Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
ginkgo		minor	2.23.4 → 2.28.1
github.com/modelcontextprotocol/go-sdk	require	patch	v1.4.0 → v1.4.1
github.com/spf13/pflag	require	patch	v1.0.9 → v1.0.10
go (source)	toolchain	minor	1.24.1 → 1.26.1
golang		minor	1.24.1 → 1.26.1
golang.org/x/crypto	require	minor	v0.48.0 → v0.49.0
golang.org/x/term	require	minor	v0.40.0 → v0.41.0
golangci-lint		patch	1.64.6 → 1.64.8
node (source)		patch	24.14.0 → 24.14.1

---

Release Notes

onsi/ginkgo (ginkgo)

v2.28.1

Compare Source

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

Compare Source

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

Compare Source

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

Compare Source

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

Compare Source

Fixes

report exit result in case of failure [1c9f356]
fix data race [ece19c8]

v2.27.2

Compare Source

Fixes

• inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]

Maintenance

• Fix syntax errors and typo [a99c6e0]
• Fix paragraph position error [f993df5]

v2.27.1

Compare Source

Fixes

• Fix Ginkgo Reporter slice-bounds panic [606c1cb]
• Bug Fix: Add GinkoTBWrapper.Attr() and GinkoTBWrapper.Output() [a6463b3]

v2.27.0

Compare Source

Features

Transforming Nodes during Tree Construction

This release adds support for NodeArgsTransformers that can be registered with AddTreeConstructionNodeArgsTransformer.

These are called during the tree construction phase as nodes are constructed and can modify the node strings and decorators. This enables frameworks built on top of Ginkgo to modify Ginkgo nodes and enforce conventions.

Learn more here.

Spec Prioritization

A new SpecPriority(int) decorator has been added. Ginkgo will honor priority when ordering specs, ensuring that higher priority specs start running before lower priority specs

Learn more here.

Maintenance

• Bump rexml from 3.4.0 to 3.4.2 in /docs (#​1595) [1333dae]
• Bump github.com/gkampitakis/go-snaps from 0.5.14 to 0.5.15 (#​1600) [17ae63e]

v2.26.0

Compare Source

Features

Ginkgo can now generate json-formatted reports that are compatible with the go test json format. Use ginkgo --gojson-report=report.go.json. This is not intended to be a replacement for Ginkgo's native json format which is more information rich and better models Ginkgo's test structure semantics.

v2.25.3

Compare Source

Fixes

• emit --github-output group only for progress report itself [f01aed1]

v2.25.2

Compare Source

Fixes

Add github output group for progress report content

Maintenance

Bump Gomega

v2.25.1

Compare Source

Fixes

• fix(types): ignore nameless nodes on FullText() [10866d3]
• chore: fix some CodeQL warnings [2e42cff]

v2.25.0

Compare Source

AroundNode

This release introduces a new decorator to support more complex spec setup usecases.

AroundNode registers a function that runs before each individual node. This is considered a more advanced decorator.

Please read the docs for more information and some examples.

Allowed signatures:

• AroundNode(func()) - func will be called before the node is run.
• AroundNode(func(ctx context.Context) context.Context) - func can wrap the passed in context and return a new one which will be passed on to the node.
• AroundNode(func(ctx context.Context, body func(ctx context.Context))) - ctx is the context for the node and body is a function that must be called to run the node. This gives you complete control over what runs before and after the node.

Multiple AroundNode decorators can be applied to a single node and they will run in the order they are applied.

Unlike setup nodes like BeforeEach and DeferCleanup, AroundNode is guaranteed to run in the same goroutine as the decorated node. This is necessary when working with lower-level libraries that must run on a single thread (you can call runtime.LockOSThread() in the AroundNode to ensure that the node runs on a single thread).

Since AroundNode allows you to modify the context you can also use AroundNode to implement shared setup that attaches values to the context.

If applied to a container, AroundNode will run before every node in the container. Including setup nodes like BeforeEach and DeferCleanup.

AroundNode can also be applied to RunSpecs to run before every node in the suite. This opens up new mechanisms for instrumenting individual nodes across an entire suite.

v2.24.0

Compare Source

Features

Specs can now be decorated with (e.g.) SemVerConstraint("2.1.0") and ginkgo --sem-ver-filter="2.1.1" will only run constrained specs that match the requested version. Learn more in the docs here! Thanks to @​Icarus9913 for the PR.

Fixes

• remove -o from run command [3f5d379]. fixes #​1582

Maintenance

Numerous dependency bumps and documentation fixes

modelcontextprotocol/go-sdk (github.com/modelcontextprotocol/go-sdk)

v1.4.1

Compare Source

This release is a patch release for v1.4.0.

It contains cherry-picks for several security improvements. Security advisories will follow.

Fixes

Update of the segmentio/encoding module version

The JSON parsing library that was adopted to avoid attacks taking advantage of the Go's standard parser being case insensitive turned out to contain an issue itself. We have submitted the fix upstream and this release updates the dependency to the patched version.

Cross-origin requests protection

We have added additional protection against cross origin requests. From now on, we verify that Content-Type for JSON-RPC POST requests is set to application/json and use the new http.CrossOriginProtection functionality to verify the origin of the request. Usage of this functionality required increasing the required Go version to 1.25, which is in line with our Go version policy of supporting two newest Go versions. The behavior can be customized by passing a configured http.CrossOriginProtection object to StreamableHTTPOptions.

Since this is a behavior change, we introduced a compatibility parameter disablecrossoriginprotection that will allow to temporarily disable it. It will be removed in v1.6.0 version of the SDK. See here for more details about behavior changes and a history of compatibility parameters across SDK versions.

Allowing customization of http.Client for client-side OAuth

We have introduced an optional http.Client parameter to AuthorizationCodeHandlerConfig. This allows customization of the transport, for example implementing environment specific protection against Server-Side Request Forgery.

Pull requests

• internal: fix Unicode zero character handling by @​maciej-kisiel in #​841
• auth: allow passing custom http.Client to AuthorizationCodeHandler by @​maciej-kisiel in #​840
• mcp: verify 'Origin' and 'Content-Type' headers by @​maciej-kisiel in #​842

Full Changelog: modelcontextprotocol/go-sdk@v1.4.0...v1.4.1

spf13/pflag (github.com/spf13/pflag)

v1.0.10

Compare Source

What's Changed

• fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @​thaJeztah in #​447
• remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @​thaJeztah in #​448

New Contributors

• @​thaJeztah made their first contribution in #​447

Full Changelog: spf13/pflag@v1.0.9...v1.0.10

golang/go (go)

v1.26.1

v1.26.0

v1.25.8

v1.25.7

v1.25.6

v1.25.5

v1.25.4

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.13

v1.24.12

v1.24.11

v1.24.10

v1.24.9

v1.24.8

v1.24.7

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

golangci/golangci-lint (golangci-lint)

v1.64.8

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 8b37f14 fix: check version of the configuration (#​5564)

v1.64.7

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 94946f3 build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.2.0 to 2.2.1 (#​5509)
• 132365e build(deps): bump github.com/golangci/dupl from 3e9179a to f665c8d (#​5512)
• bddd1bc build(deps): bump github.com/securego/gosec/v2 from 2.22.1 to 2.22.2 (#​5515)
• 624fb4e build(deps): bump golang.org/x/mod from 0.23.0 to 0.24.0 (#​5507)
• 8cffdb7 build(deps): bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 in /scripts/gen_github_action_config in the scripts group (#​5521)
• 7a3f3d7 build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0 (#​5508)
• c13fd5b build(deps): bump honnef.co/go/tools from 0.6.0 to 0.6.1 (#​5510)

nodejs/node (node)

v24.14.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 3 additional dependencies were updated

Details:

Package	Change
github.com/google/jsonschema-go	v0.2.3 -> v0.3.0
golang.org/x/text	v0.31.0 -> v0.32.0
golang.org/x/sys	v0.38.0 -> v0.39.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated

Details:

Package	Change
github.com/segmentio/encoding	v0.5.3 -> v0.5.4
golang.org/x/net	v0.49.0 -> v0.51.0
golang.org/x/text	v0.34.0 -> v0.35.0
golang.org/x/sys	v0.41.0 -> v0.42.0