Security: bump actionview, activesupport, mcp, uri

Resolves security vulnerabilities in dependencies:
- actionview: GHSA-v55j-83pf-r9cq
- activesupport: GHSA-2j26-frm8-cmj9, GHSA-89vf-4333-qx8v, GHSA-cg4j-q9v8-6v38
- mcp: GHSA-qvqr-5cv7-wh35
- uri: GHSA-j4pr-3wm6-xx2r

All tests pass (58 examples, 0 failures).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: technicalpickles

Gemfile.lock

@@ -11,28 +11,27 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionview (8.0.2)
-      activesupport (= 8.0.2)
+    actionview (8.1.3)
+      activesupport (= 8.1.3)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activesupport (8.0.2)
+    activesupport (8.1.3)
       base64
-      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      json
       logger (>= 1.4.2)
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
     ast (2.4.3)
     base64 (0.2.0)
-    benchmark (0.4.0)
     better_html (2.1.1)
       actionview (>= 6.0)
       activesupport (>= 6.0)
@@ -51,6 +50,7 @@ GEM
     diff-lcs (1.6.1)
     drb (2.2.1)
     erubi (1.13.1)
+    hana (1.3.7)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
     io-console (0.8.0)
@@ -59,15 +59,19 @@ GEM
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
     json (2.10.2)
-    json_rpc_handler (0.1.1)
+    json_schemer (2.5.0)
+      bigdecimal
+      hana (~> 1.3)
+      regexp_parser (~> 2.0)
+      simpleidn (~> 0.2)
     language_server-protocol (3.17.0.4)
     lint_roller (1.1.0)
     logger (1.7.0)
     loofah (2.24.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    mcp (0.1.0)
-      json_rpc_handler (~> 0.1)
+    mcp (0.20.0)
+      json_schemer (>= 2.4)
     minitest (5.25.5)
     nokogiri (1.19.3-aarch64-linux-gnu)
       racc (~> 1.4)
@@ -163,6 +167,7 @@ GEM
       rubocop (>= 1)
     ruby-progressbar (1.13.0)
     securerandom (0.4.1)
+    simpleidn (0.2.3)
     smart_properties (1.17.0)
     sorbet (0.5.11971)
       sorbet-static (= 0.5.11971)
@@ -177,7 +182,7 @@ GEM
     unicode-display_width (3.1.4)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
-    uri (1.0.3)
+    uri (1.1.1)
     zeitwerk (2.7.2)
 
 PLATFORMS

lib/chatwerk/tools/packages_tool.rb

@@ -17,8 +17,7 @@ class PackagesTool < MCP::Tool
             type: 'string',
             description: "A partial package path name to constrain the results (e.g. 'packs/product_services/payments/banks' or 'payments/banks')."
           }
-        },
-        required: []
+        }
       )
 
       class << self

lib/chatwerk/tools/print_env_tool.rb

@@ -10,8 +10,7 @@ class PrintEnvTool < MCP::Tool
       description 'Get the current working directory and environment path of the MCP server, ensuring correct directory context'
 
       input_schema(
-        properties: {},
-        required: []
+        properties: {}
       )
 
       class << self

spec/chatwerk/mcp_tools_spec.rb

@@ -37,7 +37,7 @@
 
     it 'has no required arguments' do
       schema = described_class.input_schema
-      expect(schema.required).to be_empty
+      expect(schema.instance_variable_get(:@schema)[:required]).to be_nil
     end
   end
 
@@ -65,8 +65,9 @@
 
     it 'has package_path as optional argument' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.required).not_to include(:package_path)
+      schema_data = schema.instance_variable_get(:@schema)
+      expect(schema_data[:properties]).to have_key(:package_path)
+      expect(schema_data[:required]).to be_nil
     end
   end
 
@@ -86,8 +87,9 @@
 
     it 'has package_path as required argument' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.required).to include(:package_path)
+      schema_data = schema.instance_variable_get(:@schema)
+      expect(schema_data[:properties]).to have_key(:package_path)
+      expect(schema_data[:required]).to include('package_path')
     end
   end
 
@@ -123,10 +125,11 @@
 
     it 'has correct argument requirements' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.properties).to have_key(:constant_name)
-      expect(schema.required).to include(:package_path)
-      expect(schema.required).not_to include(:constant_name)
+      schema_data = schema.instance_variable_get(:@schema)
+      expect(schema_data[:properties]).to have_key(:package_path)
+      expect(schema_data[:properties]).to have_key(:constant_name)
+      expect(schema_data[:required]).to include('package_path')
+      expect(schema_data[:required]).not_to include('constant_name')
     end
   end
 
@@ -162,10 +165,11 @@
 
     it 'has correct argument requirements' do
       schema = described_class.input_schema
-      expect(schema.properties).to have_key(:package_path)
-      expect(schema.properties).to have_key(:constant_name)
-      expect(schema.required).to include(:package_path)
-      expect(schema.required).not_to include(:constant_name)
+      schema_data = schema.instance_variable_get(:@schema)
+      expect(schema_data[:properties]).to have_key(:package_path)
+      expect(schema_data[:properties]).to have_key(:constant_name)
+      expect(schema_data[:required]).to include('package_path')
+      expect(schema_data[:required]).not_to include('constant_name')
     end
   end
 end