Skip to content

chore(deps): bump mcp-atlassian from 0.21.0 to 0.22.0 in /components/runners/ambient-runner in the uv group across 1 directory#1716

Merged
mergify[bot] merged 2 commits into
mainfrom
dependabot/uv/components/runners/ambient-runner/uv-a7c3c80435
Jul 10, 2026
Merged

chore(deps): bump mcp-atlassian from 0.21.0 to 0.22.0 in /components/runners/ambient-runner in the uv group across 1 directory#1716
mergify[bot] merged 2 commits into
mainfrom
dependabot/uv/components/runners/ambient-runner/uv-a7c3c80435

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the uv group with 1 update in the /components/runners/ambient-runner directory: mcp-atlassian.

Updates mcp-atlassian from 0.21.0 to 0.22.0

Release notes

Sourced from mcp-atlassian's releases.

v0.22.0

This release bundles three months of community contributions with a coordinated security hardening pass across the attachment, transport, SSRF-validation, filtering, and OAuth layers.

🔒 Security

A security audit (37 advisories, consolidated into root-cause families) was resolved in this release. Advisories are being published with "fixed in 0.22.0" — highlights:

Each fix ships with permanent regression tests. Thanks to everyone who reported — including overlapping public reports from @​failsafesecurity and @​rober15.

✨ Features

Jira

  • Dedicated assign_issue tool (#1152) and search_assignable_users for free-form user lookup (#1358)
  • jira_move_issue for cross-project moves (#1273) and move_issues_to_backlog (#1333)
  • jira_search_projects using the projects picker API (#1247)
  • update_version tool (#1349)
  • get_issue gains an include param for inline enrichments (#1125)
  • Issue type and field discovery tools (#1123)
  • ADF/markdown: panel nodes (#1219), task lists - [ ] → taskList (#1280), [~accountid:UUID] mentions (#1307), display-name mentions (#1228)
  • account_id exposed in simplified user profiles (#1347)

Confluence

  • Inline comment tools with Server/DC v1 payload fix (#1264)
  • confluence_update_page_section for lossless partial page updates (#1141)
  • content_file input for create/update page (#1275)
  • content_base64 input for upload_attachment — upload from in-memory content when the server can't read host file paths (#1366)
  • Content and space permission checking tools (#1320)
  • get_page resolves Confluence tiny links and page URLs (#1222)
  • Table layout, page width, page restrictions, and copy-page support (#1178)

Server/Transport

  • Opt-in HTTP hardening: urllib3 retries with Retry-After respect, outbound rate limit, process-wide concurrency cap, circuit breaker, and pagination clamp — all disabled by default, tunable via env (#1310)

🐛 Fixed

Jira

  • update_issue: null values clear fields (#1140); loud failure when assignee can't be resolved (#1380); tolerate default comment fields (#1334)
  • Pagination: get_worklogs returns all entries (#1223); newest comments first when limiting (#1218)
  • 'me' identifier in get_user_profile (#1120); sub-task name match preference (#1331); version field allowed in issue field selection (#1227)
  • Version creation uses correct API per deployment (#1339; #1350)
  • Markdown: full table block parsing (#1379); no intraword-underscore italics (#1361)

... (truncated)

Commits
  • b041733 Security hardening across attachment, transport, SSRF, authorization, filter,...
  • 4067d1d feat(jira): add issue type and field discovery tools (closes #460) (#1123)
  • 77002d2 fix: require FastMCP version with event store (#1351)
  • ad50b9e feat: resolve Confluence tiny links and page URLs in get_page (#1222)
  • f67faa9 feat(confluence): add permission checking tools (#1278) (#1320)
  • 5af17d5 feat: opt-in HTTP hardening (retry, rate limit, concurrency cap, circuit brea...
  • efe92c4 fix(jira): allow return 'version' field (#1227)
  • ad6af51 feat(confluence): support base64 content in upload_attachment (#1366)
  • d494634 feat(confluence): table layout, page width exposure, page restrictions, and c...
  • 8184cb7 feat(confluence): add content_file to create/update page tools (#1275)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the uv group with 1 update in the /components/runners/ambient-runner directory: [mcp-atlassian](https://github.com/sooperset/mcp-atlassian).


Updates `mcp-atlassian` from 0.21.0 to 0.22.0
- [Release notes](https://github.com/sooperset/mcp-atlassian/releases)
- [Commits](sooperset/mcp-atlassian@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: mcp-atlassian
  dependency-version: 0.22.0
  dependency-type: direct:production
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@netlify

netlify Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploy Preview for cheerful-kitten-f556a0 canceled.

Name Link
🔨 Latest commit 4ea683a
🔍 Latest deploy log https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/6a517c4ec66e3800084c8faf

@mergify mergify Bot added the queued label Jul 10, 2026
@mergify

mergify Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Merge Queue Status

  • Entered queue2026-07-10 23:38 UTC · Rule: default · triggered by rule autoqueue
  • Checks skipped · PR is already up-to-date
  • Merged2026-07-10 23:38 UTC · at 4ea683a82ae76febd8b85451a6fc96925af76d12 · squash

This pull request spent 13 seconds in the queue, including 2 seconds running CI.

Required conditions to merge

@mergify
mergify Bot merged commit 3e72a42 into main Jul 10, 2026
52 of 54 checks passed
@mergify
mergify Bot deleted the dependabot/uv/components/runners/ambient-runner/uv-a7c3c80435 branch July 10, 2026 23:38
@mergify mergify Bot removed the queued label Jul 10, 2026
@github-actions

Copy link
Copy Markdown
Contributor

⚠️ SDD Preflight — Managed Paths Modified

This PR modifies files in SDD-managed component(s). These components are migrating to Spec-Driven Development.

File Component Mode
components/runners/ambient-runner/pyproject.toml runner warn
components/runners/ambient-runner/uv.lock runner warn

No action required — these components are in warn mode. Consider using the component's agent workflow for future changes.

📖 Specs: Runner Spec · Runner Constitution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants