Skip to content

Bump the minor-dependencies group across 1 directory with 5 updates#500

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-dependencies-abb63bb39e
Open

Bump the minor-dependencies group across 1 directory with 5 updates#500
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-dependencies-abb63bb39e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 5, 2026
edited
Loading

Bumps the minor-dependencies group with 4 updates in the / directory: github.com/Masterminds/semver/v3, github.com/modelcontextprotocol/go-sdk, golang.org/x/crypto and github.com/spf13/pflag.

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits
  • 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
  • 29d51d0 Fixing some quality issues
  • 87f651d Merge pull request #286 from mattfarina/update-devcontainer
  • 158a685 Updating gitignore for devcontainers
  • 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
  • 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
  • 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
  • 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
  • 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
  • 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
  • Additional commits viewable in compare view

Updates github.com/modelcontextprotocol/go-sdk from 1.4.0 to 1.6.0

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.6.0

This release is equivalent to v1.6.0-pre.1. Thank you to those who tested the pre-release.

In this release we introduce several smaller fixes and improvements, and we started working for release 2026-06-30. The main new feature is the introduction of ClientCredentialsHandler for OAuth client credentials grant.

Add ClientCredentialsHandler for OAuth client credentials grant

Added ClientCredentialsHandler implementing auth.OAuthHandler using the OAuth 2.0 Client Credentials grant (RFC 6749 Section 4.4) for service-to-service authentication with pre-registered credentials.

2026-06-30 Release related PRs

  • feat: add automatic application_type inference by @​guglielmo-san in modelcontextprotocol/go-sdk#904

    New application_type field is added to the ClientRegistrationMetadata for DynamicClientRegistration. If not specified, the application_type will be inferred from the RedirectURIs. This implements SEP-837.

  • feat: HTTP Header Standardization for method and name by @​guglielmo-san in modelcontextprotocol/go-sdk#907

    By mirroring key fields from the JSON-RPC payload into HTTP headers, network intermediaries such as load balancers, proxies, and observability tools can route and process MCP traffic without deep packet inspection, reducing latency and computational overhead. This partially implements SEP-2243.

Behavior Changes

SetError Behavior Change

Previously the SetError method on CallToolResult always overwrote the Content field with the error text. Now SetError preserves the existing value if it has already been populated. You can restore the previous behavior by setting the environment variable seterroroverwrite=1.

Cross-Origin Protection Default Change

Previously (v1.4.1-v1.5.0) default (zero-value) cross-origin protection was applied when CrossOriginProtection in StreamableHTTPOptions was nil. Now cross-origin protection is not enabled by default when CrossOriginProtection is nil. You can restore the previous behavior (enable by default) by setting enableoriginverification=1.

disablecrossoriginprotection was replaced by enableoriginverification after the default was changed to not enable cross-origin protection.

jsonescaping option was removed, according to plan.

Other Changes to the SDK

... (truncated)

Commits
  • f5f2015 MCPGODEBUG update for 1.6.0 (#893)
  • e01639a feat: HTTP Header Standardization for method and name (#907)
  • 93a41b2 internal/jsonrpc2: remove unused code (#910)
  • 446beae mcp: Upgrade jsonschema-go (#912)
  • 2e21834 extauth: add ClientCredentialsHandler for OAuth client credentials grant (#895)
  • 2643b22 feat: add automatic application_type inference (#904)
  • db50910 mcp: do not re-prompt OAuth after cancelled Authorize (#885)
  • 5f2cd8f mcp: preserve transport errors in Write error chain (#888)
  • 0edc597 Update README.md (#896)
  • 41e1f94 mcp: remove default cross origin protection (#906)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.51.0

Commits
  • b8a14a8 go.mod: update golang.org/x dependencies
  • 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
  • fd0b90d acme: include Problem in OrderError.Error
  • b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
  • cc0e4fc hkdf: forward Extract to the standard library
  • a8e9237 x509roots/fallback: update bundle
  • 03ca0dc go.mod: update golang.org/x dependencies
  • 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
  • 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
  • 982eaa6 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/term from 0.40.0 to 0.43.0

Commits
  • 3c3e485 go.mod: update golang.org/x dependencies
  • 52b71d3 go.mod: update golang.org/x dependencies
  • 9d2dc07 go.mod: update golang.org/x dependencies
  • d954e03 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

Commits
  • 0491e57 Merge pull request #448 from thaJeztah/fix_go_version
  • 72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
  • 7e4dfb1 Test on Go 1.12
  • 18a9d17 move Func, BoolFunc, tests as they require go1.21
  • c5b9e98 remove uses of errors.Is, which requires go1.13
  • 45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 5, 2026
@dependabot
Bump the minor-dependencies group across 1 directory with 5 updates
744828e 
Bumps the minor-dependencies group with 4 updates in the / directory: [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver), [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk), [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/spf13/pflag](https://github.com/spf13/pflag).


Updates `github.com/Masterminds/semver/v3` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](Masterminds/semver@v3.4.0...v3.5.0)

Updates `github.com/modelcontextprotocol/go-sdk` from 1.4.0 to 1.6.0
- [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases)
- [Commits](modelcontextprotocol/go-sdk@v1.4.0...v1.6.0)

Updates `golang.org/x/crypto` from 0.48.0 to 0.51.0
- [Commits](golang/crypto@v0.48.0...v0.51.0)

Updates `golang.org/x/term` from 0.40.0 to 0.43.0
- [Commits](golang/term@v0.40.0...v0.43.0)

Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.9...v1.0.10)

---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-dependencies
- dependency-name: github.com/modelcontextprotocol/go-sdk
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-dependencies
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-dependencies
- dependency-name: golang.org/x/term
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/minor-dependencies-abb63bb39e branch from b770b2f to 744828e Compare May 12, 2026 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants