build(deps): bump @openai/codex-sdk from 0.91.0 to 0.103.0

[dependabot]

Bumps @openai/codex-sdk from 0.91.0 to 0.103.0.

Release notes

Sourced from @​openai/codex-sdk's releases.

0.103.0

New Features

• App listing responses now include richer app details (app_metadata, branding, and labels), so clients can render more complete app cards without extra requests. (#11706)
• Commit co-author attribution now uses a Codex-managed prepare-commit-msg hook, with command_attribution override support (default label, custom label, or disable). (#11617)

Bug Fixes

• Removed the remote_models feature flag to prevent fallback model metadata when it was disabled, improving model selection reliability and performance. (#11699)

Chores

• Updated Rust dependencies (clap, env_logger, arc-swap) and refreshed Bazel lock state as routine maintenance. (#11888, #11889, #11890, #12032)
• Reverted the Rust toolchain bump to 1.93.1 after CI breakage. (#11886, #12035)

Changelog

Full Changelog: openai/codex@rust-v0.102.0...rust-v0.103.0

• #11699 chore: rm remote models fflag @​sayan-oai
• #11706 [apps] Expose more fields from apps listing endpoints. @​mzeng-openai
• #11890 chore(deps): bump arc-swap from 1.8.0 to 1.8.2 in /codex-rs @​dependabot
• #11886 chore(deps): bump rust-toolchain from 1.93.0 to 1.93.1 in /codex-rs @​dependabot
• #12032 chore: just bazel-lock-update @​bolinfest
• #11888 chore(deps): bump clap from 4.5.56 to 4.5.58 in /codex-rs @​dependabot
• #11889 chore(deps): bump env_logger from 0.11.8 to 0.11.9 in /codex-rs @​dependabot
• #11617 Use prompt-based co-author attribution with config override @​gabec-openai
• #12035 Revert "chore(deps): bump rust-toolchain from 1.93.0 to 1.93.1 in /co…dex-rs (#11886)" @​etraut-openai

0.103.0-alpha.1

Release 0.103.0-alpha.1

0.102.0

New Features

• Added a more unified permissions flow, including clearer permissions history in the TUI and a slash command to grant sandbox read access when directories are blocked. (#11633, #11512, #11550, #11639)
• Introduced structured network approval handling, with richer host/protocol context shown directly in approval prompts. (#11672, #11674)
• Expanded app-server fuzzy file search with explicit session-complete signaling so clients can stop loading indicators reliably. (#10268, #11773)
• Added customizable multi-agent roles via config, including migration toward the new multi-agent naming/config surface. (#11917, #11982, #11939, #11918)
• Added a model/rerouted notification so clients can detect and render model reroute events explicitly. (#12001)

Bug Fixes

• Fixed remote image attachments so they persist correctly across resume/backtrack and history replay in the TUI. (#10590)
• Fixed a TUI accessibility regression where animation gating for screen reader users was not consistently respected. (#11860)
• Fixed app-server thread resume behavior to correctly rejoin active in-memory threads and tighten invalid resume cases. (#11756)
• Fixed model/list output to return full model data plus visibility metadata, avoiding unintended server-side filtering. (#11793)
• Fixed several js_repl stability issues, including reset hangs, in-flight tool-call races, and a view_image panic path. (#11932, #11922, #11800, #11796)
• Fixed app integration edge cases in mention parsing and app list loading/filtering behavior. (#11894, #11518, #11697)

Documentation

• Updated contributor guidance to require snapshot coverage for user-visible TUI changes. (#10669)
• Updated docs/help text around Codex app and MCP command usage. (#11926, #11813)

Chores

... (truncated)

Commits

• 703fb38 Make codex-sdk depend on openai/codex (#11503)
• 1dc06b6 fix: ensure resume args precede image args (#10709)
• 9327e99 Fix minor typos in comments and documentation (#10287)
• 4d9ae3a fix: remove references to corepack (#10138)
• 894923e feat: make it possible to specify --config flags in the SDK (#10003)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #491.