Skip to content

chore(deps): bump the production-minor group with 2 updates#17

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/production-minor-0bcd388dad
Apr 20, 2026
Merged

chore(deps): bump the production-minor group with 2 updates#17
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/production-minor-0bcd388dad

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the production-minor group with 2 updates: @modelcontextprotocol/ext-apps and signet-protocol.

Updates @modelcontextprotocol/ext-apps from 1.5.0 to 1.6.0

Release notes

Sourced from @​modelcontextprotocol/ext-apps's releases.

1.6.0

What's Changed

Full Changelog: modelcontextprotocol/ext-apps@v1.5.0...v1.6.0

Commits

Updates signet-protocol from 1.2.1 to 1.6.0

Release notes

Sourced from signet-protocol's releases.

v1.6.0

Features

  • cross-device Sign-in-with-Signet via relay delivery

Bug Fixes

  • validate sessionPubkey and enforce pairing with relay (qr-router)

Reproducible build: byte-identical output verified across two independent CI runners.

Artefact integrity

file:      signet-protocol-1.6.0.tgz
size:      221835 bytes
sha256:    88a562ab8c13d01aaaac318f9d773802399819deb230f8723054f22a39521fcf
sha512-PsheTmJOo6/1MCj1P2yoCKX5lApix83kay4qAj2tW9SUFa33iQJGXzqyZrl3umFmxgu/Z5JRlZZbaxHOc4rJBw==

Verify against the registry tarball:

curl -sLO https://registry.npmjs.org/signet-protocol/-/signet-protocol-1.6.0.tgz
shasum -a 256 signet-protocol-1.6.0.tgz

v1.2.3

Bug Fixes

  • deterministic tamper in ring-signature test to eliminate 1/256 flake

Reproducible build: byte-identical output verified across two independent CI runners.

Artefact integrity

file:      signet-protocol-1.2.3.tgz
size:      220562 bytes
sha256:    f4e1b804040c77962a040ac994c20a78e1e24ba2e7ac29f2172c5deb2dcb042c
sha512-0lmC2P/NroFPw5X4roDMeEQ+CkO/956hCz75a0c7NH2zJtbVipyx0NwC2GF04tAOg+FJFH8w9/plxOvYXFcDYg==

Verify against the registry tarball:

curl -sLO https://registry.npmjs.org/signet-protocol/-/signet-protocol-1.2.3.tgz
shasum -a 256 signet-protocol-1.2.3.tgz
</tr></table>

... (truncated)

Changelog

Sourced from signet-protocol's changelog.

1.2.1 (2026-04-12)

Bug Fixes

  • deps: bump vite, picomatch, and esbuild across manifests (security) (0d3db23)

1.2.0 (2026-04-12)

1.6.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

Bug Fixes

  • validate sessionPubkey and enforce pairing with relay (qr-router)

1.5.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

1.4.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

1.3.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

1.2.3 (2026-04-16)

Bug Fixes

  • deterministic tamper in ring-signature test to eliminate 1/256 flake

... (truncated)

Commits
  • 06ad4e7 chore(release): 1.6.0
  • f6fdb3b fix(qr-router): validate sessionPubkey and enforce pairing with relay
  • 831b340 chore(release): 1.5.0
  • 47a8d64 chore: remove vestigial app/ directory
  • d2f9490 chore(release): 1.4.0
  • 4b082c7 refactor: move auth event from kind 27235 to kind 21236
  • fbc254b chore(release): 1.3.0
  • 0c58429 feat: cross-device Sign-in-with-Signet via relay delivery
  • f9041f0 chore(release): 1.2.3
  • 731b3f1 fix: deterministic tamper in ring-signature test to eliminate 1/256 flake
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-minor group with 2 updates
564ad9e 
Bumps the production-minor group with 2 updates: [@modelcontextprotocol/ext-apps](https://github.com/modelcontextprotocol/ext-apps) and [signet-protocol](https://github.com/forgesworn/signet).


Updates `@modelcontextprotocol/ext-apps` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/modelcontextprotocol/ext-apps/releases)
- [Changelog](https://github.com/modelcontextprotocol/ext-apps/blob/main/RELEASES.md)
- [Commits](modelcontextprotocol/ext-apps@v1.5.0...v1.6.0)

Updates `signet-protocol` from 1.2.1 to 1.6.0
- [Release notes](https://github.com/forgesworn/signet/releases)
- [Changelog](https://github.com/forgesworn/signet/blob/main/CHANGELOG.md)
- [Commits](forgesworn/signet@v1.2.1...v1.6.0)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/ext-apps"
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor
- dependency-name: signet-protocol
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026
@github-actions github-actions Bot merged commit 4d3516b into main Apr 20, 2026
2 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/production-minor-0bcd388dad branch April 20, 2026 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants