Skip to content

build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.1.0 to 1.2.0 #4491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AkihiroSuda merged 2 commits into from
Jan 19, 2026
Merged

build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.1.0 to 1.2.0 #4491

AkihiroSuda merged 2 commits into from
Jan 19, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 23, 2025
edited
Loading

Bumps github.com/modelcontextprotocol/go-sdk from 1.1.0 to 1.2.0.

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.2.0

This release is equivalent to v1.2.0-pre.2. Thank you to those who tested the prerelease.

This release adds partial support for the 2025-11-25 version of the MCP spec and fixes some bugs in the streamable transports. It also includes some minor new APIs, changes to contributing flows, and small bugfixes.

Contributing changes

  • CONTRIBUTING.md is updated to remove the ad-hoc antitrust policy (#651), and add a dependency update policy (#635).
  • An example server (examples/server/conformance) is added for the new conformance tests at modelcontextprotocol/conformance. Test can be run with scripts/conformance.sh (#650).

Partial support for the 2025-11-25 spec

The following SEPs from the 2025-11-25 spec are now supported. Please see modelcontextprotocol/go-sdk#725 for the proposed API additions included to support these SEPs.

Other API additions

  • Common error codes are now available through the sentinel jsonrpc.Error (#452)
  • OAuth 2.0 Protected Resource Metadata support (#643)
  • ClientCapabilities.RootsV2 and RootCapabilities are added to work around an API bug (#607)
  • Capabilities fields are added to ServerOptions and ClientOptions, to simplify capability configuration (#706)

Streamable fixes

Several bug fixes are included for the streamable transports:

Other notable bugfixes

New Contributors

... (truncated)

Commits
  • 411d5a0 mcp: switch icon theme to named string type (#733)
  • 76e6854 docs: add GitHub Pages redirect to latest release documentation (#702)
  • 875d1d3 mcp: don't break the streamable client connection for transient errors (#723)
  • e009bac oauthex: fix content type check in getJSON (#721)
  • 3430e22 mcp: add Capabilities fields to ServerOptions and ClientOptions (#713)
  • bae0929 mcp: address review comments on streamable cleanup (#716)
  • b3399e6 mcp: use args struct for CloseSSEStream (#718)
  • 1a964ae mcp: debounce server change notifications (#717)
  • a5e369e mcp: fix broken client root capabilities (#698)
  • 307e32c oauthex: validate URL schemes in auth server metadata and DCR
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 23, 2025
@AkihiroSuda
Copy link
Member

AkihiroSuda commented Dec 23, 2025
edited
Loading

https://github.com/lima-vm/lima/actions/runs/20448503639/job/58760691726?pr=4491

# ===== mcp =====
not ok 21 list tools in 150ms
# (from function `__assert_stream' in file hack/bats/lib/bats-assert/src/assert_output.bash, line 246,
#  from function `assert_output' in file hack/bats/lib/bats-assert/src/assert_output.bash, line 125,
#  from function `mcp' in file hack/bats/tests/mcp.bats, line 74,
#  from function `local_setup' in file hack/bats/tests/mcp.bats, line 42,
#  from function `call_local_function' in file hack/bats/tests/../helpers/load.bash, line 52,
#  from function `setup' in test file hack/bats/tests/../helpers/load.bash, line 69)
#   `call_local_function' failed
#
# -- output differs --
# expected : 1
# actual   : null
# --
#

lima/hack/bats/tests/mcp.bats

Lines 59 to 74 in 7c92565

local request
printf -v request '{"jsonrpc":"2.0","id":%d,"method":"%s"}' "$((++ID))" "$method"
if [[ -n $params ]]; then
request=$(json_edit ".params=${params}" <<<"$request")
fi
# send request to MCP server stdin
echo "$request" >&"${MCP[1]}"
# read response from MCP server stdout with 5s timeout
local json
read -t 5 -r json <&"${MCP[0]}"
# verify that the response matches the request; also validates the output is valid JSON
run_yq .id <<<"$json"
assert_output "$ID"

@dependabot
build(deps): bump github.com/modelcontextprotocol/go-sdk
02161c4 
Bumps [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/modelcontextprotocol/go-sdk/releases)
- [Commits](modelcontextprotocol/go-sdk@v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/modelcontextprotocol/go-sdk
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.2.0 branch from 227fe75 to 02161c4 Compare January 12, 2026 17:45
@jandubois
Copy link
Member

jandubois commented Jan 16, 2026

@AkihiroSuda:

With the go-sdk@1.2.0 we now get a notification before receiving the response to our request:

>>> {"jsonrpc":"2.0","id":2,"method":"tools/list"}
<<< {"jsonrpc":"2.0","method":"notifications/tools/list_changed","params":{}}

Notifications have a method field, but no id. We need to ignore them until we receive an actual response object.

@jandubois jandubois added this to the v2.1.0 milestone Jan 16, 2026
@jandubois
Ignore MCP notifications
8883d51 
With the go-sdk@1.2.0 we now get a notification before receiving the
response to our request:

  >>> {"jsonrpc":"2.0","id":2,"method":"tools/list"}
  <<< {"jsonrpc":"2.0","method":"notifications/tools/list_changed","params":{}}

Notifications have a `method` field, but no `id`. We need to ignore them
until we receive an actual response object.

This commit also fixes a potential problem deleting the /tmp/tmp directory
inside the VM when running the tests multiple times using the same Lima
instance (LIMA_BATS_REUSE_INSTANCE=1).

Signed-off-by: Jan Dubois <jan.dubois@suse.com>
@jandubois jandubois force-pushed the dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.2.0 branch from 9bb0937 to 8883d51 Compare January 16, 2026 05:53
AkihiroSuda
AkihiroSuda approved these changes Jan 19, 2026
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@AkihiroSuda AkihiroSuda merged commit 372bfdd into master Jan 19, 2026
37 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.2.0 branch January 19, 2026 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

v2.1.0

Development

Successfully merging this pull request may close these issues.

3 participants

@AkihiroSuda @jandubois