Skip to content

chore(deps): bump openclaw from 2026.3.11 to 2026.3.31#13

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/openclaw-2026.3.31
Open

chore(deps): bump openclaw from 2026.3.11 to 2026.3.31#13
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/openclaw-2026.3.31

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 2, 2026

Bumps openclaw from 2026.3.11 to 2026.3.31.

Release notes

Sourced from openclaw's releases.

openclaw 2026.3.31

Breaking

  • Nodes/exec: remove the duplicated nodes.run shell wrapper from the CLI and agent nodes tool so node shell execution always goes through exec host=node, keeping node-specific capabilities on nodes invoke and the dedicated media/location/notify actions.
  • Plugin SDK: deprecate the legacy provider compat subpaths plus the older bundled provider setup and channel-runtime compatibility shims, emit migration warnings, and keep the current documented openclaw/plugin-sdk/* entrypoints plus local api.ts / runtime-api.ts barrels as the forward path ahead of a future major-release removal.
  • Skills/install and Plugins/install: built-in dangerous-code critical findings and install-time scan failures now fail closed by default, so plugin installs and gateway-backed skill dependency installs that previously succeeded may now require an explicit dangerous override such as --dangerously-force-unsafe-install to proceed.
  • Gateway/auth: trusted-proxy now rejects mixed shared-token configs, and local-direct fallback requires the configured token instead of implicitly authenticating same-host callers. Thanks @​zhangning-agent, @​jacobtomlinson, and @​vincentkoc.
  • Gateway/node commands: node commands now stay disabled until node pairing is approved, so device pairing alone is no longer enough to expose declared node commands. (#57777) Thanks @​jacobtomlinson.
  • Gateway/node events: node-originated runs now stay on a reduced trusted surface, so notification-driven or node-triggered flows that previously relied on broader host/session tool access may need adjustment. (#57691) Thanks @​jacobtomlinson.

Changes

  • ACP/plugins: add an explicit default-off ACPX plugin-tools MCP bridge config, document the trust boundary, and harden the built-in bridge packaging/logging path so global installs and stdio MCP sessions work reliably. (#56867) Thanks @​joe2643.
  • Agents/LLM: add a configurable idle-stream timeout for embedded runner requests so stalled model streams abort cleanly instead of hanging until the broader run timeout fires. (#55072) Thanks @​liuy.
  • Agents/MCP: materialize bundle MCP tools with provider-safe names (serverName__toolName), support optional streamable-http transport selection plus per-server connection timeouts, and preserve real tool results from aborted/error turns unless truncation explicitly drops them. (#49505) Thanks @​ziomancer.
  • Android/notifications: add notification-forwarding controls with package filtering, quiet hours, rate limiting, and safer picker behavior for forwarded notification events. (#40175) Thanks @​nimbleenigma.
  • Background tasks: turn tasks into a real shared background-run control plane instead of ACP-only bookkeeping by unifying ACP, subagent, cron, and background CLI execution under one SQLite-backed ledger, routing detached lifecycle updates through the executor seam, adding audit/maintenance/status visibility, tightening auto-cleanup and lost-run recovery, improving task awareness in internal status/tool surfaces, and clarifying the split between heartbeat/main-session automation and detached scheduled runs. Thanks @​mbelinky and @​vincentkoc.
  • Background tasks: add the first linear task flow control surface with openclaw flows list|show|cancel, keep manual multi-task flows separate from one-task auto-sync flows, and surface doctor recovery hints for obviously orphaned or broken flow/task linkage. Thanks @​mbelinky and @​vincentkoc.
  • Channels/QQ Bot: add QQ Bot as a bundled channel plugin with multi-account setup, SecretRef-aware credentials, slash commands, reminders, and media send/receive support. (#52986) Thanks @​sliverp.
  • Diffs: skip unused viewer-versus-file SSR preload work so diffs view-only and file-only runs do less render work while keeping mode outputs aligned. (#57909) thanks @​gumadeiras.
  • Tasks: add a minimal SQLite-backed task flow registry plus task-to-flow linkage scaffolding, so orchestrated work can start gaining a first-class parent record without changing current task delivery behavior. Thanks @​mbelinky and @​vincentkoc.
  • Tasks: persist blocked state on one-task task flows and let the same flow reopen cleanly on retry, so blocked detached work can carry a parent-level reason and continue without fragmenting into a new job. Thanks @​mbelinky and @​vincentkoc.
  • Tasks: route one-task ACP and subagent updates through a parent task-flow owner context, so detached work can emerge back through the intended parent thread/session instead of speaking only as a raw child task. Thanks @​mbelinky and @​vincentkoc.
  • LINE/outbound media: add LINE image, video, and audio outbound sends on the LINE-specific delivery path, including explicit preview/tracking handling for videos while keeping generic media sends on the existing image-only route. (#45826) Thanks @​masatohoshino.
  • Matrix/history: add optional room history context for Matrix group triggers via channels.matrix.historyLimit, with per-agent watermarks and retry-safe snapshots so failed trigger retries do not drift into newer room messages. (#57022) thanks @​chain710.
  • Matrix/network: add explicit channels.matrix.proxy config for routing Matrix traffic through an HTTP(S) proxy, including account-level overrides and matching probe/runtime behavior. (#56931) thanks @​patrick-yingxi-pan.
  • Matrix/streaming: add draft streaming so partial Matrix replies update the same message in place instead of sending a new message for each chunk. (#56387) Thanks @​jrusz.
  • Matrix/threads: add per-DM threadReplies overrides and keep thread session isolation aligned with the effective room or DM thread policy from the triggering message onward. (#57995) thanks @​teconomix.
  • MCP: add remote HTTP/SSE server support for mcp.servers URL configs, including auth headers and safer config redaction for MCP credentials. (#50396) Thanks @​dhananjai1729.
  • Memory/QMD: add per-agent memorySearch.qmd.extraCollections so agents can opt into cross-agent session search without flattening every transcript collection into one shared QMD namespace. Thanks @​vincentkoc.
  • Microsoft Teams/member info: add a Graph-backed member info action so Teams automations and tools can resolve channel member details directly from Microsoft Graph. (#57528) Thanks @​sudie-codes.
  • Nostr/inbound DMs: verify inbound event signatures before pairing or sender-authorization side effects, so forged DM events no longer create pairing requests or trigger reply attempts. Thanks @​smaeljaish771 and @​vincentkoc.
  • OpenAI/Responses: forward configured text.verbosity across Responses HTTP and WebSocket transports, surface it in /status, and keep per-agent verbosity precedence aligned with runtime behavior. (#47106) Thanks @​merc1305 and @​vincentkoc.
  • Pi/Codex: add native Codex web search support for embedded Pi runs, including config/docs/wizard coverage and managed-tool suppression when native Codex search is active. (#46579) Thanks @​Evizero.
  • Slack/exec approvals: add native Slack approval routing and approver authorization so exec approval prompts can stay in Slack instead of falling back to the Web UI or terminal. Thanks @​vincentkoc.
  • TTS: Add structured provider diagnostics and fallback attempt analytics. (#57954) Thanks @​joshavant.
  • WhatsApp/reactions: agents can now react with emoji on incoming WhatsApp messages, enabling more natural conversational interactions like acknowledging a photo with ❤️ instead of typing a reply. Thanks @​mcaxtr.
  • Agents/BTW: force /btw side questions to disable provider reasoning so Anthropic adaptive-thinking sessions stop failing with No BTW response generated. Fixes #55376. Thanks @​Catteres and @​vincentkoc.
  • CLI/onboarding: reset the remote gateway URL prompt to the safe loopback default after declining a discovered endpoint, so onboarding does not keep a previously rejected remote URL. (#57828)
  • Agents/exec defaults: honor per-agent tools.exec defaults when no inline directive or session override is present, so configured exec host, security, ask, and node settings actually apply. (#57689)
  • Sandbox/networking: sanitize SSH subprocess env vars through the shared sandbox policy and route marketplace archive downloads plus Ollama discovery, auth, and pull requests through the guarded fetch path so sandboxed execution and remote fetches follow the repo's trust boundaries. (#57848, #57850)

Fixes

  • Slack: stop retry-driven duplicate replies when draft-finalization edits fail ambiguously, and log configured allowlisted users/channels by readable name instead of raw IDs.
  • Agents/OpenAI Responses: normalize raw bundled MCP tool schemas on the WebSocket/Responses path so bare-object, object-ish, and top-level union MCP tools no longer get rejected by OpenAI during tool registration. (#58299) Thanks @​yelog.
  • ACP/security: replace ACP's dangerous-tool name override with semantic approval classes, so only narrow readonly reads/searches can auto-approve while indirect exec-capable and control-plane tools always require explicit prompt approval. Thanks @​vincentkoc.
  • ACP/sessions_spawn: register ACP child runs for completion tracking and lifecycle cleanup, and make registration-failure cleanup explicitly best-effort so callers do not assume an already-started ACP turn was fully aborted. (#40885) Thanks @​xaeon2026 and @​vincentkoc.
  • ACP/tasks: mark cleanly exited ACP runs as blocked when they end on deterministic write or authorization blockers, and wake the parent session with a follow-up instead of falsely reporting success.
  • ACPX/runtime: derive the bundled ACPX expected version from the extension package metadata instead of hardcoding a separate literal, so plugin-local ACPX installs stop drifting out of health-check parity after version bumps. (#49089) Thanks @​jiejiesks and @​vincentkoc.

... (truncated)

Changelog

Sourced from openclaw's changelog.

2026.3.31

Breaking

  • Nodes/exec: remove the duplicated nodes.run shell wrapper from the CLI and agent nodes tool so node shell execution always goes through exec host=node, keeping node-specific capabilities on nodes invoke and the dedicated media/location/notify actions.
  • Plugin SDK: deprecate the legacy provider compat subpaths plus the older bundled provider setup and channel-runtime compatibility shims, emit migration warnings, and keep the current documented openclaw/plugin-sdk/* entrypoints plus local api.ts / runtime-api.ts barrels as the forward path ahead of a future major-release removal.
  • Skills/install and Plugins/install: built-in dangerous-code critical findings and install-time scan failures now fail closed by default, so plugin installs and gateway-backed skill dependency installs that previously succeeded may now require an explicit dangerous override such as --dangerously-force-unsafe-install to proceed.
  • Gateway/auth: trusted-proxy now rejects mixed shared-token configs, and local-direct fallback requires the configured token instead of implicitly authenticating same-host callers. Thanks @​zhangning-agent, @​jacobtomlinson, and @​vincentkoc.
  • Gateway/node commands: node commands now stay disabled until node pairing is approved, so device pairing alone is no longer enough to expose declared node commands. (#57777) Thanks @​jacobtomlinson.
  • Gateway/node events: node-originated runs now stay on a reduced trusted surface, so notification-driven or node-triggered flows that previously relied on broader host/session tool access may need adjustment. (#57691) Thanks @​jacobtomlinson.

