chore(go-deps): bump the go-dependencies group across 1 directory with 4 updates by dependabot[bot] · Pull Request #440 · spacelift-io/spacectl

dependabot · 2026-05-28T12:39:46Z

Bumps the go-dependencies group with 3 updates in the / directory: github.com/cli/cli/v2, github.com/mark3labs/mcp-go and github.com/onsi/gomega.

Updates github.com/cli/cli/v2 from 2.92.0 to 2.93.0

Release notes

Sourced from github.com/cli/cli/v2's releases.

GitHub CLI 2.93.0

Security

A security vulnerability has been identified, and fixed, that would incorrectly include authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands.

Users are advised to update gh to version v2.93.0 as soon as possible.

For more information see: GHSA-8xvp-7hj6-mcj9

Support agents in gh secret command set

The gh secret command set can now set agent secrets. For more information, see "Configuring secrets and variables for Copilot cloud agent".

What's Changed

✨ Features

Allow agents as application for secrets by @tenjaa in cli/cli#13421

🐛 Fixes

fix(pr): remove numberFieldOnly optimization that skips API validation by @williammartin in cli/cli#13327

Print gh auth refresh for 401 returns by @333fred in cli/cli#13068

Derive digest algorithm from ref length in release verify commands by @bdehamer in cli/cli#13430

📚 Docs & Chores

Add missing //go:build integration tag to verify_integration_test.go by @pdostal in cli/cli#13303

Fix flaky accessible prompter Password test timeout by @pdostal in cli/cli#13304

Enable extended PR screening for external PRs by @tidy-dev in cli/cli#13312

Grammar fixes by @scop in cli/cli#13326

Bump gh copilot telemetry sampling to 100% by @williammartin in cli/cli#13362

Record accessibility feature state in telemetry by @williammartin in cli/cli#13363

Poll TTY echo mode instead of sleeping in password tests by @pdostal in cli/cli#13305

Switch from actions/attest-build-provenance to actions/attest by @scop in cli/cli#13325

Fix skills acceptance tests by @williammartin in cli/cli#13365

Bump Go toolchain to 1.26.3 by @Copilot in cli/cli#13367

Trigger triage check-requirements on ready_for_review by @BagToad in cli/cli#13383

fix(copilot): hint to run copilot directly when exec fails by @babakks in cli/cli#13393

Update installation commands for GitHub CLI by @sassdawe in cli/cli#13126

Update CODEOWNERS for skills directory ownership by @williammartin in cli/cli#13416

fix(telemetry): prevent tzutil console flash on Windows by @adehad in cli/cli#13353

Fix bump-go.sh to tolerate missing toolchain directive by @Copilot in cli/cli#12581

docs: drop --repo gh-cli from dnf install lines by @c-tonneslan in cli/cli#13444

Remove third-party license debris by @williammartin in cli/cli#13470

Remove dependency on persistent token by @williammartin in cli/cli#13474

Remove discussion workflow by @williammartin in cli/cli#13476

Stop bumping homebrew on release by @williammartin in cli/cli#13479

build: update golang.org/x/crypto by @tommaso-moro in cli/cli#13486

... (truncated)

Commits

f96972c Merge pull request #13536 from cli/bagtoad/kw-fix-attestation-integration-tests
98d91db test(attestation): align integration tests with new external HTTP client
1f92732 Merge commit from fork
e6dfcd3 fix: use separate http client for non-github hosts
9a593ce Merge pull request #13518 from cli/kw/immutable-releases-readme
a5be6be docs: note immutable releases starting v2.93.0
d2006fe Merge pull request #13510 from cli/bagtoad/bump-x-net-0-55-0
be4ad7e bump golang.org/x/net
e53ff32 Merge pull request #13457 from cli/dependabot/go_modules/github.com/google/go...
d99c18c Merge pull request #13462 from cli/dependabot/go_modules/github.com/theupdate...
Additional commits viewable in compare view

Updates github.com/mark3labs/mcp-go from 0.50.0 to 0.54.1

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.54.1

No release notes provided.

Release v0.54.0

What's Changed

fix(server): handle resources/subscribe and resources/unsubscribe (#865) by @ezynda3 in mark3labs/mcp-go#873

fix(oauth): use LATEST_PROTOCOL_VERSION in metadata discovery (#868) by @ezynda3 in mark3labs/mcp-go#874

fix(oauth): don't hold metadataMu across HTTP discovery (#871) by @ezynda3 in mark3labs/mcp-go#875

feat(mcp): add 2025-11-25 sampling-with-tools and capability sub-fields (#867) by @ezynda3 in mark3labs/mcp-go#876

refactor: use MCP method constants by @nanookclaw in mark3labs/mcp-go#878

docs: add missing godoc comments by @aqilaziz in mark3labs/mcp-go#877

fix: add panic recovery to SSE message handler and stdio tool call worker by @blackwell-systems in mark3labs/mcp-go#882

fix: add panic recovery to task goroutines, fix cleanup goroutine leak by @blackwell-systems in mark3labs/mcp-go#880

feat: add OpenTelemetry tracing hooks to server and client by @QuentinBisson in mark3labs/mcp-go#856

fix: add panic recovery to session hook goroutines by @blackwell-systems in mark3labs/mcp-go#883

feat(mcp): add BaseMetadata.title, Icon.theme, Resource.size (#870) by @ezynda3 in mark3labs/mcp-go#885

New Contributors

@nanookclaw made their first contribution in mark3labs/mcp-go#878

@aqilaziz made their first contribution in mark3labs/mcp-go#877

Full Changelog: mark3labs/mcp-go@v0.53.0...v0.54.0

Release v0.53.0

What's Changed

feat(server): add WithStrictInputSchemaDefault by @QuentinBisson in mark3labs/mcp-go#853

fix(server): add CloseSessions and prevent double-close panic on SSE sessions by @blackwell-systems in mark3labs/mcp-go#852

fix(transport): suppress closed-pipe shutdown noise by @Gujiassh in mark3labs/mcp-go#863

fix: add panic recovery to transport goroutines by @blackwell-systems in mark3labs/mcp-go#861

fix: ToolInputSchema inherits MarshalJSON (fixes #694) by @tamish-max in mark3labs/mcp-go#858

we should use pointers on returns for ListPrompts and ListResources by @Patryk-Stefanski in mark3labs/mcp-go#855

fix(mcp): allow _meta on paginated requests by @curbol in mark3labs/mcp-go#854

refactor(server): use explicit struct literal in ListTools by @ezynda3 in mark3labs/mcp-go#864

New Contributors

@QuentinBisson made their first contribution in mark3labs/mcp-go#853

@tamish-max made their first contribution in mark3labs/mcp-go#858

@curbol made their first contribution in mark3labs/mcp-go#854

Full Changelog: mark3labs/mcp-go@v0.52.0...v0.53.0

Release v0.52.0

What's Changed

fix(transport): close response body on 404 in sendHTTP by @blackwell-systems in mark3labs/mcp-go#849

feat(server): add transport-agnostic Handle entry point by @ezynda3 in mark3labs/mcp-go#851

Full Changelog: mark3labs/mcp-go@v0.51.0...v0.52.0

Release v0.51.0

... (truncated)

Commits

481f056 fix(tools): print errors to stderr for invalid jsonschema tags (#894)
6e7859c perf(mcp): reduce content unmarshal allocations (#890)
018f190 Add Title and Size to ResourceLink (match Resource / spec) (#887)
ca26738 cleanup
76ea91b refactor(server): collapse client-info and writeJSONRPCError duplication (#886)
fac90b6 fmt
b817eff feat(mcp): add BaseMetadata.title, Icon.theme, Resource.size (#870) (#885)
602478c fix: add panic recovery to session hook goroutines (#883)
14ddeb3 feat: add OpenTelemetry tracing hooks to server and client (#856)
3f8fc8e fix: add panic recovery to task goroutines, fix cleanup goroutine leak (#880)
Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.41.0

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits

af2bccb v1.41.0
73e81f6 v1.41.0 (full)
e35a84f feat: devcontainer configuration with local pkgsite and GH pages
f12e5e1 fix(format): detect pointer cycles to avoid runaway formatting output
e14831f Add optionalDescription docs to AsyncAssertion and Assertion interfaces
344b94d Add BeASlice and BeAnArray matchers
See full diff in compare view

Updates golang.org/x/term from 0.42.0 to 0.43.0

Commits

3c3e485 go.mod: update golang.org/x dependencies
See full diff in compare view

…h 4 updates Bumps the go-dependencies group with 3 updates in the / directory: [github.com/cli/cli/v2](https://github.com/cli/cli), [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) and [github.com/onsi/gomega](https://github.com/onsi/gomega). Updates `github.com/cli/cli/v2` from 2.92.0 to 2.93.0 - [Release notes](https://github.com/cli/cli/releases) - [Changelog](https://github.com/cli/cli/blob/trunk/docs/release-process-deep-dive.md) - [Commits](cli/cli@v2.92.0...v2.93.0) Updates `github.com/mark3labs/mcp-go` from 0.50.0 to 0.54.1 - [Release notes](https://github.com/mark3labs/mcp-go/releases) - [Commits](mark3labs/mcp-go@v0.50.0...v0.54.1) Updates `github.com/onsi/gomega` from 1.40.0 to 1.41.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.40.0...v1.41.0) Updates `golang.org/x/term` from 0.42.0 to 0.43.0 - [Commits](golang/term@v0.42.0...v0.43.0) --- updated-dependencies: - dependency-name: github.com/cli/cli/v2 dependency-version: 2.93.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/mark3labs/mcp-go dependency-version: 0.54.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/onsi/gomega dependency-version: 1.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/term dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies Pull requests that update a dependency file label May 28, 2026

dependabot Bot requested a review from a team as a code owner May 28, 2026 12:39

dependabot Bot added go Pull requests that update go code dependencies Pull requests that update a dependency file labels May 28, 2026

dependabot Bot force-pushed the dependabot/go_modules/go-dependencies-4b72f0f479 branch from 2b97ff2 to a644131 Compare June 4, 2026 00:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(go-deps): bump the go-dependencies group across 1 directory with 4 updates#440

chore(go-deps): bump the go-dependencies group across 1 directory with 4 updates#440
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-4b72f0f479

dependabot Bot commented on behalf of github May 28, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub CLI 2.93.0

Security

Support agents in gh secret command set

What's Changed

✨ Features

🐛 Fixes

📚 Docs & Chores

Release v0.54.1

Release v0.54.0

What's Changed

New Contributors

Release v0.53.0

What's Changed

New Contributors

Release v0.52.0

What's Changed

Release v0.51.0

1.41.0

Features

Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 28, 2026 •

edited

Loading

Support agents in `gh secret` command set