chore(deps): update security updates

[NumaryBot]

This PR contains the following updates:

Package	Type	Update	Change
github.com/getsentry/sentry-go	require	minor	v0.35.1 -> v0.43.0
github.com/gkampitakis/ciinfo	indirect	patch	v0.3.3 -> v0.3.4
github.com/gkampitakis/go-snaps	require	patch	v0.5.14 -> v0.5.21
github.com/goccy/go-yaml	indirect	minor	v1.18.0 -> v1.19.2
github.com/mailru/easyjson	indirect	minor	v0.7.7 -> v0.9.2
github.com/mark3labs/mcp-go	require	minor	v0.41.1 -> v0.45.0
github.com/maruel/natural	indirect	minor	v1.1.1 -> v1.3.0
github.com/segmentio/asm	indirect	minor	v1.1.3 -> v1.2.1
github.com/segmentio/encoding	indirect	minor	v0.3.4 -> v0.5.4
github.com/spf13/cast	indirect	minor	v1.7.1 -> v1.10.0
github.com/spf13/cobra	require	patch	v1.10.1 -> v1.10.2
go.uber.org/atomic	indirect	minor	v1.9.0 -> v1.11.0
go.uber.org/multierr	indirect	minor	v1.8.0 -> v1.11.0
go.uber.org/zap	indirect	minor	v1.21.0 -> v1.27.1
golang.org/x/exp	indirect	digest	8b4c13b -> 7ab1446
golang.org/x/sys	indirect	minor	v0.36.0 -> v0.42.0
golang.org/x/text	indirect	minor	v0.29.0 -> v0.35.0

---

Release Notes

getsentry/sentry-go (github.com/getsentry/sentry-go)

v0.43.0: 0.43.0

Compare Source

Breaking Changes 🛠

• Add support for go 1.26 by @​giortzisg in #​1193
  • bump minimum supported go version to 1.24
• change type signature of attributes for Logs and Metrics. by @​giortzisg in #​1205
  • users are not supposed to modify Attributes directly on the Log/Metric itself, but this is still is a breaking change on the type.
• Send uint64 overflowing attributes as numbers. by @​giortzisg in #​1198
  • The SDK was converting overflowing uint64 attributes to strings for slog and logrus integrations. To eliminate double types for these attributes, the SDK now sends the overflowing attribute as is, and lets the server handle the overflow appropriately.
  • It is expected that overflowing unsigned integers would now get dropped, instead of converted to strings.

New Features ✨

• Add zap logging integration by @​giortzisg in #​1184
• Log specific message for RequestEntityTooLarge by @​giortzisg in #​1185

Bug Fixes 🐛

• Improve otel span map cleanup performance by @​giortzisg in #​1200
• Ensure correct signal delivery on multi-client setups by @​giortzisg in #​1190

Internal Changes 🔧

Deps

• Bump golang.org/x/crypto to 0.48.0 by @​giortzisg in #​1196
• Use go1.24.0 by @​giortzisg in #​1195
• Bump github.com/gofiber/fiber/v2 from 2.52.9 to 2.52.11 in /fiber by @​dependabot in #​1191
• Bump getsentry/craft from 2.19.0 to 2.20.1 by @​dependabot in #​1187

Other

• Add omitzero and remove custom serialization by @​giortzisg in #​1197
• Rename Telemetry Processor components by @​giortzisg in #​1186

v0.42.0: 0.42.0

Compare Source

Breaking Changes 🛠

• refactor Telemetry Processor to use TelemetryItem instead of ItemConvertible by @​giortzisg in #​1180
  • remove ToEnvelopeItem from single log items
  • rename TelemetryBuffer to Telemetry Processor to adhere to spec
  • remove unsed ToEnvelopeItem(dsn) from Event.

New Features ✨

• Add metric support by @​aldy505 in #​1151
  • support for three metric methods (counter, gauge, distribution)
  • custom metric units
  • unexport batchlogger

Internal Changes 🔧

Release

• Fix changelog-preview permissions by @​BYK in #​1181
• Switch from action-prepare-release to Craft by @​BYK in #​1167

Other

• (repo) Add Claude Code settings with basic permissions by @​philipphofmann in #​1175
• Update release and changelog-preview workflows by @​giortzisg in #​1177
• Bump echo to 4.10.1 by @​giortzisg in #​1174

v0.41.0: 0.41.0

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features

• Add HTTP client integration for distributed tracing via sentryhttpclient package (#​876)
  • Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests
  • Supports trace propagation targets configuration via WithTracePropagationTargets option
  • Example usage:

    import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
    
    roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
    client := &http.Client{
        Transport: roundTripper,
    }

• Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#​1161)
• Add SpanID field to structured logs (#​1169)

v0.40.0: 0.40.0

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0.

Bug Fixes

• Disable DisableTelemetryBuffer flag and noop Telemetry Buffer, to prevent a panic at runtime (#​1149).

v0.39.0: 0.39.0

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.39.0.

Features

• Drop events from the telemetry buffer when rate-limited or transport is full, allowing the buffer queue to empty itself under load (#​1138).

Bug Fixes

• Fix scheduler's hasWork() method to check if buffers are ready to flush. The previous implementation was causing CPU spikes (#​1143).

v0.38.0: 0.38.0

Compare Source

Breaking Changes

Features

• Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#​1094, #​1093, #​1107).

  • Advantages:
    • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load
    • Batching for high-volume logs (up to 100 items or 5s) cuts network overhead
    • Bounded memory with eviction policies
    • Improved flush behavior with context-aware flushing

• Add ClientOptions.DisableTelemetryBuffer to opt out and fall back to the legacy transport layer (HTTPTransport / HTTPSyncTransport).

  err := sentry.Init(sentry.ClientOptions{
    Dsn: "__DSN__",
    DisableTelemetryBuffer: true, // fallback to legacy transport
  })

Notes

• If a custom Transport is provided, the SDK automatically disables the telemetry buffer and uses the legacy transport for compatibility.

v0.37.0: 0.37.0

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.37.0.

Breaking Changes

• Behavioral change for the TraceIgnoreStatusCodes option. The option now defaults to ignoring 404 status codes (#​1122).

Features

• Add sentry.origin attribute to structured logs to identify log origin for slog and logrus integrations (auto.log.slog, auto.log.logrus) (#​1121).

Bug Fixes

• Fix slog event handler to use the initial context, ensuring events use the correct hub/span when the emission context lacks one (#​1133).
• Improve exception chain processing by checking pointer values when tracking visited errors, avoiding instability for certain wrapped errors (#​1132).

Misc

• Bump golang.org/x/net to v0.38.0 (#​1126).

v0.36.2: 0.36.2

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.2.

Bug Fixes

• Fix context propagation for logs to ensure logger instances correctly inherit span and hub information from their creation context (#​1118)
  • Logs now properly propagate trace context from the logger's original context, even when emitted in a different context
  • The logger will first check the emission context, then fall back to its creation context, and finally to the current hub

v0.36.1: 0.36.1

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.1.

Bug Fixes

• Prevent panic when converting error chains containing non-comparable error types by using a safe fallback for visited detection in exception conversion (#​1113)

v0.36.0: 0.36.0

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.36.0.

Breaking Changes

• Behavioral change for the MaxBreadcrumbs client option. Removed the hard limit of 100 breadcrumbs, allowing users to set a larger limit and also changed the default limit from 30 to 100 (#​1106))

• The changes to error handling (#​1075) will affect issue grouping. It is expected that any wrapped and complex errors will be grouped under a new issue group.

Features

• Add support for improved issue grouping with enhanced error chain handling (#​1075)

  The SDK now provides better handling of complex error scenarios, particularly when dealing with multiple related errors or error chains. This feature automatically detects and properly structures errors created with Go's errors.Join() function and other multi-error patterns.

  // Multiple errors are now properly grouped and displayed in Sentry
  err1 := errors.New("err1")
  err2 := errors.New("err2") 
  combinedErr := errors.Join(err1, err2)
  
  // When captured, these will be shown as related exceptions in Sentry
  sentry.CaptureException(combinedErr)

• Add TraceIgnoreStatusCodes option to allow filtering of HTTP transactions based on status codes (#​1089)

  • Configure which HTTP status codes should not be traced by providing single codes or ranges
  • Example: TraceIgnoreStatusCodes: [][]int{{404}, {500, 599}} ignores 404 and server errors 500-599

Bug Fixes

• Fix logs being incorrectly filtered by BeforeSend callback (#​1109)
  • Logs now bypass the processEvent method and are sent directly to the transport
  • This ensures logs are only filtered by BeforeSendLog, not by the error/message BeforeSend callback

Misc

• Add support for Go 1.25 and drop support for Go 1.22 (#​1103)

v0.35.3: 0.35.3

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.35.3.

