fork
• New flag: --prerelease for copilot update and /update

Impact Assessment

• Risk: Low
• Non-breaking patch releases; new commands are additive
• Verify per existing pin comment: MCPs still load and /models works on PATs

Package Links

• NPM Package: https://www.npmjs.com/package/`@github/copilot`
• Repository: https://github.com/github/copilot-cli
• Release Notes v1.0.45: https://github.com/github/copilot-cli/releases/tag/v1.0.45
• Release Notes v1.0.44: https://github.com/github/copilot-cli/releases/tag/v1.0.44

---

Update Codex

• Previous: 0.129.0 → New: 0.130.0
• Timeline: Released 2026-05-08

Key Features

• New codex remote-control command — simpler entrypoint for starting a headless, remotely controllable app-server
• Plugin details now show bundled hooks; plugin sharing exposes link metadata plus discoverability controls
• App-server clients can page large threads with unloaded, summary, or full turn item views
• Bedrock auth can now use AWS console-login credentials from aws login profiles
• view_image can resolve files through the selected environment for multi-environment sessions

View Full Changelog

Bug Fixes

• Live app-server threads pick up config changes without requiring a restart (app-server: refresh live threads from latest config snapshot openai/codex#21187)
• Turn diffs stay accurate across apply-patch operations, including partial failures that still mutated files (Make turn diff tracking operation backed openai/codex#21180, fix: preserve exact turn diffs after partial apply_patch failures openai/codex#21518)
• Thread summaries, renames, resume, and fork paths work better through ThreadStore, including threads without local rollout paths (Move thread name edits to ThreadStore openai/codex#21264, Route ThreadManager rollout path reads through thread store openai/codex#21265, [codex] Fix pathless thread summaries openai/codex#21266)
• Remote compaction emits response.processed for v2 streams and avoids sending service_tier on API-key compact requests (Send response.processed after remote compaction v2 openai/codex#21642, Omit service_tier from remote /responses/compact requests under API auth openai/codex#21676)
• Windows sandbox setup grants sandbox users access to the desktop runtime binary cache (Grant sandbox users access to desktop runtime bin openai/codex#21564)
• Removed stale "research preview" wording from the codex exec startup banner (Remove exec research preview banner wording openai/codex#21683)

Chores

• Configurable OpenTelemetry trace metadata; richer review/feedback analytics for better debugging and triage
• Hardened dependency and CI hygiene with fully qualified GitHub Action pins, a Dependabot cooldown, and a cargo-shear upgrade
• Simplified internal surfaces by removing unused device-key APIs, extra skills roots, remote thread-store implementation, and string-keyed MCP tool maps

Notable PRs

• add top-level remote-control command openai/codex#21424 — add top-level remote-control command
• Show plugin hooks in plugin details openai/codex#21447 — Show plugin hooks in plugin details
• feat: make built-in MCPs first-class runtime servers openai/codex#21356 — make built-in MCPs first-class runtime servers
• feat(app-server, threadstore): Thread pagination APIs and ThreadStore contract openai/codex#21566 — Thread pagination APIs and ThreadStore contract
• feat: enable AWS login credentials for Bedrock auth openai/codex#21623 — enable AWS login credentials for Bedrock auth

Impact Assessment

• Risk: Low
• Minor version bump with additive features and bug fixes; no breaking changes documented
• New codex remote-control is opt-in; no impact on existing workflows

Package Links

• NPM Package: https://www.npmjs.com/package/`@openai/codex`
• Repository: https://github.com/openai/codex
• Release Notes: https://github.com/openai/codex/releases/tag/rust-v0.130.0

---

Update GitHub MCP Server

• Previous: v1.0.3 → New: v1.0.4
• Timeline: Released 2026-05-11

Key Features / Fixes

• Improved dependabot error message (Improve dependabot error message github-mcp-server#2375)
• Added Xcode installation guide for Codex and Claude Agent (Add Xcode installation guide for Codex and Claude Agent github-mcp-server#2431)
• fix(mcp-apps): defer _meta.ui strip to per-request RegisterTools (fix(mcp-apps): defer _meta.ui strip to per-request RegisterTools github-mcp-server#2446)
• Added ifc label for get_me tool (Add ifc label for get_me tool github-mcp-server#2432)
• Prevented inputs param from being stripped from actions_run_trigger tool schema (Prevent inputs param from being stripped from actions_run_trigger tool schema github-mcp-server#2417)
• Handle lightweight tags in get_tag (Handle lightweight tags in get_tag github-mcp-server#2400)

Impact Assessment

• Risk: Low
• Patch release with bug fixes only; no breaking changes
• The get_tag and actions_run_trigger fixes improve reliability for workflows using these tools

Package Links

• Repository: https://github.com/github/github-mcp-server
• Release Notes: https://github.com/github/github-mcp-server/releases/tag/v1.0.4
• Full Changelog: github/github-mcp-server@v1.0.3...v1.0.4

---

Update Playwright Browser

• Previous: v1.59.1 → New: v1.60.0
• Timeline: Released 2026-05-11

Breaking Changes ⚠️

• Removed long-deprecated APIs:
  • Locator.ariaRef() — use locator.ariaSnapshot() pipeline instead
  • handle option on BrowserContext.exposeBinding and Page.exposeBinding
  • logger option on BrowserType.connect and BrowserType.connectOverCDP — use tracing instead
  • Context options videosPath / videoSize — use recordVideo instead

Key Features

• HAR recording on Tracing: New tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API
• Drop API: New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element
• Aria snapshots: expect(page).toMatchAriaSnapshot() now works on a Page; new boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box (useful for AI consumption)
• test.abort(): Aborts the currently running test from a fixture, hook, or route handler with an optional message

View Full Changelog

New APIs

Browser, Context and Page

• Event browser.on('context') — fired when a new context is created
• BrowserContext now mirrors lifecycle events from its pages: download, frameattached, framedetached, framenavigated, pageclose, pageload

Locators and Assertions

• New description option in getByRole() for matching the accessible description
• New pseudo option in expect(locator).toHaveCSS() reads computed styles from ::before or ::after
• New style option in locator.highlight() applies extra inline CSS; new page.hideHighlight() to clear all highlights

Network

• webSocketRoute.protocols() returns the WebSocket subprotocols requested by the page
• New noDefaults option in browserType.connectOverCDP() disables Playwright's default overrides (download behavior, focus emulation, media emulation)

Errors and Reporting

• New webError.location() mirrors consoleMessage.location()
• consoleMessage.location() now exposes line / column properties (lineNumber / columnNumber are deprecated)
• New testInfoError.errorContext surfaces additional diagnostic context
• reporter.onError() now receives a workerInfo argument for fixture teardown errors

Test runner

• New {testFileBaseName} token in testProject.snapshotPathTemplate
• Test runner now errors when a config tries to override a non-option fixture, and rejects workers: 0 or negative values

Other Improvements

• HTML reporter: npx playwright show-report accepts .zip files directly; steps with nested attachments show an indicator
• Trace Viewer adds a pretty-print toggle for JSON / form request and response bodies in the network details panel

Browser Versions

• Chromium 148.0.7778.96
• Mozilla Firefox 150.0.2
• WebKit 26.4

Impact Assessment

• Risk: Medium
• Minor version with breaking removals of long-deprecated APIs. Review workflows using Playwright for any references to ariaRef(), the handle/logger options, or videosPath/videoSize.
• Docker image: mcr.microsoft.com/playwright:v1.60.0

Package Links

• Repository: https://github.com/microsoft/playwright
• Release Notes: https://github.com/microsoft/playwright/releases/tag/v1.60.0

---

Migration Guide

View Migration Steps

1. Constants updated in pkg/constants/version_constants.go:

   • DefaultClaudeCodeVersion: 2.1.133 → 2.1.139
   • DefaultCopilotVersion: 1.0.43 → 1.0.45
   • DefaultCodexVersion: 0.129.0 → 0.130.0
   • DefaultGitHubMCPServerVersion: v1.0.3 → v1.0.4
   • DefaultPlaywrightBrowserVersion: v1.59.1 → v1.60.0

2. Workflow lock files regenerated via make recompile (219 workflows updated)

3. Testing recommendations:

   • Run make build && make test to verify code compiles cleanly
   • Run smoke tests: smoke-claude, smoke-copilot, smoke-codex workflows
   • For Playwright workflows: verify no usage of removed deprecated APIs (ariaRef, exposeBinding handle option, connect logger option, videosPath, videoSize)
   • Verify Copilot CLI: MCPs load correctly and /models works on PATs (per existing constant pin comment)

Recommendations

• Update priority: Medium — Playwright v1.60.0 breaking changes warrant a quick audit of workflows using Playwright. Other updates are routine patch upgrades.
• Testing strategy: Run smoke tests for each affected engine before merge.
• Rollout plan: Bundle all 5 updates in a single PR after smoke tests pass.

References

• §25717361921

Generated by CLI Version Checker · ● 12.3M · ◷

• expires on May 14, 2026, 6:30 AM UTC

[github-actions]

This issue is being closed as outdated. A newer issue has been created: #31883

View newer issue

---

This action was performed automatically by the CLI Version Checker workflow.