Bump SDK packages to v1.23.0

[all-hands-bot]

Automated Version Bump

This PR updates the following packages to version 1.23.0:

• openhands-sdk
• openhands-tools

Triggered by: Release of software-agent-sdk v1.23.0

---

This PR was automatically created by the version-bump-prs workflow.

---

🚀 Try this PR

uvx --python 3.12 git+https://github.com/OpenHands/OpenHands-CLI.git@bump-sdk-1.23.0

[all-hands-bot]

🟢 Good taste - SDK version bump is correctly implemented.

[SUPPLY CHAIN SECURITY HOLD]

Both target versions were published less than 7 days ago:

• openhands-sdk==1.23.0: published 2026-05-20T23:52:49Z (~2 minutes ago)
• openhands-tools==1.23.0: published 2026-05-20T23:52:54Z (~2 minutes ago)

Per the 7-day supply chain security policy, this PR cannot be approved yet. Please wait until 2026-05-27 before merging to allow time for community security review of the upstream releases.

Note: While these are first-party OpenHands packages (lower risk than third-party dependencies), the waiting period still applies to catch any immediate issues discovered in the wild.

[RISK ASSESSMENT]

• [Overall PR] ⚠️ Risk Assessment: 🟢 LOW
  The changes themselves are correct and low-risk. The hold is purely procedural for supply chain security.

VERDICT:
⏳ On hold: Approved pending 7-day waiting period

KEY INSIGHT:
Valid dependency bump blocked only by time-based security policy.

---

Was this automated review useful? React with 👍 or 👎 to this review to help us measure review quality.
Workflow run: https://github.com/OpenHands/OpenHands-CLI/actions/runs/26196816808