Open
Conversation
Author
ℹ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
f6f7a26 to
20f6b3a
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
3109c88 to
f409e4a
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
708fbf4 to
ab72ecb
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
493c092 to
8a6635a
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
0f932de to
d1896ec
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
d1896ec to
f4ac612
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
3eea4f4 to
1af12fd
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
5 times, most recently
from
14ddd51 to
56f7fbf
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
56f7fbf to
17fee4a
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
b1d66cb to
80ab3e4
Compare
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
80ab3e4 to
7eb4720
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.23.4→2.28.1v1.3.1→v1.4.01.24.1→1.26.01.24.1→1.26.01.64.6→1.64.822.19.0→22.22.0Release Notes
onsi/ginkgo (ginkgo)
v2.28.1Compare Source
Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.
v2.28.0Compare Source
Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:
can be filtered in or out with an invocation like:
ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"Huge thanks to @Icarus9913 for working on this!
v2.27.5Compare Source
Fixes
Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory
v2.27.4Compare Source
Fixes
59bc751]v2.27.3Compare Source
Fixes
report exit result in case of failure [
1c9f356]fix data race [
ece19c8]v2.27.2Compare Source
Fixes
a69113a]Maintenance
a99c6e0]f993df5]v2.27.1Compare Source
Fixes
606c1cb]a6463b3]v2.27.0Compare Source
Features
Transforming Nodes during Tree Construction
This release adds support for
NodeArgsTransformers that can be registered withAddTreeConstructionNodeArgsTransformer.These are called during the tree construction phase as nodes are constructed and can modify the node strings and decorators. This enables frameworks built on top of Ginkgo to modify Ginkgo nodes and enforce conventions.
Learn more here.
Spec Prioritization
A new
SpecPriority(int)decorator has been added. Ginkgo will honor priority when ordering specs, ensuring that higher priority specs start running before lower priority specsLearn more here.
Maintenance
1333dae]17ae63e]v2.26.0Compare Source
Features
Ginkgo can now generate json-formatted reports that are compatible with the
go testjson format. Useginkgo --gojson-report=report.go.json. This is not intended to be a replacement for Ginkgo's native json format which is more information rich and better models Ginkgo's test structure semantics.v2.25.3Compare Source
Fixes
f01aed1]v2.25.2Compare Source
Fixes
Add github output group for progress report content
Maintenance
Bump Gomega
v2.25.1Compare Source
Fixes
10866d3]2e42cff]v2.25.0Compare Source
AroundNodeThis release introduces a new decorator to support more complex spec setup usecases.
AroundNoderegisters a function that runs before each individual node. This is considered a more advanced decorator.Please read the docs for more information and some examples.
Allowed signatures:
AroundNode(func())-funcwill be called before the node is run.AroundNode(func(ctx context.Context) context.Context)-funccan wrap the passed in context and return a new one which will be passed on to the node.AroundNode(func(ctx context.Context, body func(ctx context.Context)))-ctxis the context for the node andbodyis a function that must be called to run the node. This gives you complete control over what runs before and after the node.Multiple
AroundNodedecorators can be applied to a single node and they will run in the order they are applied.Unlike setup nodes like
BeforeEachandDeferCleanup,AroundNodeis guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can callruntime.LockOSThread()in theAroundNodeto ensure that the node runs on a single thread).Since
AroundNodeallows you to modify the context you can also useAroundNodeto implement shared setup that attaches values to the context.If applied to a container,
AroundNodewill run before every node in the container. Including setup nodes likeBeforeEachandDeferCleanup.AroundNodecan also be applied toRunSpecsto run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.v2.24.0Compare Source
Features
Specs can now be decorated with (e.g.)
SemVerConstraint("2.1.0")andginkgo --sem-ver-filter="2.1.1"will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @Icarus9913 for the PR.Fixes
3f5d379]. fixes #1582Maintenance
Numerous dependency bumps and documentation fixes
modelcontextprotocol/go-sdk (github.com/modelcontextprotocol/go-sdk)
v1.4.0Compare Source
This release marks the completion of the full 2025-11-25 specification implementation, by introducing the support for Sampling with Tools and experimental client-side OAuth support. It also contains multiple bug fixes and improvements. Thanks to all contributors!
Client-side OAuth support
This release introduces experimental support for OAuth on the client side of the SDK. It aims to support the full scope of the current MCP specification for authorization. To use it, you need to compile the SDK with the
-tags mcp_go_client_oauthflag. Some changes may still be applied to this new API, based on developer feedback. The functionality is planned to become stable inv1.5.0release, expected by the end of March 2026. More details can be found at https://github.com/modelcontextprotocol/go-sdk/blob/main/docs/protocol.md#client.Sampling with Tools
Starting from this release, the server use the new
CreateMessageWithToolsmethod to create a sampling request to the client that contains tools that can be used by the client. On the client side,CreateMessageWithToolsHandlermay be used to handle such requests and issueToolUseresponses to the server.Behavior changes
We have two important behavior changes that were introduced to fix a bug or improve security posture. They can be temporarily turned off by specifying a special
MCPGODEBUGenvironment variable when running the SDK. Different options can be added together, separated by a comma.Introduced DNS rebinding protection (
MCPGODEBUG=disablelocalhostprotection=1)The requests arriving via a localhost address (127.0.0.1, [::1]) that have a non-localhost
Hostheader will be rejected to protect against DNS rebinding attacks. The option to remove this protection will be removed inv1.6.0.Removed JSON content escaping when marshaling (
MCPGODEBUG=jsonescaping=1):By default
encoding/jsonescapes the contents of the objects, which causes some servers to fail. We switched to no escaping by default. The option to bring back the escaping will be removed inv1.6.0.Bug fixes
Security vulnerability caused by the case insensitive parsing behavior of
encoding/jsonhas been submitted (also release as a cherry pick inv1.3.1). Security advisory has been posted.Other fixes:
Enhancements
Notably, the SDK now supports the
extensionsfield in client and server capabilities, which should enable creation of MCP Apps.Other enhancements:
Repository organization
Some effort was put into better organization of the repository, as well as making sure it's up to date and secure. As a highlight, the repository is not integrated with OSSF Scorecard with a positive score of 8.7. Additionally, the full conformance test suite is now run on every PR and push to main.
dns-rebinding-protectionscenario as failing by @maciej-kisiel in #775New Contributors
Full Changelog: modelcontextprotocol/go-sdk@v1.3.0...v1.4.0
golang/go (go)
v1.26.0v1.25.7v1.25.6v1.25.5v1.25.4v1.25.3v1.25.2v1.25.1v1.25.0v1.24.13v1.24.12v1.24.11v1.24.10v1.24.9v1.24.8v1.24.7v1.24.6v1.24.5v1.24.4v1.24.3v1.24.2golangci/golangci-lint (golangci-lint)
v1.64.8Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
8b37f14fix: check version of the configuration (#5564)v1.64.7Compare Source
golangci-lintis a free and open-source project built by volunteers.If you value it, consider supporting us, the maintainers and linter authors.
We appreciate it! ❤️
For key updates, see the changelog.
