Skip to content

[pull] main from googleapis:main#96

Merged
pull[bot] merged 14 commits intopepe57:mainfrom
googleapis:main
Apr 17, 2026
Merged

[pull] main from googleapis:main#96
pull[bot] merged 14 commits intopepe57:mainfrom
googleapis:main

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented Apr 17, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

dependabot Bot and others added 14 commits April 16, 2026 16:03
@dependabot @Yuan325
chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /docs/en…
aabdf5d 
…/documentation/getting-started/quickstart/js/llamaindex (#3065)

Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.11 to 1.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a>
Release version 1.16.0 of the npm package.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a>
Add sensitiveHeaders option.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a>
ci: add Node.js 24.x to the CI matrix</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a>
ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a>
Sanitizing input.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @duwenxin99 @Yuan325
chore(deps): bump langsmith from 0.5.6 to 0.5.20 in /docs/en/document…
4dca261 
…ation/getting-started/quickstart/js/langchain (#3069)

Bumps [langsmith](https://github.com/langchain-ai/langsmith-sdk) from
0.5.6 to 0.5.20.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/langchain-ai/langsmith-sdk/commits">compare
view</a></li>
</ul>
</details>
<details>
<summary>Install script changes</summary>
<p>This version modifies <code>prepublish</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wenxin Du <117315983+duwenxin99@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump axios from 1.13.5 to 1.15.0 in /docs/en/documentati…
a0d0ef9 
…on/getting-started/quickstart/js/genkit (#3041)

Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.15.0</h2>
<p>This release delivers two critical security patches, adds runtime
support for Deno and Bun, and includes significant CI hardening,
documentation improvements, and routine dependency updates.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Deprecation:</strong> <code>url.parse()</code> usage has
been replaced to address Node.js deprecation warnings. If you are on a
recent version of Node.js, this resolves console warnings you may have
been seeing. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
</ul>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Proxy Handling:</strong> Fixed a <code>no_proxy</code>
hostname normalisation bypass that could lead to Server-Side Request
Forgery (SSRF). (<strong><a
href="https://redirect.github.com/axios/axios/issues/10661">#10661</a></strong>)</li>
<li><strong>Header Injection:</strong> Fixed an unrestricted cloud
metadata exfiltration vulnerability via a header injection chain.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10660">#10660</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Support:</strong> Added compatibility checks and
documentation for Deno and Bun environments. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10652">#10652</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10653">#10653</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>CI Security:</strong> Hardened workflow permissions to least
privilege, added the <code>zizmor</code> security scanner, pinned action
versions, and gated npm publishing with OIDC and environment protection.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10627">#10627</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>serialize-javascript</code>, <code>handlebars</code>,
<code>picomatch</code>, <code>vite</code>, and
<code>denoland/setup-deno</code> to latest versions. Added a 7-day
Dependabot cooldown period. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10574">#10574</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10572">#10572</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10568">#10568</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10663">#10663</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10664">#10664</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10665">#10665</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10669">#10669</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10670">#10670</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10616">#10616</a></strong>)</li>
<li><strong>Documentation:</strong> Unified docs, improved
<code>beforeRedirect</code> credential leakage example, clarified
<code>withCredentials</code>/<code>withXSRFToken</code> behaviour,
HTTP/2 support notes, async/await timeout error handling, header case
preservation, and various typo fixes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10649">#10649</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7471">#7471</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10654">#10654</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong>Housekeeping:</strong> Removed stale files, regenerated
lockfile, and updated sponsor scripts and blocks. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10584">#10584</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10650">#10650</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10582">#10582</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10640">#10640</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10659">#10659</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10668">#10668</a></strong>)</li>
<li><strong>Tests:</strong> Added regression coverage for urlencoded
<code>Content-Type</code> casing. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve Axios:</p>
<ul>
<li><strong><a
href="https://github.com/raashish1601"><code>@​raashish1601</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
<li><strong><a
href="https://github.com/Kilros0817"><code>@​Kilros0817</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
<li><strong><a
href="https://github.com/ashstrc"><code>@​ashstrc</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>)</li>
<li><strong><a
href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong><a
href="https://github.com/theamodhshetty"><code>@​theamodhshetty</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>)</li>
</ul>
<h2>v1.14.0</h2>
<p>This release focuses on compatibility fixes, adapter stability
improvements, and test/tooling modernisation.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Breaking Changes:</strong> None identified in this
release.</li>
<li><strong>Action Required:</strong> If you rely on env-based proxy
behaviour or CJS resolution edge-cases, validate your integration after
upgrade (notably <code>proxy-from-env</code> v2 alignment and
<code>main</code> entry compatibility fix).</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Features:</strong> No new end-user features were
introduced in this release.</li>
<li><strong>Test Coverage Expansion:</strong> Added broader smoke/module
test coverage for CJS and ESM package usage. (<a
href="https://redirect.github.com/axios/axios/pull/7510">#7510</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Headers:</strong> Trim trailing CRLF in normalised header
values. (<a
href="https://redirect.github.com/axios/axios/pull/7456">#7456</a>)</li>
<li><strong>HTTP/2:</strong> Close detached HTTP/2 sessions on timeout
to avoid lingering sessions. (<a
href="https://redirect.github.com/axios/axios/pull/7457">#7457</a>)</li>
<li><strong>Fetch Adapter:</strong> Cancel <code>ReadableStream</code>
created during request-stream capability probing to prevent async
resource leaks. (<a
href="https://redirect.github.com/axios/axios/pull/7515">#7515</a>)</li>
<li><strong>Proxy Handling:</strong> Fixed env proxy behavior with
<code>proxy-from-env</code> v2 usage. (<a
href="https://redirect.github.com/axios/axios/pull/7499">#7499</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.0 — April 7, 2026</h2>
<p>This release delivers two critical security patches targeting header
injection and SSRF via proxy bypass, adds official runtime support for
Deno and Bun, and includes significant CI security hardening.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li>
<p><strong>Header Injection (CRLF):</strong> Rejects any header value
containing <code>\r</code> or <code>\n</code> characters to block CRLF
injection chains that could be used to exfiltrate cloud metadata (IMDS).
Behavior change: headers with CR/LF now throw <code>&quot;Invalid
character in header content&quot;</code>. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10660">#10660</a></strong>)</p>
</li>
<li>
<p><strong>SSRF via <code>no_proxy</code> Bypass:</strong> Introduces a
<code>shouldBypassProxy</code> helper that normalises hostnames (strips
trailing dots, handles bracketed IPv6) before evaluating
<code>no_proxy</code>/<code>NO_PROXY</code> rules, closing a gap that
