chore(deps): bump the all group across 1 directory with 29 updates by dependabot[bot] · Pull Request #17 · smithersai/tui

dependabot · 2026-06-22T09:18:57Z

Bumps the all group with 17 updates in the / directory:

Package	From	To
charm.land/bubbletea/v2	`2.0.2`	`2.0.7`
charm.land/catwalk	`0.33.2`	`0.45.1`
charm.land/fantasy	`0.17.1`	`0.33.1`
charm.land/glamour/v2	`2.0.0`	`2.0.1`
github.com/alecthomas/chroma/v2	`2.23.1`	`2.27.0`
github.com/charmbracelet/x/powernap	`0.1.3`	`0.1.6`
github.com/go-git/go-git/v5	`5.17.1`	`5.19.1`
github.com/invopop/jsonschema	`0.13.0`	`0.14.0`
github.com/mattn/go-isatty	`0.0.20`	`0.0.22`
github.com/modelcontextprotocol/go-sdk	`1.4.1`	`1.6.1`
github.com/ncruces/go-sqlite3	`0.33.2`	`0.35.1`
github.com/posthog/posthog-go	`1.11.2`	`1.16.1`
github.com/pressly/goose/v3	`3.27.0`	`3.27.1`
github.com/qjebbs/go-jsons	`1.0.0-alpha.4`	`1.0.0-alpha.6`
github.com/sahilm/fuzzy	`0.1.1`	`0.1.3`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	`1.42.0`	`1.44.0`
mvdan.cc/sh/v3	`3.13.0`	`3.13.1`

Updates charm.land/bubbletea/v2 from 2.0.2 to 2.0.7

Release notes

Sourced from charm.land/bubbletea/v2's releases.

v2.0.7

A few lil’ stability patches

Hi! This is a patch release with a few solid improvements around stability and correctness.

@lrstanley, one of our faves, fixed a race condition around mice in the Cursed Renderer

@lawrence3699 fixed a panic that could happen when input's not available

We fixed a correctness issue with regard to mouse releases when Kitty Keyboard was active (thanks, @mitchellh)

Thanks for using Bubble Tea, and if you see anything awry please do let us know!

—Charm 👋

Changelog

Fixed

c60f0c53042238305ec13b486326588f12aea0ec: fix: prevent data race with cursedRenderer.onMouse (#1691) (@lrstanley)

074596e14e2f5ca5e3986ee72e7c08f1569c4178: fix: skip input reader restore when input is disabled (#1680) (@lawrence3699)

878d7df2f2b02f3ca8db177fa8553834bc35ea7c: fix(deps): bump ultraviolet for kitty keyboard fix (@meowgorithm)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.6

This release fixes an issue with how Bubble Tea handled wide characters. Before, a wide character might be skipped or cause an infinite loop causing the CPU to spike. See charmbracelet/bubbletea@fdcd0cf and charmbracelet/ultraviolet#109 for more details.

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.5

A small release to remove accidental unwanted debug log file. See charmbracelet/bubbletea@1ed724a and charmbracelet/ultraviolet@b516641 for details.

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.4

This release includes a small fix related to width calculation in x/ansi. See charmbracelet/bubbletea@c788fe9 and charmbracelet/x@6921c75 for more details.

... (truncated)

Commits

a23da80 v2.0.7
670963e chore(task): add release and fetch-tags tasks
29c4c32 fix(examples/deps): go mod tidy
878d7df chore(deps): bump ultraviolet for kitty keyboard fix
c60f0c5 fix: prevent data race with cursedRenderer.onMouse (#1691)
640d879 docs(readme): update footer image
0fbefd2 chore: remove CODEOWNERS
074596e fix: skip input reader restore when input is disabled (#1680)
fdcd0cf chore: bump ultraviolet to 489999b90468 to fix a wide char issue
1ed724a chore: bump ultraviolet to v0.0.0-20260413211237-bd52878bcec2
Additional commits viewable in compare view

Updates charm.land/catwalk from 0.33.2 to 0.45.1

Release notes

Sourced from charm.land/catwalk's releases.

v0.45.1

Changelog

Other stuff

beb6b739dc3ff59b9fb416c4a1ea8333bcd549e3: chore: auto-update generated files (#374) (@github-actions[bot])

ace8211f3fe2b8104de937ccd5ac365f5408dce6: chore: fix newralwatt default models (@andreynering)

First, download the checksums.txt file and the checksums.txt.sigstore.json file files, for example, with wget:
wget 'https://github.com/charmbracelet/catwalk/releases/download/v0.45.1/checksums.txt'
wget 'https://github.com/charmbracelet/catwalk/releases/download/v0.45.1/checksums.txt.sigstore.json'
Then, verify it using cosign:
cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --bundle 'checksums.txt.sigstore.json' \
  ./checksums.txt
If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:
sha256sum --ignore-missing -c checksums.txt
Done! You artifacts are now verified!

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.45.0

Changelog

New!

a1782b810740d0316e048a65d454b8e06a0e59ca: feat: add fireworks provider (#373) (@andreynering)

Other stuff

827aecde0afe48258ecb2d9a929c45c89ad492ab: chore: auto-update generated files (#372) (@github-actions[bot])

... (truncated)

Commits

8268b5b v0.45.1
ace8211 chore: fix newralwatt default models
beb6b73 chore: auto-update generated files (#374)
225a44a v0.45.0
a1782b8 feat: add fireworks provider (#373)
827aecd chore: auto-update generated files (#372)
460e89f v0.44.30
74f53de chore: auto-update generated files (#369)
37a5446 v0.44.29
559d398 chore(copilot): update model list
Additional commits viewable in compare view

Updates charm.land/fantasy from 0.17.1 to 0.33.1

Release notes

Sourced from charm.land/fantasy's releases.

v0.33.1

Changelog

Fixed

e057614c404a9dfe1f703b0c42685c4c8d56027a: fix(google): omit function call id for vertex ai to prevent error 400 (#278) (@eswar-7116)

6b4e9b20b7302ff5b0a0b44aa3a963edc3eb3e6d: fix(openai): allow tools and content in the same delta (@taciturnaxolotl)

5ff510190a1233c6ff155fbfc3abb450537d0a11: fix(openai): defer streaming tool call finalization to end-of-stream (@taciturnaxolotl)

5bcdd5bc3f60d85186a6cb8d35d2114032df2cf6: fix(openai): make latest azure gpt models work (#288) (@dustinlagoy)

f018b24a8f46dfe3c897f2bab3692d11a9e157c4: fix: include available tool names in "tool not found" errors (#290) (@andreynering)

Other stuff

7dacdda522fc6d5aa7ad91319f1db6aa8365f3e5: v0.33.1 (@andreynering)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.33.0

Changelog

New!

13774e96ce01f74332eb60071608246569e8f708: feat(openai): expose extra usage fields in ProviderMetadata (@taciturnaxolotl)

Other stuff

a13a1b3c4688b53949a5dc992f8d91601a5bec69: v0.33.0 (@taciturnaxolotl)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.32.0

Changelog

New!

5c9015a8802c828754130c7d832810c69008c944: feat(openai): support max reasoning effort (@Amolith)

Other stuff

59d8f7a7fcf7e8fd3cc7d2edaa68f47b3f6658e5: fix(vercel,openrouter): emit empty ReasoningStart for streaming reasoning (@taciturnaxolotl)

fafadf59333157fcb49949a97f155a905aa851a0: v0.32.0 (@taciturnaxolotl)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.31.1

Changelog

Fixed

47c7123c8e42059ab70cdc13c9fdf9f58135b8d7: fix(agent): use last text step as AgentResult.Response (@taciturnaxolotl)

Other stuff

7633543aa1cad0d401ffbce36cc6d4cccbe2062a: bug(vercel): first reasoning chunk is dropped for unknown formats (@taciturnaxolotl)

... (truncated)

Commits

7dacdda v0.33.1
e057614 fix(google): omit function call id for vertex ai to prevent error 400 (#278)
f018b24 fix: include available tool names in "tool not found" errors (#290)
5ff5101 fix(openai): defer streaming tool call finalization to end-of-stream
5bcdd5b fix(openai): make latest azure gpt models work (#288)
6b4e9b2 fix(openai): allow tools and content in the same delta
a13a1b3 v0.33.0
13774e9 feat(openai): expose extra usage fields in ProviderMetadata
fafadf5 v0.32.0
59d8f7a fix(vercel,openrouter): emit empty ReasoningStart for streaming reasoning
Additional commits viewable in compare view

Updates charm.land/glamour/v2 from 2.0.0 to 2.0.1

Release notes

Sourced from charm.land/glamour/v2's releases.

v2.0.1

Changelog

Bug fixes

975a0f30cc6519fde4481ab084987222c8f06c34: fix: close wrap writer before its downstream chain (#575) (@taciturnaxolotl)

Other work

c29364924407add0616fc067e4c70ddf9a5da0dd: chore: fix pre-existing lint failures (#575) (@taciturnaxolotl)

95c93db04489cebf252ec856584445c7e85ee276: chore: bump lipgloss to v2.0.4 (@taciturnaxolotl)

600b93a40bb9754522c7e3496b8b41989cf1dec7: chore: remove CODEOWNERS (@aymanbagabas)

253da61fcb275fcd28296956ffae5f7d98ff618d: fix(ci): use local golangci config (@aymanbagabas)

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

Commits

95c93db chore: bump lipgloss to v2.0.4
c293649 chore: fix pre-existing lint failures
975a0f3 fix: close wrap writer before its downstream chain
600b93a chore: remove CODEOWNERS
253da61 fix(ci): use local golangci config
See full diff in compare view

Updates charm.land/lipgloss/v2 from 2.0.2 to 2.0.4

Release notes

Sourced from charm.land/lipgloss/v2's releases.

v2.0.4

Mini Crash Patch

Hi! This is a small patch to fix a writer-related panic. Thanks for using Lip Gloss!

Changelog

Fixed

fefa41d: fix: prevent crash when writing to a closed wrap writer (#699) (@taciturnaxolotl)

Docs

40ec0e6: docs: fix typo in table comment (#641) (@aymanbagabas)

a4d0b40: docs: restore missing diaereses (#664) (@meowgorithm)

Chore

aa91b99: chore: remove CODEOWNERS (@aymanbagabas)

9cbfe8b: chore(lint): exclude revive naming linter (@aymanbagabas)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.3

Changelog

Fixed

472d718e2314596549bee2c0c8ccf8beea5f25ae: fix: Avoid background color query hang (#636) (@jedevc)

Docs

9e39a0ad4f4fc779d620f17783cee3494da6ae29: docs: fix README typo (#629) (@Rohan5commit)

cd93a9f5d2e3cb151da83150db29751d92585d23: docs: fix tree comment typo (#634) (@Rohan5commit)

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

b00306c fix: prevent crash when writing to a closed wrap writer
40ec0e6 docs: fix typo in table comment (#641)
e3b78a2 chore(deps): bump golang.org/x/sys in the all group (#691)
758dd87 chore(deps): bump golang.org/x/sys in the all group (#674)
aa91b99 chore: remove CODEOWNERS
9cbfe8b chore(lint): exclude revive naming linter
a4d0b40 docs: restore missing diaereses (#664)
472d718 fix: Avoid background color query hang (#636)
89fafba chore: bump x/ansi to v0.11.7 to fix width calculation bug
d6d41e1 chore(deps): bump golang.org/x/sys in the all group (#663)
Additional commits viewable in compare view

Updates github.com/alecthomas/chroma/v2 from 2.23.1 to 2.27.0

Release notes

Sourced from github.com/alecthomas/chroma/v2's releases.

v2.27.0

Changelog

a6d00fe fix(html): make mode class output opt-in via WithModeClasses

f52d015 chore: some house-keeping

f08a9ab chore: add fmt + test to BUILD.bit

6da8f88 fix(yaml): comments can be key-values (#1289)

67785a4 chore(deps): update all non-major dependencies (#1285)

d9dd73f Add templ XML lexer (#1283)

effffdb chore(deps): update all non-major dependencies (#1280)

03236a4 support for PostScript font files (#1282)

e10d532 Fix YAML slash comments with colons (#1278)

v2.26.1

Changelog

56c7702 fix: downgrade go.mod version to 1.25

v2.26.0

Changelog

a4d3f60 feat(chromad): use style counterparts for theme switching

ce159e6 chore: migrate to new bit format

180ea9f perf(colour): replace Sprintf/ParseUint round-trip in NewColour with direct bit arithmetic (#1274)

68a08b0 docs: how to support dynamic theme switching

6fb9d92 feat(html): tag output with style mode

a71fea3 feat(styles): add light/dark mode support

v2.25.0

Changelog

c3826f0 chore: go mod tidy

fb5bc39 fix: emit HTTP body tokens without Coalesce

a3c2946 Improve Nu file detection (#1260)

e841b1a chore(deps): update all non-major dependencies (#1272)

3ed2db8 Add Gemfile.lock lexer (& ruby improvements) (#1269)

41fb546 Add YAML+Jinja lexer (#1268)

e99b881 chore(deps): update all non-major dependencies (#1263)

e67dd2f (Markless) Fix parse issue for embed directives without options (#1266)

dffa370 fix(go): tokenize trailing // as comment instead of consuming next line (#1265)

1cf1560 chore: upgrade to github.com/dlclark/regexp2/v2

2cbcf7b chore: upgrade golangci-lint

786675b chore(deps): update all non-major dependencies (#1257)

235590c feat: add JSONL support to JSON lexer (#1262)

f9b5c97 fix(dart): match single-line comments without trailing newline (#1225) (#1261)

097f8e9 Mention Arturo in README (#1256)

d46ce60 feat(markdown): highlight frontmatter and comments (#1245)

f786b2a feat(lexers): add support for LilyPond (#1255)

0a02b98 chore(deps): update actions/checkout digest to de0fac2 (#1212)

c55009e Fix AGENTS.md referencing a non-existent scripts directory (#1231)

c5e763e Improve protobuf lexer (#1253)

113cd0e Add Arturo lexer (#1232)

4498d71 chore(deps): update dependency binaryen to v129 (#1238)

885f912 Added f4 to "Projects using Chroma" list (#1242)

... (truncated)

Commits

a6d00fe fix(html): make mode class output opt-in via WithModeClasses
f52d015 chore: some house-keeping
f08a9ab chore: add fmt + test to BUILD.bit
6da8f88 fix(yaml): comments can be key-values (#1289)
67785a4 chore(deps): update all non-major dependencies (#1285)
d9dd73f Add templ XML lexer (#1283)
effffdb chore(deps): update all non-major dependencies (#1280)
03236a4 support for PostScript font files (#1282)
e10d532 Fix YAML slash comments with colons (#1278)
56c7702 fix: downgrade go.mod version to 1.25
Additional commits viewable in compare view

Updates github.com/charmbracelet/openai-go from 0.0.0-20260319145158-d0740cc34266 to 0.0.0-20260617131321-5e4b9c18c4be

Commits

See full diff in compare view

Updates github.com/charmbracelet/ultraviolet from 0.0.0-20260205113103-524a6607adb8 to 0.0.0-20260525132238-948f4557a654

Commits

See full diff in compare view

Updates github.com/charmbracelet/x/ansi from 0.11.6 to 0.11.7

Commits

6921c75 fix(ansi): width: always use grapheme finder for width calculation
266cf5a chore(deps): bump the all group across 1 directory with 2 updates (#836)
ad0b1ae chore(scripts): update builds script to use codecov v6 and dependabot/fetch-m...
b18aac2 chore(deps): bump golang.org/x/image in /vttest in the all group (#840)
ffd2a07 chore(deps): bump golang.org/x/image in /mosaic in the all group (#839)
7664402 chore(deps): bump golang.org/x/sys in /input in the all group (#833)
44f725f chore(deps): bump github.com/mattn/go-runewidth (#838)
ac9fd4b chore(deps): bump github.com/mattn/go-runewidth (#837)
e969fb5 chore(deps): bump golang.org/x/sys in /termios in the all group (#828)
acb1aa7 chore(deps): bump golang.org/x/crypto in /sshkey in the all group (#835)
Additional commits viewable in compare view

Updates github.com/charmbracelet/x/powernap from 0.1.3 to 0.1.6

Commits

009e633 feat(powernap): add PrepareCallHierarchy, IncomingCalls, and OutgoingCalls to...
dfda68f feat(powernap): add RequestRename, RequestDocumentSymbols, and RequestDefinit...
abeec2b chore(deps): bump golang.org/x/image in /vttest in the all group (#877)
fd60afa chore(deps): bump golang.org/x/image in /mosaic in the all group (#876)
b161c9e chore(deps): bump golang.org/x/crypto in /sshkey in the all group (#875)
e479909 chore(deps): bump golang.org/x/sys in /input in the all group (#871)
b769266 chore(deps): bump golang.org/x/sys in /conpty in the all group (#874)
b74d1e7 chore(deps): bump golang.org/x/sys in /term in the all group (#872)
5a71a6c chore(deps): bump golang.org/x/sys in /xpty in the all group (#870)
c62aec6 chore(deps): bump golang.org/x/sys in /termios in the all group (#869)
Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.17.1 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

v5: plumbing: transport/ssh, Shell-quote path by @hiddeco in go-git/go-git#2068

v5: git: submodule, Fix relative URL resolution by @hiddeco in go-git/go-git#2070

v5: git: submodule, canonical remote for relative URLs by @hiddeco in go-git/go-git#2074

v5: git: submodule, error on remote without URLs by @hiddeco in go-git/go-git#2078

v5: plumbing: format/idxfile, Validate offset64 indices by @hiddeco in go-git/go-git#2084

v5: *: Reject malformed variable-length integers by @hiddeco in go-git/go-git#2092

v5: plumbing: format/packfile, Tighten delta validation by @hiddeco in go-git/go-git#2091

v5: Add worktreeFilesystem wrapper for worktree and hardening by @hiddeco in go-git/go-git#2100

v5: config: validate submodule names by @hiddeco in go-git/go-git#2082

build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2111

v5: git: Allow MkdirAll on worktree-root paths by @hiddeco in go-git/go-git#2117

v5: git: Stop validating symlink target paths by @pjbgf in go-git/go-git#2116

v5: plumbing: format decoder input bounds and contracts by @hiddeco in go-git/go-git#2125

plumbing: format/packfile, cap delta chain depth in parser by @pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#2010

v5: Bump sha1cd and go-billy by @pjbgf in go-git/go-git#2060

v5: Align object encoding with upstream by @pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

plumbing: transport/http, Add support for followRedirects policy by @pjbgf in go-git/go-git#2004

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1941

dotgit: skip writing pack files that already exist on disk by @pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

Commits

3c3be60 Merge pull request #2137 from go-git/validate-v5
3fba897 plumbing: format/packfile, cap delta chain depth in parser
a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
aeaa125 plumbing: format/objfile, require Header before Read
1f38e17 plumbing: format/packfile, bound inflate size
f7545a0 plumbing: format/idxfile, bound nr by file size
170b881 Merge pull request #2116 from pjbgf/symlink-v5
7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
f0709b3 git: Stop validating symlink target paths
776d00f git: Allow MkdirAll on worktree-root paths
Additional commits viewable in compare view

Updates github.com/invopop/jsonschema from 0.13.0 to 0.14.0

Release notes

Sourced from github.com/invopop/jsonschema's releases.

v0.14.0

What's Changed

Upgrade to golangci-lint v2 by @samlown in invopop/jsonschema#187

Bump minimum Go version to 1.24 by @samlown in invopop/jsonschema#188

Support omitzero json tags by @YvanGuidoin in invopop/jsonschema#161

feat: Respect json:",string" for integer fields in generated schema by @fengxsong in invopop/jsonschema#183

Split jsonschema_extras only on unescaped commas by @liorokman in invopop/jsonschema#173

Fix nil pointer dereference in ReflectFromType with ExpandedStruct (fix #163) by @edznux-dd in invopop/jsonschema#186

Replace wk8/go-ordered-map with pb33f/ordered-map by @samlown in invopop/jsonschema#189

New Contributors

@YvanGuidoin made their first contribution in invopop/jsonschema#161

@fengxsong made their first contribution in invopop/jsonschema#183

@liorokman made their first contribution in invopop/jsonschema#173

@edznux-dd made their first contribution in invopop/jsonschema#186

Full Changelog: invopop/jsonschema@v0.13.0...v0.14.0

Commits

2c57d60 Merge pull request #189 from invopop/replace-wk8-with-pb33f-ordered-map
d8cc8eb Replace wk8/go-ordered-map with pb33f/ordered-map
0d5bd75 Merge pull request #186 from edznux-dd/fix/expanded-struct-nil-deref
3d69373 Merge pull request #173 from liorokman/escape-extras-tags
b43264d Silence revive unused-parameter on fuzz callback
7b21bb5 Merge remote-tracking branch 'origin/main' into pr-186-expanded-struct
0487398 Fix ExtraWithComman typo in test struct field
bc93236 Merge remote-tracking branch 'origin/main' into pr-173-escape-extras
d39f13c Merge pull request #183 from fengxsong/feat/reflect-json-string-for-integers
f2e2b91 Extend json:",string" support to number and boolean fields
Additional commits viewable in compare view

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.22

Commits

9a68506 Fix isCygwinPipeName to accept Windows 7 trailing suffix (#90)
4237fb1 Update Go test matrix to current versions (1.24-1.26)
433c12b Update GitHub Actions to latest versions
1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
ac9c88d Fix typo in comment: undocomented -> undocumented
8b7124e Add availability check for NtQueryObject in init
08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
See full diff in compare view

Updates github.com/modelcontextprotocol/go-sdk from 1.4.1 to 1.6.1

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.6.1

This release adds an MCPGODEBUG flag to opt out of the Content-Type check on POST requests.

Behavior Changes

Prior to v1.6.0 (v1.4.0...v1.5.0), the Content-Type check on POST requests was gated by the same disablecrossoriginprotection MCPGODEBUG flag as the cross-origin protection. In v1.6.0, the cross-origin protection was disabled by default (replaced by the opt-in enableoriginverification flag), but the Content-Type check was kept on unconditionally, leaving no way to disable it. This release restores an escape hatch for both the Streamable HTTP and SSE transports: setting MCPGODEBUG=disablecontenttypecheck=1 skips the Content-Type: application/json validation on POST requests. See #957.

What's Changed

mcp: add MCPGPDEBUG for opt-in Content-Type check by @guglielmo-san in modelcontextprotocol/go-sdk#972

Full Changelog: modelcontextprotocol/go-sdk@v1.6.0...v1.6.1

v1.6.0

This release is equivalent to v1.6.0-pre.1. Thank you to those who tested the pre-release.

In this release we introduce several smaller fixes and improvements, and we started working for release 2026-06-30. The main new feature is the introduction of ClientCredentialsHandler for OAuth client credentials grant.

Add ClientCredentialsHandler for OAuth client credentials grant

Added ClientCredentialsHandler implementing auth.OAuthHandler using the OAuth 2.0 Client Credentials grant (RFC 6749 Section 4.4) for service-to-service authentication with pre-registered credentials.

extauth: add ClientCredentialsHandler for OAuth client credentials grant by @ravyg in modelcontextprotocol/go-sdk#895

2026-06-30 Release related PRs

feat: add automatic application_type inference by @guglielmo-san in modelcontextprotocol/go-sdk#904

New application_type field is added to the ClientRegistrationMetadata for DynamicClientRegistration. If not specified, the application_type will be inferred from the RedirectURIs. This implements SEP-837.

feat: HTTP Header Standardization for method and name by @guglielmo-san in modelcontextprotocol/go-sdk#907

By mirroring key fields from the JSON-RPC payload into HTTP headers, network intermediaries such as load balancers, proxies, and observability tools can route and process MCP traffic without deep packet inspection, reducing latency and computational overhead. This partially implements SEP-2243.

Behavior Changes

SetError Behavior Change

Previously the SetError method on CallToolResult always overwrote the Content field with the error text. Now SetError preserves the existing value if it has already been populated. You can restore the previous behavior by setting the environment variable seterroroverwrite=1.

mcp: preserve existing Content in SetError by @ravyg in modelcontextprotocol/go-sdk#864

Cross-Origin Protection Default Change

Previously (v1.4.1-v1.5.0) default (zero-value) cross-origin protection was applied when CrossOriginProtection in StreamableHTTPOptions was nil. Now cross-origin protection is not enabled by default when CrossOriginProtection is nil. You can restore the previous behavior (enable by default) by setting enableoriginverification=1.

mcp: remove default cross origin protection by @maciej-kisiel in modelcontextprotocol/go-sdk#906

... (truncated)

Commits

d454bba mcp: add MCPGPDEBUG for opt-in Content-Type check (#972)
f5f2015 MCPGODEBUG update for 1.6.0 (#893)
e01639a feat: HTTP Header Standardization for method and name (#907)
93a41b2 internal/jsonrpc2: remove unused code (#910)
446beae mcp: Upgrade jsonschema-go (#912)
2e21834 extauth: add ClientCredentialsHandler for OAuth client credentials grant (#895)
2643b22 feat: add automatic application_type inference (#904)
db50910 mcp: do not re-prompt OAuth after cancelled Authorize (#885)
5f2cd8f mcp: preserve transport errors in Write error chain...
Description has been truncated

