Skip to content

Update dependencies across npm_and_yarn and go_modules groups#2189

Open
zongruxie wants to merge 43 commits intogithub:mainfrom
zongruxie:main
Open

Update dependencies across npm_and_yarn and go_modules groups#2189
zongruxie wants to merge 43 commits intogithub:mainfrom
zongruxie:main

Conversation

@zongruxie
Copy link

@zongruxie zongruxie commented Mar 9, 2026
edited
Loading

Summary

Why

Fixes #

What changed

MCP impact

  • No tool or API changes
  • Tool schema or behavior changed
  • New tool added

Prompts tested (tool changes only)

Security / limits

  • No security or limits impact
  • Auth / permissions considered
  • Data exposure, filtering, or token/size limits considered

Tool renaming

  • I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
    • I have added the new tool aliases in deprecated_tool_aliases.go
  • I am not renaming tools as part of this PR

Note: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.

Lint & tests

  • Linted locally with ./script/lint
  • Tested locally with ./script/test

Docs

  • Not needed
  • Updated (README / docs / examples)
dependabot bot and others added 30 commits February 25, 2026 18:04
@dependabot
build(deps): bump hono
581ac9e 
Bumps the npm_and_yarn group with 1 update in the /ui directory: [hono](https://github.com/honojs/hono). Updates `hono` from 4.12.0 to 4.12.2 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.0...v4.12.2) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump github.com/modelcontextprotocol/go-sdk
ef1d7df 
Bumps the go_modules group with 1 update in the / directory: [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk). Updates `github.com/modelcontextprotocol/go-sdk` from 1.3.1-0.20260220105450-b17143f71798 to 1.3.1 - [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases) - [Commits](https://github.com/modelcontextprotocol/go-sdk/commits/v1.3.1) --- updated-dependencies: - dependency-name: github.com/modelcontextprotocol/go-sdk dependency-version: 1.3.1 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
chore: regenerate license files
bdaad2e 
Auto-generated by license-check workflow
@zongruxie
Merge pull request #2 from zongruxie/dependabot/go_modules/go_modules…
216202c 
…-d245a9768d build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.3.1-0.20260220105450-b17143f71798 to 1.3.1 in the go_modules group across 1 directory
@zongruxie
Merge pull request #1 from zongruxie/dependabot/npm_and_yarn/ui/npm_a…
d6ff96c 
…nd_yarn-ccf8cbde5a build(deps): bump hono from 4.12.0 to 4.12.2 in /ui in the npm_and_yarn group across 1 directory
@dependabot
build(deps): bump rollup
1588cb6 
Bumps the npm_and_yarn group with 1 update in the /ui directory: [rollup](https://github.com/rollup/rollup). Updates `rollup` from 4.57.1 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.1...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
@zongruxie
Merge pull request #3 from zongruxie/dependabot/npm_and_yarn/ui/npm_a…
30092b9 
…nd_yarn-b2936519f3 build(deps): bump rollup from 4.57.1 to 4.59.0 in /ui in the npm_and_yarn group across 1 directory
@dependabot
build(deps): bump golang from 1.25.7-alpine to 1.26.0-alpine
b94b517 
Bumps golang from 1.25.7-alpine to 1.26.0-alpine. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump reproducible-containers/buildkit-cache-dance
5aaf9d5 
Bumps [reproducible-containers/buildkit-cache-dance](https://github.com/reproducible-containers/buildkit-cache-dance) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/reproducible-containers/buildkit-cache-dance/releases) - [Commits](reproducible-containers/buildkit-cache-dance@6f699a7...1b8ab18) --- updated-dependencies: - dependency-name: reproducible-containers/buildkit-cache-dance dependency-version: 3.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump github.com/modelcontextprotocol/go-sdk
cdef046 
Bumps [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases) - [Commits](modelcontextprotocol/go-sdk@v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: github.com/modelcontextprotocol/go-sdk dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0
e6d8cbe 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.4.0 to 7.0.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@e435ccd...ec59f47) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump node from 20-alpine to 25-alpine
db2a62f 
Bumps node from 20-alpine to 25-alpine. --- updated-dependencies: - dependency-name: node dependency-version: 25-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump actions/setup-node from 4 to 6
2b4c665 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump actions/attest-build-provenance from 3 to 4
5b11d49 
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3 to 4. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v3...v4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump github.com/josephburnett/jd/v2 from 2.4.0 to 2.5.0
9614ae9 
Bumps [github.com/josephburnett/jd/v2](https://github.com/josephburnett/jd) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/josephburnett/jd/releases) - [Changelog](https://github.com/josephburnett/jd/blob/master/RELEASE_NOTES.md) - [Commits](josephburnett/jd@v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: github.com/josephburnett/jd/v2 dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/build-push-action from 6.18.0 to 6.19.2
a4ab1b7 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.18.0 to 6.19.2. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@2634353...10e90e3) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 6.19.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
chore: regenerate license files
a27a1ed 
Auto-generated by license-check workflow
@github-actions
chore: regenerate license files
5fe7b8a 
Auto-generated by license-check workflow
@zongruxie
Merge pull request #9 from zongruxie/dependabot/github_actions/action…
30b0fc1 
…s/setup-node-6 build(deps): bump actions/setup-node from 4 to 6
@zongruxie
Merge pull request #8 from zongruxie/dependabot/docker/node-25-alpine
2ca6f6a 
build(deps): bump node from 20-alpine to 25-alpine
@zongruxie
Merge pull request #6 from zongruxie/dependabot/github_actions/gorele…
3cb0b14 
…aser/goreleaser-action-7.0.0 build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0
@zongruxie
Merge pull request #10 from zongruxie/dependabot/github_actions/actio…
c054080 
…ns/attest-build-provenance-4 build(deps): bump actions/attest-build-provenance from 3 to 4
@zongruxie
Merge pull request #11 from zongruxie/dependabot/go_modules/github.co…
7264719 
…m/josephburnett/jd/v2-2.5.0 build(deps): bump github.com/josephburnett/jd/v2 from 2.4.0 to 2.5.0
@zongruxie
Merge pull request #12 from zongruxie/dependabot/github_actions/docke…
949a5c9 
…r/build-push-action-6.19.2 build(deps): bump docker/build-push-action from 6.18.0 to 6.19.2
@zongruxie
Merge pull request #7 from zongruxie/dependabot/go_modules/github.com…
ffd7dda 
…/modelcontextprotocol/go-sdk-1.4.0 build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.3.1 to 1.4.0
@zongruxie
Merge pull request #5 from zongruxie/dependabot/docker/golang-1.26.0-…
c007a29 
…alpine build(deps): bump golang from 1.25.7-alpine to 1.26.0-alpine
@zongruxie
Merge pull request #4 from zongruxie/dependabot/github_actions/reprod…
2aee3d7 
…ucible-containers/buildkit-cache-dance-3.3.2 build(deps): bump reproducible-containers/buildkit-cache-dance from 3.3.1 to 3.3.2
@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 2 up…
3c92f06 
…dates Bumps the npm_and_yarn group with 2 updates in the /ui directory: [@hono/node-server](https://github.com/honojs/node-server) and [hono](https://github.com/honojs/hono). Updates `@hono/node-server` from 1.19.9 to 1.19.10 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.10) Updates `hono` from 4.12.3 to 4.12.5 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.3...v4.12.5) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
@zongruxie
Merge pull request #13 from zongruxie/dependabot/npm_and_yarn/ui/npm_…
8c117bc 
…and_yarn-dd9dd4266a build(deps): bump the npm_and_yarn group across 1 directory with 2 updates
@dependabot
build(deps): bump express-rate-limit
9d9ad67 
Bumps the npm_and_yarn group with 1 update in the /ui directory: [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit). Updates `express-rate-limit` from 8.2.1 to 8.3.0 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.3.0) --- updated-dependencies: - dependency-name: express-rate-limit dependency-version: 8.3.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot bot and others added 13 commits March 8, 2026 10:03
@dependabot
build(deps): bump node from 18e0265 to 636c5bc
9fb1d6c 
Bumps node from `18e0265` to `636c5bc`. --- updated-dependencies: - dependency-name: node dependency-version: 25-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump golang from 1.26.0-alpine to 1.26.1-alpine
bff8ef7 
Bumps golang from 1.26.0-alpine to 1.26.1-alpine. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.1-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/login-action from 3.7.0 to 4.0.0
636ba77 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...b45d80f) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
d331be2 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0
6002ffa 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...030e881) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0
6031a10 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.19.2 to 7.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@10e90e3...d08e5c3) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@zongruxie
Merge pull request #14 from zongruxie/dependabot/npm_and_yarn/ui/npm_…
73ccd2b 
…and_yarn-765b85a4ff build(deps): bump express-rate-limit from 8.2.1 to 8.3.0 in /ui in the npm_and_yarn group across 1 directory
@zongruxie
Merge pull request #20 from zongruxie/dependabot/github_actions/docke…
f5863db 
…r/build-push-action-7.0.0 build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0
@zongruxie
Merge pull request #19 from zongruxie/dependabot/github_actions/docke…
3f6a9ac 
…r/metadata-action-6.0.0 build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0
@zongruxie
Merge pull request #16 from zongruxie/dependabot/docker/golang-1.26.1…
58b5c76 
…-alpine build(deps): bump golang from 1.26.0-alpine to 1.26.1-alpine
@zongruxie
Merge pull request #17 from zongruxie/dependabot/github_actions/docke…
4dff658 
…r/login-action-4.0.0 build(deps): bump docker/login-action from 3.7.0 to 4.0.0
@zongruxie
Merge pull request #18 from zongruxie/dependabot/github_actions/docke…
a265741 
…r/setup-buildx-action-4.0.0 build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
@zongruxie
Merge pull request #15 from zongruxie/dependabot/docker/node-636c5bc
af0f603 
build(deps): bump node from `18e0265` to `636c5bc`
@zongruxie zongruxie requested a review from a team as a code owner March 9, 2026 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@zongruxie