Bug Fixes

• Add missing rate limit categories (#​1082)

v0.35.2: 0.35.2

Compare Source

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.35.2.

Bug Fixes

• Fix OpenTelemetry spans being created as transactions instead of child spans (#​1073)

Misc

• Add MockTransport to test clients for improved testing (#​1071)

gkampitakis/ciinfo (github.com/gkampitakis/ciinfo)

v0.3.4

Compare Source

gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)

v0.5.21

Compare Source

What's Changed

• support nested arrays in json matchers by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/145

Full Changelog: gkampitakis/go-snaps@v0.5.20...v0.5.21

v0.5.20

Compare Source

What's Changed

• feat: support setting serializer on config by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/154

Full Changelog: gkampitakis/go-snaps@v0.5.19...v0.5.20

v0.5.19

Compare Source

What's Changed

• fix: use backticks for inline snaps when appropriate by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/149

Full Changelog: gkampitakis/go-snaps@0.5.18...v0.5.19

v0.5.18

Compare Source

v0.5.17

Compare Source

v0.5.16

Compare Source

What's Changed

• fix: don't drop /r character when scanning by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/139
• chore: replace vendored go-diff with upstream by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/143
• chore: update golangci-lint to v2 by @​G-Rath in https://github.com/gkampitakis/go-snaps/pull/141
• fix: detect no_color support by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/123
• experimenting with inline snapshot support by @​gkampitakis in https://github.com/gkampitakis/go-snaps/pull/70

Full Changelog: gkampitakis/go-snaps@v0.5.15...v0.5.16

v0.5.15

Compare Source

What's Changed

• test: explicitly return named variables by @​G-Rath in https://github.com/gkampitakis/go-snaps/pull/137
• ci: show diff after running linting by @​G-Rath in https://github.com/gkampitakis/go-snaps/pull/136
• fix: only update snapshots when actually allowed by @​G-Rath in https://github.com/gkampitakis/go-snaps/pull/135

Full Changelog: gkampitakis/go-snaps@v0.5.14...v0.5.15

goccy/go-yaml (github.com/goccy/go-yaml)

v1.19.2: 1.19.2

Compare Source

What's Changed

• Fix anchor reference regression in nested structures by @​linyows in https://github.com/goccy/go-yaml/pull/839

New Contributors

• @​linyows made their first contribution in https://github.com/goccy/go-yaml/pull/839

Full Changelog: goccy/go-yaml@v1.19.1...v1.19.2

v1.19.1: 1.19.1

Compare Source

What's Changed

• Fix decoding of integer keys of map type by @​goccy in https://github.com/goccy/go-yaml/pull/829
• Support line comment for flow sequence or flow map by @​goccy in https://github.com/goccy/go-yaml/pull/834

Full Changelog: goccy/go-yaml@v1.19.0...v1.19.1

v1.19.0: 1.19.0

Compare Source

What's Changed

• Revert "feat: Dont make copies of structs for validation" by @​shuheiktgw in https://github.com/goccy/go-yaml/pull/763
• Add decode option that allows specific field prefixes by @​cpuguy83 in https://github.com/goccy/go-yaml/pull/795
• Normalize CR and CRLF in multi-line strings by @​shuheiktgw in https://github.com/goccy/go-yaml/pull/754
• Support non string map keys by @​shuheiktgw in https://github.com/goccy/go-yaml/pull/756
• Skip directive in path operations by @​shuheiktgw in https://github.com/goccy/go-yaml/pull/758
• Add indentation to flow values on new lines by @​shuheiktgw in https://github.com/goccy/go-yaml/pull/759
• Add support for RawMessage, similar to json.RawMessage by @​thanethomson in https://github.com/goccy/go-yaml/pull/790

New Contributors

• @​cpuguy83 made their first contribution in https://github.com/goccy/go-yaml/pull/795
• @​thanethomson made their first contribution in https://github.com/goccy/go-yaml/pull/790

