Skip to content

build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.5.0 to 1.6.0#935

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.6.0
May 4, 2026
Merged

build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.5.0 to 1.6.0#935
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.6.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/modelcontextprotocol/go-sdk from 1.5.0 to 1.6.0.

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.6.0-pre.1

In this release we introduce several smaller fixes and improvements, and we started working for release 2026-06-30. The main new feature is the introduction of ClientCredentialsHandler for OAuth client credentials grant.

Add ClientCredentialsHandler for OAuth client credentials grant

Added ClientCredentialsHandler implementing auth.OAuthHandler using the OAuth 2.0 Client Credentials grant (RFC 6749 Section 4.4) for service-to-service authentication with pre-registered credentials.

2026-06-30 Release related PRs

  • feat: add automatic application_type inference by @​guglielmo-san in modelcontextprotocol/go-sdk#904

    New application_type field is added to the ClientRegistrationMetadata for DynamicClientRegistration. If not specified, the application_type will be inferred from the RedirectURIs. This implements SEP-837.

  • feat: HTTP Header Standardization for method and name by @​guglielmo-san in modelcontextprotocol/go-sdk#907

    By mirroring key fields from the JSON-RPC payload into HTTP headers, network intermediaries such as load balancers, proxies, and observability tools can route and process MCP traffic without deep packet inspection, reducing latency and computational overhead. This partially implements SEP-2243.

Behavior Changes

SetError Behavior Change

Previously the SetError method on CallToolResult always overwrote the Content field with the error text. Now SetError preserves the existing value if it has already been populated. You can restore the previous behavior by setting the environment variable seterroroverwrite=1.

Cross-Origin Protection Default Change

Previously (v1.4.1-v1.5.0) default (zero-value) cross-origin protection was applied when CrossOriginProtection in StreamableHTTPOptions was nil. Now cross-origin protection is not enabled by default when CrossOriginProtection is nil. You can restore the previous behavior (enable by default) by setting enableoriginverification=1.

disablecrossoriginprotection was replaced by enableoriginverification after the default was changed to not enable cross-origin protection.

jsonescaping option was removed, according to plan.

Other Changes to the SDK

... (truncated)

Commits
  • f5f2015 MCPGODEBUG update for 1.6.0 (#893)
  • e01639a feat: HTTP Header Standardization for method and name (#907)
  • 93a41b2 internal/jsonrpc2: remove unused code (#910)
  • 446beae mcp: Upgrade jsonschema-go (#912)
  • 2e21834 extauth: add ClientCredentialsHandler for OAuth client credentials grant (#895)
  • 2643b22 feat: add automatic application_type inference (#904)
  • db50910 mcp: do not re-prompt OAuth after cancelled Authorize (#885)
  • 5f2cd8f mcp: preserve transport errors in Write error chain (#888)
  • 0edc597 Update README.md (#896)
  • 41e1f94 mcp: remove default cross origin protection (#906)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases)
- [Commits](modelcontextprotocol/go-sdk@v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/modelcontextprotocol/go-sdk
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels May 4, 2026
@coderabbitai

coderabbitai Bot commented May 4, 2026

Copy link
Copy Markdown

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (3)
  • WIP
  • deps
  • Do Not Merge

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a19cafe1-7650-405b-811e-0079b736cbac

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.6.0

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot enabled auto-merge (squash) May 4, 2026 00:32
@openshift-ci openshift-ci Bot requested review from bmeng and wanghaoran1988 May 4, 2026 00:33
@openshift-ci

openshift-ci Bot commented May 4, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci

openshift-ci Bot commented May 4, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign smarthall for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.97%. Comparing base (e36d30a) to head (83499ba).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #935   +/-   ##
=======================================
  Coverage   53.97%   53.97%           
=======================================
  Files          88       88           
  Lines        6662     6662           
=======================================
  Hits         3596     3596           
  Misses       2597     2597           
  Partials      469      469           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@MitaliBhalla

Copy link
Copy Markdown
Contributor

/retest

@github-actions github-actions Bot merged commit 92dc919 into main May 4, 2026
8 of 9 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.6.0 branch May 4, 2026 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants