build(deps): bump @openai/codex-sdk from 0.91.0 to 0.95.0 in /core

[dependabot]

Bumps @openai/codex-sdk from 0.91.0 to 0.95.0.

Release notes

Sourced from @​openai/codex-sdk's releases.

0.95.0

New Features

• Added codex app <path> on macOS to launch Codex Desktop from the CLI, with automatic DMG download if it is missing. (#10418)
• Added personal skill loading from ~/.agents/skills (with ~/.codex/skills compatibility), plus app-server APIs/events to list and download public remote skills. (#10437, #10448)
• /plan now accepts inline prompt arguments and pasted images, and slash-command editing/highlighting in the TUI is more polished. (#10269)
• Shell-related tools can now run in parallel, improving multi-command execution throughput. (#10505)
• Shell executions now receive CODEX_THREAD_ID, so scripts and skills can detect the active thread/session. (#10096)
• Added vendored Bubblewrap + FFI wiring in the Linux sandbox as groundwork for upcoming runtime integration. (#10413)

Bug Fixes

• Hardened Git command safety so destructive or write-capable invocations no longer bypass approval checks. (#10258)
• Improved resume/thread browsing reliability by correctly showing saved thread names and fixing thread listing behavior. (#10340, #10383)
• Fixed first-run trust-mode handling so sandbox mode is reported consistently, and made $PWD/.agents read-only like $PWD/.codex. (#10415, #10524)
• Fixed codex exec hanging after interrupt in websocket/streaming flows; interrupted turns now shut down cleanly. (#10519)
• Fixed review-mode approval event wiring so requestApproval IDs align with the corresponding command execution items. (#10416)
• Improved 401 error diagnostics by including server message/body details plus cf-ray and requestId. (#10508)

Documentation

• Expanded TUI chat composer docs to cover slash-command arguments and attachment handling in plan/review flows. (#10269)
• Refreshed issue templates and labeler prompts to better separate CLI/app bug reporting and feature requests. (#10411, #10453, #10548, #10552)

Chores

• Completed migration off the deprecated mcp-types crate to rmcp-based protocol types/adapters, then removed the legacy crate. (#10356, #10349, #10357)
• Updated the bytes dependency for a security advisory and cleaned up resolved advisory configuration. (#10525)

Changelog

Full Changelog: openai/codex@rust-v0.94.0...rust-v0.95.0

• #10340 Session picker shows thread_name if set @​pap-openai
• #10381 chore: collab experimental @​jif-oai
• #10231 feat: experimental flags @​jif-oai
• #10382 nit: shell snapshot retention to 3 days @​jif-oai
• #10383 fix: thread listing @​jif-oai
• #10386 fix: Rfc3339 casting @​jif-oai
• #10356 feat: add MCP protocol types and rmcp adapters @​bolinfest
• #10269 Nicer highlighting of slash commands, /plan accepts prompt args and pasted images @​charley-oai
• #10274 Add credits tooltip @​pakrym-oai
• #10394 chore: ignore synthetic messages @​jif-oai
• #10398 feat: drop sqlx logging @​jif-oai
• #10281 Select experimental features with space @​pakrym-oai
• #10402 feat: add --experimental to generate-ts @​jif-oai
• #10258 fix: unsafe auto-approval of git commands @​viyatb-oai
• #10411 Updated labeler workflow prompt to include "app" label @​etraut-openai
• #10399 emit a separate metric when the user cancels UAT during elevated setup @​iceweasel-oai
• #10377 chore(tui) /personalities tip @​dylan-hurd-oai
• #10252 [feat] persist thread_dynamic_tools in db @​celia-oai
• #10437 feat: Read personal skills from .agents/skills @​gverma-openai
• #10145 make codex better at git @​pash-openai
• #10418 Add codex app macOS launcher @​aibrahim-oai

... (truncated)

Commits

• 9327e99 Fix minor typos in comments and documentation (#10287)
• 4d9ae3a fix: remove references to corepack (#10138)
• 894923e feat: make it possible to specify --config flags in the SDK (#10003)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Superseded by #476.