Full Changelog: goccy/go-yaml@v1.18.0...v1.19.0

mailru/easyjson (github.com/mailru/easyjson)

v0.9.2

Compare Source

What's Changed

• Bugfix: do not generate invalid JSON when float value is +Inf, -Inf or NaN by @​dmitrybarsukov in https://github.com/mailru/easyjson/pull/421
• fix null after MarshalText work by @​AndreiBerezin in https://github.com/mailru/easyjson/pull/423
• Support for json:",omitzero" tag by @​nsd20463 in https://github.com/mailru/easyjson/pull/429

Full Changelog: mailru/easyjson@v0.9.1...v0.9.2

v0.9.1

Compare Source

What's Changed

• Fix unmarshal null to existing value by @​neal in https://github.com/mailru/easyjson/pull/407
• Fix unmarshal null values for non-pointer fields by @​neal in https://github.com/mailru/easyjson/pull/411
• feat: Add version and commit information to easyjson generator by @​stickpro in https://github.com/mailru/easyjson/pull/424

New Contributors

• @​neal made their first contribution in https://github.com/mailru/easyjson/pull/407
• @​stickpro made their first contribution in https://github.com/mailru/easyjson/pull/424

Full Changelog: mailru/easyjson@v0.9.0...v0.9.1

v0.9.0

Compare Source

up go version and bugfixes

v0.8.0

Compare Source

stable version before go version bump

mark3labs/mcp-go (github.com/mark3labs/mcp-go)

v0.45.0

Compare Source

v0.44.1

Compare Source

v0.44.0

Compare Source

What's Changed

• feat: defer tool loading to enable Anthropic's "Tool Search" pattern by @​wolfeidau in https://github.com/mark3labs/mcp-go/pull/644
• fix: return an error if the responseWriter does not support Flush by @​JoelPfaffDD in https://github.com/mark3labs/mcp-go/pull/652
• Add Icons support for MCP spec 2025-11-25 compliance by @​dask-58 in https://github.com/mark3labs/mcp-go/pull/660
• fix: add ErrUnauthorized sentinel for static token 401 responses by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/661
• Add lastModified field to Annotations for MCP spec 2025-11-25 by @​dask-58 in https://github.com/mark3labs/mcp-go/pull/663
• Add server-side support for MCP tasks by @​JAORMX in https://github.com/mark3labs/mcp-go/pull/635
• fix: drain all pending notification before writing the response to avoid missing notifications by @​archit-harness in https://github.com/mark3labs/mcp-go/pull/670
• fix for nil resources slice by @​furysama in https://github.com/mark3labs/mcp-go/pull/665
• Add docstrings for annotation-related functions by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/673
• fix: add timeout for SSE response waiting to prevent indefinite blocking by @​everfid-ever in https://github.com/mark3labs/mcp-go/pull/668
• Try OAuth Authorization Server Metadata first by @​staugaard in https://github.com/mark3labs/mcp-go/pull/669
• fix(oauth): check for OAuth error responses even when status code is 200 by @​sd2k in https://github.com/mark3labs/mcp-go/pull/646
• fix: Add missing session cleanup to the StreamableHTTPServer DELETE handler by @​cnnrznn in https://github.com/mark3labs/mcp-go/pull/667
• Implement Elicitation URL mode for MCP spec 2025-11-25 by @​dask-58 in https://github.com/mark3labs/mcp-go/pull/666
• feat: Add Host header override support for manual DNS resolution by @​ComingCL in https://github.com/mark3labs/mcp-go/pull/674
• fix: low mcp version been selected by mcp server, mcp server may also raise 'unsupported protocol version 2025-11-25' error by @​yuehaii in https://github.com/mark3labs/mcp-go/pull/687
• Add AdditionalProperties to ToolInputSchema by @​mohit-gupta-glean in https://github.com/mark3labs/mcp-go/pull/678
• fix: fix TestSSE_SendRequest_Timeout flaky test by @​everfid-ever in https://github.com/mark3labs/mcp-go/pull/683
• feat:add version 2025-11-25 & unit test for version by @​CocaineCong in https://github.com/mark3labs/mcp-go/pull/684
• fix: use sync.Once for thread-safe Close in StreamableHTTP by @​semihbkgr in https://github.com/mark3labs/mcp-go/pull/685
• docs: fix ListTools usage to include ListToolsRequest parameter by @​everfid-ever in https://github.com/mark3labs/mcp-go/pull/681
• fix: return 404 instead of 400 for invalid session IDs by @​burugo in https://github.com/mark3labs/mcp-go/pull/689
• fix: rename NewToolResultAudio second parameter from imageData to aud… by @​mosesyu95 in https://github.com/mark3labs/mcp-go/pull/691
• Server handlers implementation for auto-completion by @​ezraisw in https://github.com/mark3labs/mcp-go/pull/679
• Fix: the header information set by the client being lost. by @​button-chen in https://github.com/mark3labs/mcp-go/pull/686
• Set test client info by @​urisimchoni in https://github.com/mark3labs/mcp-go/pull/692
• refactor: fix modernize lint issues by @​alexandear in https://github.com/mark3labs/mcp-go/pull/699
• refactor: simplify tests with the usetesting linter by @​alexandear in https://github.com/mark3labs/mcp-go/pull/703
• typo: fix duplicate description of mcp-go in README by @​milairhu in https://github.com/mark3labs/mcp-go/pull/701
• feat(server): implement task-augmented tools capability by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/707
• tool "properties" and "required" fields missing if set them as null, AdditionalProperties can't be masharl by @​yuehaii in https://github.com/mark3labs/mcp-go/pull/713
• Fix no way to detect connection closure in non-NO_ERROR cases by @​manx98 in https://github.com/mark3labs/mcp-go/pull/709
• fix: accept HTTP 204 No Content in SendNotification by @​satish-karri-glean in https://github.com/mark3labs/mcp-go/pull/717
• fix: use custom session id generator when provided by @​FlameHost10 in https://github.com/mark3labs/mcp-go/pull/715
• fix: SendRequest hangs forever when server process dies by @​ichoosetoaccept in https://github.com/mark3labs/mcp-go/pull/714

New Contributors

• @​wolfeidau made their first contribution in https://github.com/mark3labs/mcp-go/pull/644
• @​JoelPfaffDD made their first contribution in https://github.com/mark3labs/mcp-go/pull/652
• @​dask-58 made their first contribution in https://github.com/mark3labs/mcp-go/pull/660
• @​JAORMX made their first contribution in https://github.com/mark3labs/mcp-go/pull/635
• @​archit-harness made their first contribution in https://github.com/mark3labs/mcp-go/pull/670
• @​furysama made their first contribution in https://github.com/mark3labs/mcp-go/pull/665
• @​everfid-ever made their first contribution in https://github.com/mark3labs/mcp-go/pull/668
• @​staugaard made their first contribution in https://github.com/mark3labs/mcp-go/pull/669
• @​cnnrznn made their first contribution in https://github.com/mark3labs/mcp-go/pull/667
• @​ComingCL made their first contribution in https://github.com/mark3labs/mcp-go/pull/674
• @​mohit-gupta-glean made their first contribution in https://github.com/mark3labs/mcp-go/pull/678
• @​semihbkgr made their first contribution in https://github.com/mark3labs/mcp-go/pull/685
• @​burugo made their first contribution in https://github.com/mark3labs/mcp-go/pull/689
• @​mosesyu95 made their first contribution in https://github.com/mark3labs/mcp-go/pull/691
• @​ezraisw made their first contribution in https://github.com/mark3labs/mcp-go/pull/679
• @​urisimchoni made their first contribution in https://github.com/mark3labs/mcp-go/pull/692
• @​alexandear made their first contribution in https://github.com/mark3labs/mcp-go/pull/699
• @​milairhu made their first contribution in https://github.com/mark3labs/mcp-go/pull/701
• @​manx98 made their first contribution in https://github.com/mark3labs/mcp-go/pull/709
• @​satish-karri-glean made their first contribution in https://github.com/mark3labs/mcp-go/pull/717
• @​FlameHost10 made their first contribution in https://github.com/mark3labs/mcp-go/pull/715
• @​ichoosetoaccept made their first contribution in https://github.com/mark3labs/mcp-go/pull/714

Full Changelog: mark3labs/mcp-go@v0.43.2...v0.44.0

v0.43.2

Compare Source

What's Changed

• fix: notification break the client tool call by @​yuehaii in https://github.com/mark3labs/mcp-go/pull/642
• fix: handle either $defs or definitions field when unmarshaling ToolArgumentsSchema by @​sd2k in https://github.com/mark3labs/mcp-go/pull/645

Full Changelog: mark3labs/mcp-go@v0.43.1...v0.43.2

v0.43.1

Compare Source

What's Changed

• fix: create StatelessGeneratingSessionIdManager to fix multi-instance deployments by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/641
• fix: implement SessionWithClientInfo for streamableHttpSession by @​Anko59 in https://github.com/mark3labs/mcp-go/pull/640

New Contributors

• @​Anko59 made their first contribution in https://github.com/mark3labs/mcp-go/pull/640

Full Changelog: mark3labs/mcp-go@v0.43.0...v0.43.1

v0.43.0

Compare Source

What's Changed

• feat: add support for custom HTTP headers in client requests by @​matthisholleville in https://github.com/mark3labs/mcp-go/pull/546
• feat: add SessionWithResourceTemplates for session-specific resource templates by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/624
• feat(mcp): Add SessionIdManagerResolver interface for request-based session management by @​aradyaron in https://github.com/mark3labs/mcp-go/pull/626
• feat(mcp): add HTTP and Stdio client Roots feature by @​yuehaii in https://github.com/mark3labs/mcp-go/pull/620
• feat(mcp): add Title field to Implementation struct per MCP spec by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/633
• fix(toocall): properly set custom header to ensure correct request handling by @​cx215133873 in https://github.com/mark3labs/mcp-go/pull/632

New Contributors

• @​aradyaron made their first contribution in https://github.com/mark3labs/mcp-go/pull/626
• @​yuehaii made their first contribution in https://github.com/mark3labs/mcp-go/pull/620
• @​cx215133873 made their first contribution in https://github.com/mark3labs/mcp-go/pull/632

Full Changelog: mark3labs/mcp-go@v0.42.0...v0.43.0

v0.42.0

Compare Source

What's Changed

• HTTP Sampling Improvements by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/601
• feat: update type definition of _meta field to text/blob resources. by @​rabbah in https://github.com/mark3labs/mcp-go/pull/591
• fix: documentation typos by @​Artmorse in https://github.com/mark3labs/mcp-go/pull/608
• fix: prevent tools invocation without valid session initialization by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/607
• fix: make transport Start() idempotent to resolve issue #​583 by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/606
• feat: extend resource middlewares to resource templates by @​tjhop in https://github.com/mark3labs/mcp-go/pull/582
• Preserve Tool _meta when marshaling to JSON by @​jaredly in https://github.com/mark3labs/mcp-go/pull/609
• fix: reuse sessions correctly in streamable HTTP transport by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/615
• Add support for Session-specific resources by @​jaredly in https://github.com/mark3labs/mcp-go/pull/610
• feat: Add session resource helper functions by @​ezynda3 in https://github.com/mark3labs/mcp-go/pull/617
• [disable-stream] Add WithDisableStreaming option to StreamableHTTP server to allow disabling streaming by @​jaredly in https://github.com/mark3labs/mcp-go/pull/613
• feat: add HTTP client option to OAuthConfig by @​sd2k in https://github.com/mark3labs/mcp-go/pull/616
• feat(mcp): Add WithAny for flexible tool properties by @​otaviof in https://github.com/mark3labs/mcp-go/pull/618
• 📝 Add docstrings to issue-345-withany by @​coderabbitai[bot] inhttps://github.com/mark3labs/mcp-go/pull/6199

New Contributors

• @​rabbah made their first contribution in https://github.com/mark3labs/mcp-go/pull/591
• @​Artmorse made their first contribution in https://github.com/mark3labs/mcp-go/pull/608
• @​jaredly made their first contribution in https://github.com/mark3labs/mcp-go/pull/609
• @​otaviof made their first contribution in https://github.com/mark3labs/mcp-go/pull/618
• @​coderabbitai[bot] made their first contribution inhttps://github.com/mark3labs/mcp-go/pull/6199

Full Changelog: mark3labs/mcp-go@v0.41.1...v0.42.0

maruel/natural (github.com/maruel/natural)

v1.3.0: Supports arbitrary long numbers (larger than uint64)

Compare Source

Fixes #​5

v1.2.1

Compare Source

v1.2.0

Compare Source

segmentio/asm (github.com/segmentio/asm)

v1.2.1

Compare Source

v1.2.0

Compare Source

What's Changed

• .github: update to Go 1.18.1 by @​kevinburkesegment in https://github.com/segmentio/asm/pull/76

Full Changelog: segmentio/asm@v1.1.5...v1.2.0

v1.1.5

Compare Source

v1.1.4

Compare Source

segmentio/encoding (github.com/segmentio/encoding)

v0.5.4

Compare Source

What's Changed

• fix: Validate key length on assignment in decodeStruct by @​maciej-kisiel in https://github.com/segmentio/encoding/pull/162

Full Changelog: segmentio/encoding@v0.5.3...v0.5.4

v0.5.3

Compare Source

What's Changed

• lint fixes by @​extemporalgenome in https://github.com/segmentio/encoding/pull/151

Full Changelog: segmentio/encoding@v0.5.2...v0.5.3

v0.5.2: : address performance regression in json decoding

Compare Source

What's Changed

• perf(json): address performance penalty found in json decoding by @​dominicbarnes in https://github.com/segmentio/encoding/pull/149

New Contributors

• @​dominicbarnes made their first contribution in https://github.com/segmentio/encoding/pull/149

Full Changelog: segmentio/encoding@v0.5.1...v0.5.2

v0.5.1: : json parity with stdlib for \b and \f encoding

Compare Source

What's Changed

• json: encode \b and \f like the Go 1.22 stdlib does by @​extemporalgenome in https://github.com/segmentio/encoding/pull/145
• lint fixes by @​extemporalgenome in https://github.com/segmentio/encoding/pull/146

Full Changelog: segmentio/encoding@v0.5.0...v0.5.1

v0.5.0: : protobuf rewrite rule overrides

Compare Source

What's Changed

• .github: fix security vuln by @​kevinburkesegment in https://github.com/segmentio/encoding/pull/142
• Add protobuf rewrite rule overrides by @​kalamay in https://github.com/segmentio/encoding/pull/144

Full Changelog: segmentio/encoding@v0.4.0...v0.5.0

v0.4.1

Compare Source

v0.4.0: : configurable numeric decoding support

Compare Source

When decoding into any, ParseFlags can now be used to control decoding into any combination of uint64, int64, and *big.Int, in addition to the prior support for json.Number and float64. Choice of type will depend on each value encountered, and as before, when json.Number is requested, float64 will not be used.

v0.3.7: : tolerate leading spacing in json.RawMessage

Compare Source

v0.3.6

Compare Source

What's Changed

• Added a Remaining() int method to json.Tokenizer by @​chriso in https://github.com/segmentio/encoding/pull/126
• Enabled a slice optimization for go1.18 and go1.19 by @​chriso in https://github.com/segmentio/encoding/pull/127

Full Changelog: segmentio/encoding@v0.3.5...v0.3.6

v0.3.5

Compare Source

What's Changed

• fix decoding lists of TRUE values by @​achille-roussel in https://github.com/segmentio/encoding/pull/122

Full Changelog: segmentio/encoding@v0.3.4...v0.3.5

spf13/cast (github.com/spf13/cast)

v1.10.0

Compare Source

What's Changed

• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/2755
• build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/2777
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.5 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/2899
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/2966
• build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/2955
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/2933
• build(deps): bump github/codeql-action from 3.29.10 to 3.30.1 by @​dependabot[bot] inhttps://github.com/spf13/cast/pull/3011
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by [@​dependab

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[NumaryBot]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.4 -> 1.25.0

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

• go.mod is excluded by !**/*.mod
• go.sum is excluded by !**/*.sum, !**/*.sum

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a711d21a-ca70-4d11-9433-e667768a4028

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/security

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.50%. Comparing base (e3d1574) to head (eb4c36a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #124   +/-   ##
=======================================
  Coverage   68.50%   68.50%           
=======================================
  Files          46       46           
  Lines        4648     4648           
=======================================
  Hits         3184     3184           
  Misses       1290     1290           
  Partials      174      174           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.