Bumps the all group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [charm.land/bubbletea/v2](https://github.com/charmbracelet/bubbletea) | `2.0.2` | `2.0.7` | | [charm.land/catwalk](https://github.com/charmbracelet/catwalk) | `0.33.2` | `0.45.1` | | [charm.land/fantasy](https://github.com/charmbracelet/fantasy) | `0.17.1` | `0.33.1` | | [charm.land/glamour/v2](https://github.com/charmbracelet/glamour) | `2.0.0` | `2.0.1` | | [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) | `2.23.1` | `2.27.0` | | [github.com/charmbracelet/x/powernap](https://github.com/charmbracelet/x) | `0.1.3` | `0.1.6` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.17.1` | `5.19.1` | | [github.com/invopop/jsonschema](https://github.com/invopop/jsonschema) | `0.13.0` | `0.14.0` | | [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) | `0.0.20` | `0.0.22` | | [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) | `1.4.1` | `1.6.1` | | [github.com/ncruces/go-sqlite3](https://github.com/ncruces/go-sqlite3) | `0.33.2` | `0.35.1` | | [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go) | `1.11.2` | `1.16.1` | | [github.com/pressly/goose/v3](https://github.com/pressly/goose) | `3.27.0` | `3.27.1` | | [github.com/qjebbs/go-jsons](https://github.com/qjebbs/go-jsons) | `1.0.0-alpha.4` | `1.0.0-alpha.6` | | [github.com/sahilm/fuzzy](https://github.com/sahilm/fuzzy) | `0.1.1` | `0.1.3` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.42.0` | `1.44.0` | | [mvdan.cc/sh/v3](https://github.com/mvdan/sh) | `3.13.0` | `3.13.1` | Updates `charm.land/bubbletea/v2` from 2.0.2 to 2.0.7 - [Release notes](https://github.com/charmbracelet/bubbletea/releases) - [Commits](charmbracelet/bubbletea@v2.0.2...v2.0.7) Updates `charm.land/catwalk` from 0.33.2 to 0.45.1 - [Release notes](https://github.com/charmbracelet/catwalk/releases) - [Commits](charmbracelet/catwalk@v0.33.2...v0.45.1) Updates `charm.land/fantasy` from 0.17.1 to 0.33.1 - [Release notes](https://github.com/charmbracelet/fantasy/releases) - [Commits](charmbracelet/fantasy@v0.17.1...v0.33.1) Updates `charm.land/glamour/v2` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/charmbracelet/glamour/releases) - [Commits](charmbracelet/glamour@v2.0.0...v2.0.1) Updates `charm.land/lipgloss/v2` from 2.0.2 to 2.0.4 - [Release notes](https://github.com/charmbracelet/lipgloss/releases) - [Commits](charmbracelet/lipgloss@v2.0.2...v2.0.4) Updates `github.com/alecthomas/chroma/v2` from 2.23.1 to 2.27.0 - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](alecthomas/chroma@v2.23.1...v2.27.0) Updates `github.com/charmbracelet/openai-go` from 0.0.0-20260319145158-d0740cc34266 to 0.0.0-20260617131321-5e4b9c18c4be - [Changelog](https://github.com/charmbracelet/openai-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/charmbracelet/openai-go/commits) Updates `github.com/charmbracelet/ultraviolet` from 0.0.0-20260205113103-524a6607adb8 to 0.0.0-20260525132238-948f4557a654 - [Commits](https://github.com/charmbracelet/ultraviolet/commits) Updates `github.com/charmbracelet/x/ansi` from 0.11.6 to 0.11.7 - [Commits](charmbracelet/x@ansi/v0.11.6...ansi/v0.11.7) Updates `github.com/charmbracelet/x/powernap` from 0.1.3 to 0.1.6 - [Commits](charmbracelet/x@ansi/v0.1.3...powernap/v0.1.6) Updates `github.com/go-git/go-git/v5` from 5.17.1 to 5.19.1 - [Release notes](https://github.com/go-git/go-git/releases) - [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md) - [Commits](go-git/go-git@v5.17.1...v5.19.1) Updates `github.com/invopop/jsonschema` from 0.13.0 to 0.14.0 - [Release notes](https://github.com/invopop/jsonschema/releases) - [Commits](invopop/jsonschema@v0.13.0...v0.14.0) Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.22 - [Commits](mattn/go-isatty@v0.0.20...v0.0.22) Updates `github.com/modelcontextprotocol/go-sdk` from 1.4.1 to 1.6.1 - [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases) - [Commits](modelcontextprotocol/go-sdk@v1.4.1...v1.6.1) Updates `github.com/ncruces/go-sqlite3` from 0.33.2 to 0.35.1 - [Release notes](https://github.com/ncruces/go-sqlite3/releases) - [Commits](ncruces/go-sqlite3@v0.33.2...v0.35.1) Updates `github.com/posthog/posthog-go` from 1.11.2 to 1.16.1 - [Release notes](https://github.com/posthog/posthog-go/releases) - [Changelog](https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md) - [Commits](PostHog/posthog-go@v1.11.2...v1.16.1) Updates `github.com/pressly/goose/v3` from 3.27.0 to 3.27.1 - [Release notes](https://github.com/pressly/goose/releases) - [Changelog](https://github.com/pressly/goose/blob/main/CHANGELOG.md) - [Commits](pressly/goose@v3.27.0...v3.27.1) Updates `github.com/qjebbs/go-jsons` from 1.0.0-alpha.4 to 1.0.0-alpha.6 - [Commits](qjebbs/go-jsons@v1.0.0-alpha.4...v1.0.0-alpha.6) Updates `github.com/sahilm/fuzzy` from 0.1.1 to 0.1.3 - [Release notes](https://github.com/sahilm/fuzzy/releases) - [Commits](sahilm/fuzzy@v0.1.1...v0.1.3) Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.42.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.42.0...v1.44.0) Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `golang.org/x/net` from 0.52.0 to 0.56.0 - [Commits](golang/net@v0.52.0...v0.56.0) Updates `golang.org/x/sync` from 0.20.0 to 0.21.0 - [Commits](golang/sync@v0.20.0...v0.21.0) Updates `golang.org/x/sys` from 0.42.0 to 0.46.0 - [Commits](golang/sys@v0.42.0...v0.46.0) Updates `golang.org/x/text` from 0.35.0 to 0.38.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.35.0...v0.38.0) Updates `modernc.org/sqlite` from 1.48.0 to 1.49.1 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.0...v1.49.1) Updates `mvdan.cc/sh/v3` from 3.13.0 to 3.13.1 - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](mvdan/sh@v3.13.0...v3.13.1) --- updated-dependencies: - dependency-name: charm.land/bubbletea/v2 dependency-version: 2.0.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/catwalk dependency-version: 0.45.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: charm.land/fantasy dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: charm.land/glamour/v2 dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: charm.land/lipgloss/v2 dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.27.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/charmbracelet/openai-go dependency-version: 0.0.0-20260617131321-5e4b9c18c4be dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/charmbracelet/ultraviolet dependency-version: 0.0.0-20260525132238-948f4557a654 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/charmbracelet/x/ansi dependency-version: 0.11.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/charmbracelet/x/powernap dependency-version: 0.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.19.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/invopop/jsonschema dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/mattn/go-isatty dependency-version: 0.0.22 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/modelcontextprotocol/go-sdk dependency-version: 1.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/ncruces/go-sqlite3 dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/posthog/posthog-go dependency-version: 1.16.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/pressly/goose/v3 dependency-version: 3.27.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/qjebbs/go-jsons dependency-version: 1.0.0-alpha.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sahilm/fuzzy dependency-version: 0.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/net dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sync dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sys dependency-version: 0.46.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/text dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: modernc.org/sqlite dependency-version: 1.49.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: mvdan.cc/sh/v3 dependency-version: 3.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-22T09:18:58Z

Labels

The following labels could not be found: area: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all group across 1 directory with 29 updates#17

chore(deps): bump the all group across 1 directory with 29 updates#17
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-21afb21fbc

dependabot Bot commented on behalf of github Jun 22, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 22, 2026

v2.0.7

A few lil’ stability patches

Changelog

Fixed

v2.0.6

v2.0.5

v2.0.4

v0.45.1

Changelog

Other stuff

v0.45.0

Changelog

New!

Other stuff

v0.33.1

Changelog

Fixed

Other stuff

v0.33.0

Changelog

New!

Other stuff

v0.32.0

Changelog

New!

Other stuff

v0.31.1

Changelog

Fixed

Other stuff

v2.0.1

Changelog

Bug fixes

Other work

v2.0.4

Mini Crash Patch

Changelog

Fixed

Docs

Chore

v2.0.3

Changelog

Fixed

Docs

v2.27.0

Changelog

v2.26.1

Changelog

v2.26.0

Changelog

v2.25.0

Changelog

v5.19.1

What's Changed

v5.19.0

What's Changed

v5.18.0

What's Changed

v5.17.2

What's Changed

v0.14.0

What's Changed

New Contributors

v1.6.1

Behavior Changes

What's Changed

v1.6.0

Add ClientCredentialsHandler for OAuth client credentials grant

2026-06-30 Release related PRs

Behavior Changes

SetError Behavior Change

Cross-Origin Protection Default Change

Uh oh!

dependabot Bot commented on behalf of github Jun 22, 2026

Labels

Uh oh!

Reviewers

Assignees

Add `ClientCredentialsHandler` for OAuth client credentials grant

`SetError` Behavior Change