Skip to content

build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.1.0 to 1.2.0 #4491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.1.0 to 1.2.0 #4491

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 23, 2025

Bumps github.com/modelcontextprotocol/go-sdk from 1.1.0 to 1.2.0.

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.2.0

This release is equivalent to v1.2.0-pre.2. Thank you to those who tested the prerelease.

This release adds partial support for the 2025-11-25 version of the MCP spec and fixes some bugs in the streamable transports. It also includes some minor new APIs, changes to contributing flows, and small bugfixes.

Contributing changes

  • CONTRIBUTING.md is updated to remove the ad-hoc antitrust policy (#651), and add a dependency update policy (#635).
  • An example server (examples/server/conformance) is added for the new conformance tests at modelcontextprotocol/conformance. Test can be run with scripts/conformance.sh (#650).

Partial support for the 2025-11-25 spec

The following SEPs from the 2025-11-25 spec are now supported. Please see modelcontextprotocol/go-sdk#725 for the proposed API additions included to support these SEPs.

Other API additions

  • Common error codes are now available through the sentinel jsonrpc.Error (#452)
  • OAuth 2.0 Protected Resource Metadata support (#643)
  • ClientCapabilities.RootsV2 and RootCapabilities are added to work around an API bug (#607)
  • Capabilities fields are added to ServerOptions and ClientOptions, to simplify capability configuration (#706)

Streamable fixes

Several bug fixes are included for the streamable transports:

Other notable bugfixes

New Contributors

... (truncated)

Commits
  • 411d5a0 mcp: switch icon theme to named string type (#733)
  • 76e6854 docs: add GitHub Pages redirect to latest release documentation (#702)
  • 875d1d3 mcp: don't break the streamable client connection for transient errors (#723)
  • e009bac oauthex: fix content type check in getJSON (#721)
  • 3430e22 mcp: add Capabilities fields to ServerOptions and ClientOptions (#713)
  • bae0929 mcp: address review comments on streamable cleanup (#716)
  • b3399e6 mcp: use args struct for CloseSSEStream (#718)
  • 1a964ae mcp: debounce server change notifications (#717)
  • a5e369e mcp: fix broken client root capabilities (#698)
  • 307e32c oauthex: validate URL schemes in auth server metadata and DCR
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/modelcontextprotocol/go-sdk
227fe75 
Bumps [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases)
- [Commits](modelcontextprotocol/go-sdk@v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/modelcontextprotocol/go-sdk
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 23, 2025
@AkihiroSuda
Copy link
Member

AkihiroSuda commented Dec 23, 2025
edited
Loading

https://github.com/lima-vm/lima/actions/runs/20448503639/job/58760691726?pr=4491

# ===== mcp =====
not ok 21 list tools in 150ms
# (from function `__assert_stream' in file hack/bats/lib/bats-assert/src/assert_output.bash, line 246,
#  from function `assert_output' in file hack/bats/lib/bats-assert/src/assert_output.bash, line 125,
#  from function `mcp' in file hack/bats/tests/mcp.bats, line 74,
#  from function `local_setup' in file hack/bats/tests/mcp.bats, line 42,
#  from function `call_local_function' in file hack/bats/tests/../helpers/load.bash, line 52,
#  from function `setup' in test file hack/bats/tests/../helpers/load.bash, line 69)
#   `call_local_function' failed
#
# -- output differs --
# expected : 1
# actual   : null
# --
#

lima/hack/bats/tests/mcp.bats

Lines 59 to 74 in 7c92565

local request
printf -v request '{"jsonrpc":"2.0","id":%d,"method":"%s"}' "$((++ID))" "$method"
if [[ -n $params ]]; then
request=$(json_edit ".params=${params}" <<<"$request")
fi
# send request to MCP server stdin
echo "$request" >&"${MCP[1]}"
# read response from MCP server stdout with 5s timeout
local json
read -t 5 -r json <&"${MCP[0]}"
# verify that the response matches the request; also validates the output is valid JSON
run_yq .id <<<"$json"
assert_output "$ID"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AkihiroSuda