fix(deps): update toolhive#788
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
Contributor
🛡️ Skill Security Scan Results |
Contributor
🔒 MCP Security Scan Results |
renovate
Bot
force-pushed
the
renovate/toolhive
branch
from
July 17, 2026 14:48
0e4645c to
8e40578
Compare
renovate
Bot
force-pushed
the
renovate/toolhive
branch
from
July 17, 2026 17:53
8e40578 to
2a4ef2d
Compare
Contributor
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.38.0→v0.40.0v0.0.28→v0.0.30Release Notes
stacklok/toolhive (github.com/stacklok/toolhive)
v0.40.0Compare Source
🚀 Toolhive v0.40.0 is live!
This release hardens Virtual MCP authorization end-to-end — explicit HTTP 403 denials, a unified authz gate, and complete capability pagination — while laying the groundwork for agentic auth (RFC 8693 token exchange, the MCP 2026-07-28 revision) and moving MCP protocol handling onto the official
modelcontextprotocol/go-sdk. It also fixes network isolation silently breaking--network hostworkloads and closes an SSRF gap in upstream Dynamic Client Registration.🆕 New Features
sub) and the acting agent (act.sub) — the foundation for agentic delegation (not yet wired into the server) (#5822).Mcp-Method/Mcp-Nameheader and_metavocabulary, andserver/discover/subscriptions/listenauthz registration — dormant until later slices wire it into proxy routing, with no change to existing traffic (#5834).🐛 Bug Fixes
tools/call,resources/read, orprompts/get, instead of a misleading-32602"not found" at HTTP 200 — and records the denial asdeniedin the audit log (#5841).thv run --network hostno longer silently loses outbound connectivity: network isolation (on by default) is dropped for host/none networking with a warning, and explicitly combining--isolate-network=truewith--network hostnow fails fast with an actionable error instead of starting a broken workload (#5794).execute_tool_scriptnow fails loudly instead of being silently shadowed by the code-mode virtual tool (#5850).allow_private_ipssetting (#5826).🧹 Misc
mark3labs/mcp-goto the go-sdk-backedtoolhive-core/mcpcompatcompatibility shim (a pure, atomic import swap with no call-site logic changes), moving ToolHive onto the officialmodelcontextprotocol/go-sdk. Note: the stdio bridge currently forwards only progress/message notifications, sotools/list_changedand similar notifications are dropped — dynamic-capability servers may show stale lists until clients re-list (#5729).task testpasses on macOS (/var→/private/var); product code is unchanged (#5849).📦 Dependencies
github.com/stacklok/toolhive-coregithub.com/stacklok/toolhive-cataloggithub/codeql-action7188fc3golang.org/x/exp/jsonrpc29ea1abeFull commit log
What's Changed
Full Changelog: stacklok/toolhive@v0.39.0...v0.40.0
v0.39.0Compare Source
What's Changed
Full Changelog: stacklok/toolhive@v0.38.0...v0.39.0
stacklok/toolhive-core (github.com/stacklok/toolhive-core)
v0.0.30Compare Source
Add per-session prompt support (SessionWithPrompts) so consumers can inject prompts per session that are served by both prompts/list and prompts/get. See #172.
v0.0.29Compare Source
What's Changed
New Contributors
Full Changelog: stacklok/toolhive-core@v0.0.28...v0.0.29
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.