Changes

  • ACP/plugins: add an explicit default-off ACPX plugin-tools MCP bridge config, document the trust boundary, and harden the built-in bridge packaging/logging path so global installs and stdio MCP sessions work reliably. (#56867) Thanks @​joe2643.
  • Agents/LLM: add a configurable idle-stream timeout for embedded runner requests so stalled model streams abort cleanly instead of hanging until the broader run timeout fires. (#55072) Thanks @​liuy.
  • Docs/plugins: update the community wecom and qqbot plugin listing to the docs catalog. (#57641) Thanks @​sliverp.
  • Agents/MCP: materialize bundle MCP tools with provider-safe names (serverName__toolName), support optional streamable-http transport selection plus per-server connection timeouts, and preserve real tool results from aborted/error turns unless truncation explicitly drops them. (#49505) Thanks @​ziomancer.
  • Android/notifications: add notification-forwarding controls with package filtering, quiet hours, rate limiting, and safer picker behavior for forwarded notification events. (#40175) Thanks @​nimbleenigma.
  • Background tasks: turn tasks into a real shared background-run control plane instead of ACP-only bookkeeping by unifying ACP, subagent, cron, and background CLI execution under one SQLite-backed ledger, routing detached lifecycle updates through the executor seam, adding audit/maintenance/status visibility, tightening auto-cleanup and lost-run recovery, improving task awareness in internal status/tool surfaces, and clarifying the split between heartbeat/main-session automation and detached scheduled runs. Thanks @​mbelinky and @​vincentkoc.
  • Background tasks: add the first linear task flow control surface with openclaw tasks list|show|cancel, keep manual multi-task flows separate from one-task auto-sync flows, and surface doctor recovery hints for obviously orphaned or broken flow/task linkage. Thanks @​mbelinky and @​vincentkoc.
  • Channels/QQ Bot: add QQ Bot as a bundled channel plugin with multi-account setup, SecretRef-aware credentials, slash commands, reminders, and media send/receive support. (#52986) Thanks @​sliverp.
  • Diffs: skip unused viewer-versus-file SSR preload work so diffs view-only and file-only runs do less render work while keeping mode outputs aligned. (#57909) thanks @​gumadeiras.
  • Tasks: add a minimal SQLite-backed task flow registry plus task-to-flow linkage scaffolding, so orchestrated work can start gaining a first-class parent record without changing current task delivery behavior. Thanks @​mbelinky and @​vincentkoc.
  • Tasks: persist blocked state on one-task task flows and let the same flow reopen cleanly on retry, so blocked detached work can carry a parent-level reason and continue without fragmenting into a new job. Thanks @​mbelinky and @​vincentkoc.
  • Tasks: route one-task ACP and subagent updates through a parent task-flow owner context, so detached work can emerge back through the intended parent thread/session instead of speaking only as a raw child task. Thanks @​mbelinky and @​vincentkoc.
  • LINE/outbound media: add LINE image, video, and audio outbound sends on the LINE-specific delivery path, including explicit preview/tracking handling for videos while keeping generic media sends on the existing image-only route. (#45826) Thanks @​masatohoshino.
  • Matrix/history: add optional room history context for Matrix group triggers via channels.matrix.historyLimit, with per-agent watermarks and retry-safe snapshots so failed trigger retries do not drift into newer room messages. (#57022) thanks @​chain710.
  • Matrix/network: add explicit channels.matrix.proxy config for routing Matrix traffic through an HTTP(S) proxy, including account-level overrides and matching probe/runtime behavior. (#56931) thanks @​patrick-yingxi-pan.
  • Matrix/streaming: add draft streaming so partial Matrix replies update the same message in place instead of sending a new message for each chunk. (#56387) Thanks @​jrusz.
  • Matrix/threads: add per-DM threadReplies overrides and keep thread session isolation aligned with the effective room or DM thread policy from the triggering message onward. (#57995) thanks @​teconomix.
  • MCP: add remote HTTP/SSE server support for mcp.servers URL configs, including auth headers and safer config redaction for MCP credentials. (#50396) Thanks @​dhananjai1729.
  • Memory/QMD: add per-agent memorySearch.qmd.extraCollections so agents can opt into cross-agent session search without flattening every transcript collection into one shared QMD namespace. Thanks @​vincentkoc.
  • Microsoft Teams/member info: add a Graph-backed member info action so Teams automations and tools can resolve channel member details directly from Microsoft Graph. (#57528) Thanks @​sudie-codes.
  • Nostr/inbound DMs: verify inbound event signatures before pairing or sender-authorization side effects, so forged DM events no longer create pairing requests or trigger reply attempts. Thanks @​smaeljaish771 and @​vincentkoc.
  • OpenAI/Responses: forward configured text.verbosity across Responses HTTP and WebSocket transports, surface it in /status, and keep per-agent verbosity precedence aligned with runtime behavior. (#47106) Thanks @​merc1305 and @​vincentkoc.
  • Pi/Codex: add native Codex web search support for embedded Pi runs, including config/docs/wizard coverage and managed-tool suppression when native Codex search is active. (#46579) Thanks @​Evizero.
  • Slack/exec approvals: add native Slack approval routing and approver authorization so exec approval prompts can stay in Slack instead of falling back to the Web UI or terminal. Thanks @​vincentkoc.
  • TTS: Add structured provider diagnostics and fallback attempt analytics. (#57954) Thanks @​joshavant.
  • WhatsApp/reactions: agents can now react with emoji on incoming WhatsApp messages, enabling more natural conversational interactions like acknowledging a photo with ❤️ instead of typing a reply. Thanks @​mcaxtr.
  • Agents/BTW: force /btw side questions to disable provider reasoning so Anthropic adaptive-thinking sessions stop failing with No BTW response generated. Fixes #55376. Thanks @​Catteres and @​vincentkoc.
  • CLI/onboarding: reset the remote gateway URL prompt to the safe loopback default after declining a discovered endpoint, so onboarding does not keep a previously rejected remote URL. (#57828)
  • Agents/exec defaults: honor per-agent tools.exec defaults when no inline directive or session override is present, so configured exec host, security, ask, and node settings actually apply. (#57689)
  • Sandbox/networking: sanitize SSH subprocess env vars through the shared sandbox policy and route marketplace archive downloads plus Ollama discovery, auth, and pull requests through the guarded fetch path so sandboxed execution and remote fetches follow the repo's trust boundaries. (#57848, #57850)

Fixes

  • Slack: stop retry-driven duplicate replies when draft-finalization edits fail ambiguously, and log configured allowlisted users/channels by readable name instead of raw IDs.
  • Agents/OpenAI Responses: normalize raw bundled MCP tool schemas on the WebSocket/Responses path so bare-object, object-ish, and top-level union MCP tools no longer get rejected by OpenAI during tool registration. (#58299) Thanks @​yelog.
  • ACP/security: replace ACP's dangerous-tool name override with semantic approval classes, so only narrow readonly reads/searches can auto-approve while indirect exec-capable and control-plane tools always require explicit prompt approval. Thanks @​vincentkoc.
  • ACP: derive owner-only approval classes from the shared tool-policy fallback map so cron, nodes, and whatsapp_login cannot drift out of prompt-required coverage.

... (truncated)

Commits
  • 213a704 fix: unblock 2026.3.31 release preflight
  • 44baf3b build(pnpm): exclude openclaw from minimum release age
  • 107fefd docs(changelog): note pi tui reply flush fix
  • 6f11151 docs: refresh plugin sdk api baseline
  • f425ea0 fix(pi): flush message-boundary block replies on message end
  • 0a7024e test(tasks): allow status command task-registry import
  • 418fa12 fix: make overload failover configurable
  • 2a60e34 build: prepare 2026.3.31 stable release
  • eee37bf fix(slack): prevent duplicate draft replies
  • fc16921 fix(exec): deliver approval followups directly to chat
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openclaw since your current version.

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump openclaw from 2026.3.11 to 2026.3.31
7e22587 
Bumps [openclaw](https://github.com/openclaw/openclaw) from 2026.3.11 to 2026.3.31.
- [Release notes](https://github.com/openclaw/openclaw/releases)
- [Changelog](https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md)
- [Commits](openclaw/openclaw@v2026.3.11...v2026.3.31)

---
updated-dependencies:
- dependency-name: openclaw
  dependency-version: 2026.3.31
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026
@dependabot dependabot bot mentioned this pull request Apr 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants