Skip to content

chore(deps): update mcp requirement from ~=1.26.0 to >=1.26,<1.28#38

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/mcp-gte-1.26-and-lt-1.28
Open

chore(deps): update mcp requirement from ~=1.26.0 to >=1.26,<1.28#38
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/mcp-gte-1.26-and-lt-1.28

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Updates the requirements on mcp to permit the latest version.

Release notes

Sourced from mcp's releases.

v1.27.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/python-sdk@v1.26.0...v1.27.0

Commits
  • 6524782 [v1.x] fix: handle ClosedResourceError when transport closes mid-request (#2334)
  • 2e9897e [v1.x] fix: handle non-UTF-8 bytes in stdio server stdin (#2303)
  • f8d98b6 Backport: Add missing TasksCallCapability to v1.x (#2137)
  • c68e254 docs: add server-side tool error handling documentation (#2129)
  • 1ef124e docs: add snippet verification for docs/ pages (#2115)
  • cfbbd7d docs: fix GitHub links to point to v1.x branch (#2102)
  • 1f9fb34 docs: fix stub pages and improve docs structure (#2101)
  • c86477c docs: comprehensive feature documentation for SEP-1730 Tier 1 (#2090)
  • a77462b docs: restructure README into docs/ pages (#2091)
  • b1adfcd Add VERSIONING.md, ROADMAP.md, and DEPENDENCY_POLICY.md (#2084)
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 6, 2026

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 6, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 6, 2026
edited
Loading

Container Security Scan (opentelemetry-mcp-server-amd64)

Click to expand results 

For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


opentelemetry-mcp-server:b533ae6bcbe2a0366f33727a4e7254182e5354b6-amd64 (debian 13.4)
=====================================================================================
Total: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 6, CRITICAL: 0)

┌──────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│   Library    │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                            Title                            │
├──────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libncursesw6 │ CVE-2025-69720 │ HIGH     │ affected │ 6.5+20250216-2    │               │ ncurses: ncurses: Buffer overflow vulnerability may lead to │
│              │                │          │          │                   │               │ arbitrary code execution.                                   │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-69720                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libsystemd0  │ CVE-2026-29111 │          │          │ 257.9-1~deb13u1   │               │ systemd: systemd: Arbitrary code execution or Denial of     │
│              │                │          │          │                   │               │ Service via spurious IPC...                                 │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2026-29111                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libtinfo6    │ CVE-2025-69720 │          │          │ 6.5+20250216-2    │               │ ncurses: ncurses: Buffer overflow vulnerability may lead to │
│              │                │          │          │                   │               │ arbitrary code execution.                                   │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-69720                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libudev1     │ CVE-2026-29111 │          │          │ 257.9-1~deb13u1   │               │ systemd: systemd: Arbitrary code execution or Denial of     │
│              │                │          │          │                   │               │ Service via spurious IPC...                                 │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2026-29111                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ ncurses-base │ CVE-2025-69720 │          │          │ 6.5+20250216-2    │               │ ncurses: ncurses: Buffer overflow vulnerability may lead to │
│              │                │          │          │                   │               │ arbitrary code execution.                                   │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-69720                  │
├──────────────┤                │          │          │                   ├───────────────┤                                                             │
│ ncurses-bin  │                │          │          │                   │               │                                                             │
│              │                │          │          │                   │               │                                                             │
│              │                │          │          │                   │               │                                                             │
└──────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 6, 2026
edited
Loading

Container Security Scan (opentelemetry-mcp-server-arm64)

Click to expand results 

For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


opentelemetry-mcp-server:b533ae6bcbe2a0366f33727a4e7254182e5354b6-arm64 (debian 13.4)
=====================================================================================
Total: 6 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 6, CRITICAL: 0)

┌──────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│   Library    │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                            Title                            │
├──────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libncursesw6 │ CVE-2025-69720 │ HIGH     │ affected │ 6.5+20250216-2    │               │ ncurses: ncurses: Buffer overflow vulnerability may lead to │
│              │                │          │          │                   │               │ arbitrary code execution.                                   │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-69720                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libsystemd0  │ CVE-2026-29111 │          │          │ 257.9-1~deb13u1   │               │ systemd: systemd: Arbitrary code execution or Denial of     │
│              │                │          │          │                   │               │ Service via spurious IPC...                                 │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2026-29111                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libtinfo6    │ CVE-2025-69720 │          │          │ 6.5+20250216-2    │               │ ncurses: ncurses: Buffer overflow vulnerability may lead to │
│              │                │          │          │                   │               │ arbitrary code execution.                                   │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-69720                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libudev1     │ CVE-2026-29111 │          │          │ 257.9-1~deb13u1   │               │ systemd: systemd: Arbitrary code execution or Denial of     │
│              │                │          │          │                   │               │ Service via spurious IPC...                                 │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2026-29111                  │
├──────────────┼────────────────┤          │          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ ncurses-base │ CVE-2025-69720 │          │          │ 6.5+20250216-2    │               │ ncurses: ncurses: Buffer overflow vulnerability may lead to │
│              │                │          │          │                   │               │ arbitrary code execution.                                   │
│              │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-69720                  │
├──────────────┤                │          │          │                   ├───────────────┤                                                             │
│ ncurses-bin  │                │          │          │                   │               │                                                             │
│              │                │          │          │                   │               │                                                             │
│              │                │          │          │                   │               │                                                             │
└──────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

@dependabot
chore(deps): update mcp requirement from ~=1.26.0 to >=1.26,<1.28
3ada902 
Updates the requirements on [mcp](https://github.com/modelcontextprotocol/python-sdk) to permit the latest version.
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: mcp
  dependency-version: 1.27.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/mcp-gte-1.26-and-lt-1.28 branch from cc2f8f8 to 3ada902 Compare April 6, 2026 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant