Security: bump actionview, activesupport, mcp, uri

Resolves security vulnerabilities in dependencies:
- actionview: 8.0.2 -> 8.1.3 (GHSA-v55j-83pf-r9cq)
- activesupport: 8.0.2 -> 8.1.3 (GHSA-2j26-frm8-cmj9, GHSA-89vf-4333-qx8v, GHSA-cg4j-q9v8-6v38)
- mcp: 0.1.0 -> 0.9.2 (GHSA-qvqr-5cv7-wh35)
- uri: 1.0.3 -> 1.1.1 (GHSA-j4pr-3wm6-xx2r)

mcp 0.9.2 introduces stricter JSON Schema validation (draft-04):
- required arrays must have at least 1 item; removed empty required: []
  from PrintEnvTool and PackagesTool
- InputSchema no longer exposes .properties/.required accessors; updated
  specs to use schema.to_h[:properties] / schema.to_h[:required]

All 58 examples pass.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: technicalpickles

Gemfile.lock

@@ -11,28 +11,29 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionview (8.0.2)
-      activesupport (= 8.0.2)
+    actionview (8.1.3)
+      activesupport (= 8.1.3)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (8.0.2)
+    activesupport (8.1.3)
       base64
-      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      json
       logger (>= 1.4.2)
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
     base64 (0.2.0)
-    benchmark (0.4.0)
     better_html (2.1.1)
       actionview (>= 6.0)
       activesupport (>= 6.0)
@@ -59,15 +60,17 @@ GEM
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     json (2.10.2)
-    json_rpc_handler (0.1.1)
+    json-schema (6.2.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
     language_server-protocol (3.17.0.4)
     lint_roller (1.1.0)
     logger (1.7.0)
     loofah (2.24.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    mcp (0.1.0)
-      json_rpc_handler (~> 0.1)
+    mcp (0.9.2)
+      json-schema (>= 4.1)
     minitest (5.25.5)
     nokogiri (1.19.3-aarch64-linux-gnu)
       racc (~> 1.4)
@@ -106,6 +109,7 @@ GEM
     psych (5.2.3)
       date
       stringio
+    public_suffix (7.0.5)
     query_packwerk (0.1.0)
       coderay
       packwerk
@@ -177,7 +181,7 @@ GEM
     unicode-display_width (3.1.4)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
-    uri (1.0.3)
+    uri (1.1.1)
     zeitwerk (2.7.2)
 
 PLATFORMS

lib/chatwerk/tools/packages_tool.rb

@@ -17,8 +17,7 @@ class PackagesTool < MCP::Tool
             type: 'string',
             description: "A partial package path name to constrain the results (e.g. 'packs/product_services/payments/banks' or 'payments/banks')."
           }
-        },
-        required: []
+        }
       )
 
       class << self

lib/chatwerk/tools/print_env_tool.rb

@@ -10,8 +10,7 @@ class PrintEnvTool < MCP::Tool
       description 'Get the current working directory and environment path of the MCP server, ensuring correct directory context'
 
       input_schema(
-        properties: {},
-        required: []
+        properties: {}
       )
 
       class << self

spec/chatwerk/mcp_tools_spec.rb

@@ -37,7 +37,7 @@
 
     it 'has no required arguments' do
       schema = described_class.input_schema
-      expect(schema.required).to be_empty
+      expect(schema.to_h[:required]).to be_nil.or(be_empty)
     end
   end
 
@@ -65,8 +65,8 @@
 
     it 'has package_path as optional argument' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.required).not_to include(:package_path)
+      expect(schema.to_h[:properties]).to have_key(:package_path)
+      expect(schema.to_h[:required]).to satisfy { |r| r.nil? || !r.include?('package_path') }
     end
   end
 
@@ -86,8 +86,8 @@
 
     it 'has package_path as required argument' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.required).to include(:package_path)
+      expect(schema.to_h[:properties]).to have_key(:package_path)
+      expect(schema.to_h[:required]).to include('package_path')
     end
   end
 
@@ -123,10 +123,10 @@
 
     it 'has correct argument requirements' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.properties).to have_key(:constant_name)
-      expect(schema.required).to include(:package_path)
-      expect(schema.required).not_to include(:constant_name)
+      expect(schema.to_h[:properties]).to have_key(:package_path)
+      expect(schema.to_h[:properties]).to have_key(:constant_name)
+      expect(schema.to_h[:required]).to include('package_path')
+      expect(schema.to_h[:required]).not_to include('constant_name')
     end
   end
 
@@ -162,10 +162,10 @@
 
     it 'has correct argument requirements' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.properties).to have_key(:constant_name)
-      expect(schema.required).to include(:package_path)
-      expect(schema.required).not_to include(:constant_name)
+      expect(schema.to_h[:properties]).to have_key(:package_path)
+      expect(schema.to_h[:properties]).to have_key(:constant_name)
+      expect(schema.to_h[:required]).to include('package_path')
+      expect(schema.to_h[:required]).not_to include('constant_name')
     end
   end
 end