Changelog
94946f3build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.2.0 to 2.2.1 (#5509)132365ebuild(deps): bump github.com/golangci/dupl from3e9179atof665c8d(#5512)bddd1bcbuild(deps): bump github.com/securego/gosec/v2 from 2.22.1 to 2.22.2 (#5515)624fb4ebuild(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#5507)8cffdb7build(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 in /scripts/gen_github_action_config in the scripts group (#5521)7a3f3d7build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#5508)c13fd5bbuild(deps): bump honnef.co/go/tools from 0.6.0 to 0.6.1 (#5510)nodejs/node (node)
v22.22.0: 2026-01-13, Version 22.22.0 'Jod' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
6badf4e6f4] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #6099737509c3ff0] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#791eb8e41f8db] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797ebbf942a83] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#7486b4849583a] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760ddadc31f09] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#773d4d9f3915f] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75925d6799df6] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v22.21.1: 2025-10-28, Version 22.21.1 'Jod' (LTS), @aduh95Compare Source
Commits
af33e8e668] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #598726764ce8756] - benchmark: update count to n in permission startup (Bruno Rodrigues) #598724e8d99f0dc] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #59872af0a8ba7f8] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #5970878efd1be4a] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #59708df72dc96e9] - console,util: improve array inspection performance (Ruben Bridgewater) #60037ef67d09f50] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #5995823468fd76b] - http2: fix allowHttp1+Upgrade, broken by shouldUpgradeCallback (Tim Perry) #5992456abc4ac76] - lib: optimize priority queue (Gürgün Dayıoğlu) #60039ea5cfd98c5] - lib: implement passive listener behavior per spec (BCD1me) #59995c2dd6eed2f] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #6010381a3055710] - process: fix defaultenvforprocess.execve(Richard Lau) #60029fe492c7ace] - process: fix hrtime fast call signatures (Renegade334) #5960076b4cab8fc] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #6005321970970c7] - src: removeAnalyzeTemporaryDtorsoption from .clang-tidy (iknoom) #60008609c063e81] - src: remove unused variables from report (Moonki Choi) #60047987841a773] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #600526e386c0632] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #60052c3be1226c7] - src: allowstd::string_viewarguments toSPrintF()and friends (Anna Henningsen) #60058764d35647d] - src: remove unnecessarystd::stringerror messages (Anna Henningsen) #600571289ef89ec] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #60056d1fb8a538d] - src: avoid unnecessary string ->char*-> string round trips (Anna Henningsen) #6005554b439fb5a] - src: filloptions_args,options_envafter vectors are finalized (iknoom) #59945c7c597e2ca] - src: use RAII for uv_process_options_t (iknoom) #59945b928ea9716] - test: ensure that the message event is fired (Luigi Pinca) #59952e4b95a5158] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #600244206406694] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #5999626394cd5bf] - test: expand tls-check-server-identity coverage (Diango Gavidia) #60002b58df47995] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #59993af3a59dba8] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #59974cee362242b] - timers: fix binding fast call signatures (Renegade334) #5960040fea57fdd] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #59128aac90d351b] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #601139fae03c7d9] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #5997881548abdf6] - wasi: fix WasiFunction fast call signature (Renegade334) #59600v22.21.0: 2025-10-20, Version 22.21.0 'Jod' (LTS), @aduh95Compare Source
Notable Changes
1486fedea1] - (SEMVER-MINOR) cli: add--use-env-proxy(Joyee Cheung) #59151bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch underNODE_USE_ENV_PROXY(Joyee Cheung) #57165af8b5fa29d] - (SEMVER-MINOR) http: addshouldUpgradeCallbackto let servers control HTTP upgrades (Tim Perry) #5982442102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support inhttp/https.requestandAgent(Joyee Cheung) #58980686ac49b82] - (SEMVER-MINOR) src: add percentage support to--max-old-space-size(Asaf Federman) #59082Commits
a71dd592e3] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #5969616c4b466f4] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #5983653cb9f3b6c] - build: add the missing macro definitions for OpenHarmony (hqzing) #59804ec5290fe01] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #598091486fedea1] - (SEMVER-MINOR) cli: add --use-env-proxy (Joyee Cheung) #591511f93913446] - crypto: usereturn awaitwhen returning Promises from async functions (Renegade334) #59841f488b2ff73] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #59841aed9fd5ac4] - crypto: avoid calls topromise.catch()(Renegade334) #5984137c2d186f0] - deps: update amaro to 1.1.4 (pmarchini) #6004428aea13419] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #60101ddbc1aa0bb] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #60101badbba2da9] - deps: update googletest to50b8600(Node.js GitHub Bot) #5995548aaf98a08] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #59901e02a562ea6] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #599017e0e86cb92] - deps: upgrade npm to 10.9.4 (npm team) #6007491dda5facf] - deps: update undici to 6.22.0 (Matteo Collina) #601123a3220a2f0] - dgram: restore buffer optimization in fixBufferList (Yoo) #5993409bdcce6b8] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #59910b3eeb3bd13] - doc: provide alternative tourl.parse()using WHATWG URL (Steven) #597361ddaab1904] - doc: mention reverse proxy and include simple example (Steven) #597363b3b71e99c] - doc: mark.envfiles support as stable (Santeri Hiltunen) #59925d37f67d1bd] - doc: remove optional title prefixes (Aviv Keller) #60087ca2dff63f9] - doc: fix typo on child_process.md (Angelo Gazzola) #601143fca564a05] - doc: add automated migration info to deprecations (Augustin Mauroy) #600224bc366fc16] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #599544808dbdd9a] - doc: fix typo in section on microtask order (Tobias Nießen) #59932d6e303d645] - doc: update V8 fast API guidance (René) #589990a3a3f729e] - doc: add security escalation policy (Ulises Gascón) #598068fd669c70d] - doc: type improvement of filehttp.md(yusheng chen) #581899833dc6060] - doc: rephrase dynamic import() description (Nam Yooseong) #592242870a73681] - doc,crypto: update subtle.generateKey and subtle.importKey (Filip Skokan) #5985185818db93c] - fs,win: do not add a second trailing slash in readdir (Gerhard Stöbich) #59847bedaaa11fc] - (SEMVER-MINOR) http: support http proxy for fetch under NODE_USE_ENV_PROXY (Joyee Cheung) #57165af8b5fa29d] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #59824758271ae66] - http: optimize checkIsHttpToken for short strings (방진혁) #5983242102594b1] - (SEMVER-MINOR) http,https: add built-in proxy support in http/https.request and Agent (Joyee Cheung) #58980a33ed9bf96] - inspector: ensure adequate memory allocation forBinary::toBase64(René) #5987034c686be2b] - lib: update inspect output format for subclasses (Miguel Marcondes Filho) #5968712e553529c] - lib: add source map support for assert messages (Chengzhong Wu) #59751d2a70571f8] - lib,src: refactor assert to load error source from memory (Chengzhong Wu) #5975120a9e86b5d] - meta: move Michael to emeritus (Michael Dawson) #60070c591cca15c] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #60089090ba141b1] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #60091a0ba6884a5] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #600920feca0c541] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #600937cd2b42d18] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #600941f3b9d66ac] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #600950fedbb3de7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #6009604590b8267] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #600902bf0a9318f] - meta: add .npmrc with ignore-scripts=true (Joyee Cheung) #59914e10dc7b81c] - module: allow overriding linked requests for a ModuleWrap (Chengzhong Wu) #595272237142369] - module: link module with a module request record (Chengzhong Wu) #588866d24b88fbc] - node-api: added SharedArrayBuffer api (Mert Can Altin) #590714cc84c96f4] - node-api: make napi_delete_reference use node_api_basic_env (Jeetu Suthar) #59684e790eb6b50] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #5985799ea08dc43] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607e4a4f63019] - sqlite: fix crash session extension callbacks with workers (Bart Louwers) #5984842c5544b97] - src: assert memory calc for max-old-space-size-percentage (Asaf Federman) #59460686ac49b82] - (SEMVER-MINOR) src: add percentage support to --max-old-space-size (Asaf Federman) #5908284701ff668] - src: clear all linked module caches once instantiated (Chengzhong Wu) #591178e182e561f] - src: remove unnecessaryEnvironment::GetCurrent()calls (Moonki Choi) #59814c9cde35c4d] - src: simplify is_callable by making it a concept (Tobias Nießen) #58169892b425ee1] - src: rename private fields to follow naming convention (Moonki Choi) #5992336b68db7f5] - src: reduce the nearest parent package JSON cache size (Michael Smith) #5988826b40bad02] - src: replace FIXED_ONE_BYTE_STRING with Environment-cached strings (Moonki Choi) #5989134dcb7dc32] - src: create strings inFIXED_ONE_BYTE_STRINGas internalized (Anna Henningsen) #598264d748add05] - src: removestd::arrayoverload ofFIXED_ONE_BYTE_STRING(Anna Henningsen) [#59826](https://redirect.github.com/nodejs/node/pull/5982Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.