could cause loopback or internal hosts to be inadvertently proxied.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10661">#10661</a></strong>)</p>
</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Deno &amp; Bun Runtime Support:</strong> Added full smoke
test suites for Deno and Bun, with CI workflows that run both runtimes
before any release is cut. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10652">#10652</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Node.js v22 Compatibility:</strong> Replaced deprecated
<code>url.parse()</code> calls with the WHATWG
<code>URL</code>/<code>URLSearchParams</code> API across examples,
sandbox, and tests, eliminating <code>DEP0169</code> deprecation
warnings on Node.js v22+. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li>
<p><strong>CI Security Hardening:</strong> Added <a
href="https://github.com/zizmorcore/zizmor">zizmor</a> GitHub Actions
security scanner; switched npm publish to OIDC Trusted Publishing
(removing the long-lived <code>NODE_AUTH_TOKEN</code>); pinned all
action references to full commit SHAs; narrowed workflow permissions to
least privilege; gated the publish step behind a dedicated
<code>npm-publish</code> environment; and blocked the sponsor-block
workflow from running on forks. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10627">#10627</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10641">#10641</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</p>
</li>
<li>
<p><strong>Docs:</strong> Clarified HTTP/2 support and the unsupported
<code>httpVersion</code> option; added documentation for header case
preservation; improved the <code>beforeRedirect</code> example to
prevent accidental credential leakage. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10654">#10654</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>)</p>
</li>
<li>
<p><strong>Dependencies:</strong> Bumped <code>picomatch</code>,
<code>handlebars</code>, <code>serialize-javascript</code>,
<code>vite</code> (×3), <code>denoland/setup-deno</code>, and 4
additional dev dependencies to latest versions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10564">#10564</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10565">#10565</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10567">#10567</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10568">#10568</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10572">#10572</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10574">#10574</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10663">#10663</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10664">#10664</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10665">#10665</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10669">#10669</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10670">#10670</a></strong>)</p>
</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/Kilros0817"><code>@​Kilros0817</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
<li><strong><a
href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10616">#10616</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10617">#10617</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10641">#10641</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</li>
<li><strong><a
href="https://github.com/ashstrc"><code>@​ashstrc</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>)</li>
<li><strong><a
href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong><a
href="https://github.com/raashish1601"><code>@​raashish1601</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.14.0...v1.15.0">Full
Changelog</a></p>
<hr />
<h2>v1.14.0 — March 27, 2026</h2>
<p>This release fixes a security vulnerability in the
<code>formidable</code> dependency, resolves a CommonJS compatibility
regression, hardens proxy and HTTP/2 handling, and modernises the build
and test toolchain.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Formidable Vulnerability:</strong> Upgraded
<code>formidable</code> from v2 to v3 to address a reported
arbitrary-file vulnerability. Updated test server and assertions to
align with the v3 API. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7533">#7533</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7"><code>772a4e5</code></a>
chore(release): prepare release 1.15.0 (<a
href="https://redirect.github.com/axios/axios/issues/10671">#10671</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22"><code>4b07137</code></a>
chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (<a
href="https://redirect.github.com/axios/axios/issues/10663">#10663</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6"><code>51e57b3</code></a>
chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (<a
href="https://redirect.github.com/axios/axios/issues/10664">#10664</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa"><code>fba1a77</code></a>
chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (<a
href="https://redirect.github.com/axios/axios/issues/10665">#10665</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e"><code>0bf6e28</code></a>
chore(deps): bump denoland/setup-deno in the github-actions group (<a
href="https://redirect.github.com/axios/axios/issues/10669">#10669</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661"><code>8107157</code></a>
chore(deps-dev): bump the development_dependencies group with 4 updates
(<a
href="https://redirect.github.com/axios/axios/issues/10670">#10670</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542"><code>e66530e</code></a>
ci: require npm-publish environment for releases (<a
href="https://redirect.github.com/axios/axios/issues/10666">#10666</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2"><code>49f23cb</code></a>
chore(sponsor): update sponsor block (<a
href="https://redirect.github.com/axios/axios/issues/10668">#10668</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"><code>3631854</code></a>
fix: unrestricted cloud metadata exfiltration via header injection chain
(<a
href="https://redirect.github.com/axios/axios/issues/10">#10</a>...</li>
<li><a
href="https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"><code>fb3befb</code></a>
fix: no_proxy hostname normalization bypass leads to ssrf (<a
href="https://redirect.github.com/axios/axios/issues/10661">#10661</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.13.5...v1.15.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Install script changes</summary>
<p>This version modifies <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@renovate-bot @Yuan325
chore(deps): update dependency pytest to v9.0.3 [security] (#3047)
f6391be 
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [pytest](https://redirect.github.com/pytest-dev/pytest)
([changelog](https://docs.pytest.org/en/stable/changelog.html)) |
`==9.0.2` → `==9.0.3` |
![age](https://developer.mend.io/api/mc/badges/age/pypi/pytest/9.0.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pytest/9.0.2/9.0.3?slim=true)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/363) for more information.

### GitHub Vulnerability Alerts

#### [CVE-2025-71176](https://nvd.nist.gov/vuln/detail/CVE-2025-71176)

pytest through 9.0.2 on UNIX relies on directories with the
`/tmp/pytest-of-{user}` name pattern, which allows local users to cause
a denial of service or possibly gain privileges.

##### Severity
- CVSS Score: 6.8 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L`

---

### Release Notes

<details>
<summary>pytest-dev/pytest (pytest)</summary>

###
[`v9.0.3`](https://redirect.github.com/pytest-dev/pytest/releases/tag/9.0.3)

[Compare
Source](https://redirect.github.com/pytest-dev/pytest/compare/9.0.2...9.0.3)

### pytest 9.0.3 (2026-04-07)

#### Bug fixes

-
[#&#8203;12444](https://redirect.github.com/pytest-dev/pytest/issues/12444):
Fixed `pytest.approx` which now correctly takes into account
`~collections.abc.Mapping` keys order to compare them.

-
[#&#8203;13634](https://redirect.github.com/pytest-dev/pytest/issues/13634):
Blocking a `conftest.py` file using the `-p no:` option is now
explicitly disallowed.

Previously this resulted in an internal assertion failure during plugin
loading.

Pytest now raises a clear `UsageError` explaining that conftest files
are not plugins and cannot be disabled via `-p`.

-
[#&#8203;13734](https://redirect.github.com/pytest-dev/pytest/issues/13734):
Fixed crash when a test raises an exceptiongroup with `__tracebackhide__
= True`.

-
[#&#8203;14195](https://redirect.github.com/pytest-dev/pytest/issues/14195):
Fixed an issue where non-string messages passed to <span
class="title-ref">unittest.TestCase.subTest()</span> were not printed.

-
[#&#8203;14343](https://redirect.github.com/pytest-dev/pytest/issues/14343):
Fixed use of insecure temporary directory (CVE-2025-71176).

#### Improved documentation

-
[#&#8203;13388](https://redirect.github.com/pytest-dev/pytest/issues/13388):
Clarified documentation for `-p` vs `PYTEST_PLUGINS` plugin loading and
fixed an incorrect `-p` example.
-
[#&#8203;13731](https://redirect.github.com/pytest-dev/pytest/issues/13731):
Clarified that capture fixtures (e.g. `capsys` and `capfd`) take
precedence over the `-s` / `--capture=no` command-line options in
`Accessing captured output from a test function
<accessing-captured-output>`.
-
[#&#8203;14088](https://redirect.github.com/pytest-dev/pytest/issues/14088):
Clarified that the default `pytest_collection` hook sets `session.items`
before it calls `pytest_collection_finish`, not after.
-
[#&#8203;14255](https://redirect.github.com/pytest-dev/pytest/issues/14255):
TOML integer log levels must be quoted: Updating reference
documentation.

#### Contributor-facing changes

-
[#&#8203;12689](https://redirect.github.com/pytest-dev/pytest/issues/12689):
The test reports are now published to Codecov from GitHub Actions.
The test statistics is visible [on the web
interface](https://app.codecov.io/gh/pytest-dev/pytest/tests).

  \-- by `aleguy02`

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/googleapis/mcp-toolbox).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@renovate-bot @Yuan325
chore(deps): update github actions (#3026)
7d24dab 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/cache](https://redirect.github.com/actions/cache)
([changelog](https://redirect.github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7..27d5ce7f107fe9357f9df03efb73ab90386fccae))
| action | digest | `6682284` → `27d5ce7` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
([changelog](https://redirect.github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f..043fb46d1a93c77aae656e7c1c64a875d1fc6a0a))
| action | digest | `bbbca2d` → `043fb46` |
|
[cloudflare/wrangler-action](https://redirect.github.com/cloudflare/wrangler-action)
([changelog](https://redirect.github.com/cloudflare/wrangler-action/compare/da0e0dfe58b7a431659754fdf3f186c529afbe65..9acf94ace14e7dc412b076f2c5c20b8ce93c79cd))
| action | digest | `da0e0df` → `9acf94a` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/363) for more information.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/googleapis/mcp-toolbox).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.43.0 …
b1d7d3b 
…in /docs/en/documentation/getting-started/quickstart/go/adkgo (#3019)

Bumps
[go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go)
from 1.39.0 to 1.43.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2>
<h3>Added</h3>
<ul>
<li>Add <code>IsRandom</code> and <code>WithRandom</code> on
<code>TraceFlags</code>, and <code>IsRandom</code> on
<code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code>
for <a
href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C
Trace Context Level 2 Random Trace ID Flag</a> support. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li>
<li>Add service detection with <code>WithService</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li>
<li>Add <code>DefaultWithContext</code> and
<code>EnvironmentWithContext</code> in
<code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing
<code>context.Context</code> through default and environment detectors.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Support attributes with empty value (<code>attribute.EMPTY</code>)
in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Add support for per-series start time tracking for cumulative
metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>.
Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li>
<li>Add <code>WithCardinalityLimitSelector</code> for metric reader for
configuring cardinality limits specific to the instrument kind. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Introduce the <code>EMPTY</code> Type in
<code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty
value is now a valid value, with <code>INVALID</code> remaining as a
deprecated alias of <code>EMPTY</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
<li>Improve slice handling in
<code>go.opentelemetry.io/otel/attribute</code> to optimize short slice
values with fixed-size fast paths. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li>
<li>Improve performance of span metric recording in
<code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if
self-observability is not enabled. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li>
<li>Improve formatting of metric data diffs in
<code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>Deprecate <code>INVALID</code> in
<code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code>
instead. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Return spec-compliant <code>TraceIdRatioBased</code> description.
This is a breaking behavioral change, but it is necessary to
make the implementation <a
href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>.
(<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li>
<li>Fix a race condition in
<code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue
aggregation could collect the value 0 even when no zero-value
measurements were recorded. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li>Limit HTTP response body to 4 MiB in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to mitigate excessive memory usage caused by a misconfigured or
malicious server.
Responses exceeding the limit are treated as non-retryable errors. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><code>WithHostID</code> detector in
<code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for
<code>kenv</code> command on BSD. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li>Fix missing <code>request.GetBody</code> in
<code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>
to correctly handle HTTP2 GOAWAY frame. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
</ul>
<h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2>
<h3>Added</h3>
<ul>
<li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package.
The package contains semantic conventions from the <code>v1.40.0</code>
version of the OpenTelemetry Semantic Conventions.
See the <a
href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration
documentation</a> for information on how to upgrade from
<code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a>
Release v1.43.0 / v0.65.0 / v0.19.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a>
chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a>
chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a>
limit response body size for OTLP HTTP exporters (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a>
Use an absolute path when calling bsd kenv (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a>
fix(deps): update module google.golang.org/grpc to v1.80.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a>
fix: support getBody in otelploghttp (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a>
fix(deps): update googleapis to 9d38bb4 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a>
chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li>
<li><a
href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a>
chore(deps): update fossas/fossa-action action to v1.9.0 (<a
href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=go.opentelemetry.io/otel/sdk&package-manager=go_modules&previous-version=1.39.0&new-version=1.43.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@renovate-bot @Yuan325
chore(deps): update go (#3015)
d1c36e8 
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) | Type |
Update | Pending |
|---|---|---|---|---|---|---|
|
[cloud.google.com/go/bigtable](https://redirect.github.com/googleapis/google-cloud-go)
| `v1.45.0` → `v1.46.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fbigtable/v1.46.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fbigtable/v1.45.0/v1.46.0?slim=true)
| require | minor | |
|
[cloud.google.com/go/dataplex](https://redirect.github.com/googleapis/google-cloud-go)
| `v1.30.0` → `v1.32.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fdataplex/v1.32.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fdataplex/v1.30.0/v1.32.0?slim=true)
| require | minor | |
|
[cloud.google.com/go/dataproc/v2](https://redirect.github.com/googleapis/google-cloud-go)
| `v2.17.0` → `v2.19.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fdataproc%2fv2/v2.19.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fdataproc%2fv2/v2.17.0/v2.19.0?slim=true)
| require | minor | |
|
[cloud.google.com/go/geminidataanalytics](https://redirect.github.com/googleapis/google-cloud-go)
| `v0.9.0` → `v0.11.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fgeminidataanalytics/v0.11.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fgeminidataanalytics/v0.9.0/v0.11.0?slim=true)
| require | minor | |
|
[cloud.google.com/go/logging](https://redirect.github.com/googleapis/google-cloud-go)
| `v1.13.2` → `v1.16.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2flogging/v1.16.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2flogging/v1.13.2/v1.16.0?slim=true)
| require | minor | |
|
[cloud.google.com/go/longrunning](https://redirect.github.com/googleapis/google-cloud-go)
| `v0.9.0` → `v0.11.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2flongrunning/v0.11.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2flongrunning/v0.9.0/v0.11.0?slim=true)
| require | minor | |
|
[github.com/ClickHouse/clickhouse-go/v2](https://redirect.github.com/ClickHouse/clickhouse-go)
| `v2.44.0` → `v2.45.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fClickHouse%2fclickhouse-go%2fv2/v2.45.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fClickHouse%2fclickhouse-go%2fv2/v2.44.0/v2.45.0?slim=true)
| require | minor | |
|
[github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go)
| `v0.55.0` → `v0.56.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fGoogleCloudPlatform%2fopentelemetry-operations-go%2fexporter%2fmetric/v0.56.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fGoogleCloudPlatform%2fopentelemetry-operations-go%2fexporter%2fmetric/v0.55.0/v0.56.0?slim=true)
| require | minor | |
|
[github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go)
| `v1.31.0` → `v1.32.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fGoogleCloudPlatform%2fopentelemetry-operations-go%2fexporter%2ftrace/v1.32.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fGoogleCloudPlatform%2fopentelemetry-operations-go%2fexporter%2ftrace/v1.31.0/v1.32.0?slim=true)
| require | minor | |
|
[github.com/snowflakedb/gosnowflake](https://redirect.github.com/snowflakedb/gosnowflake)
| `v1.19.0` → `v1.19.1` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fsnowflakedb%2fgosnowflake/v1.19.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fsnowflakedb%2fgosnowflake/v1.19.0/v1.19.1?slim=true)
| require | patch | |
|
[github.com/testcontainers/testcontainers-go](https://redirect.github.com/testcontainers/testcontainers-go)
| `v0.41.0` → `v0.42.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2ftestcontainers%2ftestcontainers-go/v0.42.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2ftestcontainers%2ftestcontainers-go/v0.41.0/v0.42.0?slim=true)
| require | minor | |
|
[github.com/testcontainers/testcontainers-go/modules/cockroachdb](https://redirect.github.com/testcontainers/testcontainers-go)
| `v0.41.0` → `v0.42.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2ftestcontainers%2ftestcontainers-go%2fmodules%2fcockroachdb/v0.42.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2ftestcontainers%2ftestcontainers-go%2fmodules%2fcockroachdb/v0.41.0/v0.42.0?slim=true)
| require | minor | |
|
[github.com/testcontainers/testcontainers-go/modules/couchbase](https://redirect.github.com/testcontainers/testcontainers-go)
| `v0.41.0` → `v0.42.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2ftestcontainers%2ftestcontainers-go%2fmodules%2fcouchbase/v0.42.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2ftestcontainers%2ftestcontainers-go%2fmodules%2fcouchbase/v0.41.0/v0.42.0?slim=true)
| require | minor | |
|
[github.com/valkey-io/valkey-go](https://redirect.github.com/valkey-io/valkey-go)
| `v1.0.73` → `v1.0.74` |
![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fvalkey-io%2fvalkey-go/v1.0.74?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fvalkey-io%2fvalkey-go/v1.0.73/v1.0.74?slim=true)
| require | patch | |
| [go](https://go.dev/)
([source](https://redirect.github.com/golang/go)) | `1.26.1` → `1.26.2`
|
![age](https://developer.mend.io/api/mc/badges/age/golang-version/go/1.26.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/golang-version/go/1.26.1/1.26.2?slim=true)
| toolchain | patch | |
|
[go.opentelemetry.io/contrib/propagators/autoprop](https://redirect.github.com/open-telemetry/opentelemetry-go-contrib)
| `v0.67.0` → `v0.68.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/go.opentelemetry.io%2fcontrib%2fpropagators%2fautoprop/v0.68.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/go.opentelemetry.io%2fcontrib%2fpropagators%2fautoprop/v0.67.0/v0.68.0?slim=true)
| require | minor | |
|
[google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client)
| `v0.274.0` → `v0.275.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fapi/v0.275.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fapi/v0.274.0/v0.275.0?slim=true)
| require | minor | `v0.276.0` |
|
[google.golang.org/genai](https://redirect.github.com/googleapis/go-genai)
| `v1.52.1` → `v1.54.0` |
![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgenai/v1.54.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgenai/v1.52.1/v1.54.0?slim=true)
| require | minor | |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `v1.48.1` →
`v1.48.2` |
![age](https://developer.mend.io/api/mc/badges/age/go/modernc.org%2fsqlite/v1.48.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/go/modernc.org%2fsqlite/v1.48.1/v1.48.2?slim=true)
| require | patch | |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/363) for more information.

---

### Release Notes

<details>
<summary>googleapis/google-cloud-go
(cloud.google.com/go/geminidataanalytics)</summary>

###
[`v0.11.0`](https://redirect.github.com/googleapis/google-cloud-go/blob/HEAD/CHANGES.md#v0110)

[Compare
Source](https://redirect.github.com/googleapis/google-cloud-go/compare/v0.10.0...v0.11.0)

- Clients for spanner, pubsub and video are now in beta.

- New client for DLP.

- spanner: performance and testing improvements.

- storage: requester-pays buckets are supported.

- storage, profiler, bigtable, bigquery: bug fixes and other minor
improvements.

- pubsub: bug fixes and other minor improvements

###
[`v0.10.0`](https://redirect.github.com/googleapis/google-cloud-go/blob/HEAD/CHANGES.md#v0100)

[Compare
Source](https://redirect.github.com/googleapis/google-cloud-go/compare/v0.9.0...v0.10.0)

- pubsub: Subscription.ModifyPushConfig replaced with
Subscription.Update.

- pubsub: Subscription.Receive now runs concurrently for higher
throughput.

- vision: cloud.google.com/go/vision is deprecated. Use
  cloud.google.com/go/vision/apiv1 instead.

- translation: now stable.

- trace: several changes to the surface. See the link below.

##### Code changes required from v0.9.0

- pubsub: Replace

  ```
sub.ModifyPushConfig(ctx, pubsub.PushConfig{Endpoint:
"https://example.com/push"})
  ```

  with

  ```
  sub.Update(ctx, pubsub.SubscriptionConfigToUpdate{
PushConfig: &pubsub.PushConfig{Endpoint: "https://example.com/push"},
  })
  ```

- trace: traceGRPCServerInterceptor will be provided from
\*trace.Client.
  Given an initialized `*trace.Client` named `tc`, instead of

  ```
s :=
grpc.NewServer(grpc.UnaryInterceptor(trace.GRPCServerInterceptor(tc)))
  ```

  write

  ```
  s := grpc.NewServer(grpc.UnaryInterceptor(tc.GRPCServerInterceptor()))
  ```

- trace trace.GRPCClientInterceptor will also provided from
\*trace.Client.
  Instead of

  ```
conn, err := grpc.Dial(srv.Addr,
grpc.WithUnaryInterceptor(trace.GRPCClientInterceptor()))
  ```

  write

  ```
conn, err := grpc.Dial(srv.Addr,
grpc.WithUnaryInterceptor(tc.GRPCClientInterceptor()))
  ```

- trace: We removed the deprecated `trace.EnableGRPCTracing`. Use the
gRPC
interceptor as a dial option as shown below when initializing Cloud
package
  clients:

  ```
c, err := pubsub.NewClient(ctx, "project-id",
option.WithGRPCDialOption(grpc.WithUnaryInterceptor(tc.GRPCClientInterceptor())))
  if err != nil {
      ...
  }
  ```

</details>

<details>
<summary>ClickHouse/clickhouse-go
(github.com/ClickHouse/clickhouse-go/v2)</summary>

###
[`v2.45.0`](https://redirect.github.com/ClickHouse/clickhouse-go/blob/HEAD/CHANGELOG.md#v2450-2026-04-13----Release-notes-generated-using-configuration-in-githubreleaseyml-at-main---)

[Compare
Source](https://redirect.github.com/ClickHouse/clickhouse-go/compare/v2.44.0...v2.45.0)

#### What's Changed

##### Bug Fixes 🐛

- fix: set req.Host for Host header in HTTP transport by
[@&#8203;binger-li-dd](https://redirect.github.com/binger-li-dd) in
[#&#8203;1826](https://redirect.github.com/ClickHouse/clickhouse-go/pull/1826)

##### Other Changes 🛠

- chore: pass explicity github token for claude review by
[@&#8203;kavirajk](https://redirect.github.com/kavirajk) in
[#&#8203;1818](https://redirect.github.com/ClickHouse/clickhouse-go/pull/1818)

#### New Contributors

- [@&#8203;binger-li-dd](https://redirect.github.com/binger-li-dd) made
their first contribution in
[#&#8203;1826](https://redirect.github.com/ClickHouse/clickhouse-go/pull/1826)

**Full Changelog**:
<ClickHouse/clickhouse-go@v2.44.0...v2.45.0>

</details>

<details>
<summary>GoogleCloudPlatform/opentelemetry-operations-go
(github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric)</summary>

###
[`v0.56.0`](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/releases/tag/v0.56.0):
v1.32.0/v0.56.0

[Compare
Source](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/v0.55.0...v0.56.0)

#### What's Changed

- Support universe domains in collector exporter client configuration by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1097](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1097)
- Don't pass credentials fetched using FindDefaultCredentials by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1098](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1098)
- googleclientauthextension: support Proxy-Authorization header by
[@&#8203;lindeskar](https://redirect.github.com/lindeskar) in
[#&#8203;1105](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1105)
- Improve unit tests for gcp auth extension by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1103](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1103)
- Allow providing a context to create the monitoring client by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1096](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1096)
- Add support for go 1.26 by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1107](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1107)
- chore(deps): update module golang.org/x/crypto to v0.45.0 \[security]
by [@&#8203;renovate-bot](https://redirect.github.com/renovate-bot) in
[#&#8203;1102](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1102)
- Don't allow modifying the default scopes by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1109](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1109)
- Ignore versions in the user agent header when comparing fixtures by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1115](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1115)
- Bump go version to resolve govulncheck failures by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1114](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1114)
- Separate out govulncheck into its own CI job by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1113](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1113)
- Normalize user agents in span attributes as well by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1117](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1117)
- fix(deps): update module google.golang.org/grpc to v1.79.3 \[security]
by [@&#8203;jefferbrecht](https://redirect.github.com/jefferbrecht) in
[#&#8203;1131](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1131)
- Prepare for v1.32.0/v0.56.0 by
[@&#8203;dashpole](https://redirect.github.com/dashpole) in
[#&#8203;1132](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1132)

#### New Contributors

- [@&#8203;lindeskar](https://redirect.github.com/lindeskar) made their
first contribution in
[#&#8203;1105](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1105)
- [@&#8203;jefferbrecht](https://redirect.github.com/jefferbrecht) made
their first contribution in
[#&#8203;1131](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-go/pull/1131)

**Full Changelog**:
<GoogleCloudPlatform/opentelemetry-operations-go@v0.55.0...v0.56.0>

</details>

<details>
<summary>snowflakedb/gosnowflake
(github.com/snowflakedb/gosnowflake)</summary>

###
[`v1.19.1`](https://redirect.github.com/snowflakedb/gosnowflake/releases/tag/v1.19.1):
Release

[Compare
Source](https://redirect.github.com/snowflakedb/gosnowflake/compare/v1.19.0...v1.19.1)

- Please check Snowflake [Go Snowflake for release
notes](https://docs.snowflake.com/en/release-notes/clients-drivers/golang).

</details>

<details>
<summary>testcontainers/testcontainers-go
(github.com/testcontainers/testcontainers-go)</summary>

###
[`v0.42.0`](https://redirect.github.com/testcontainers/testcontainers-go/releases/tag/v0.42.0)

[Compare
Source](https://redirect.github.com/testcontainers/testcontainers-go/compare/v0.41.0...v0.42.0)

### What's Changed

#### ⚠️ Breaking Changes

- chore!: migrate to moby modules
([#&#8203;3591](https://redirect.github.com/testcontainers/testcontainers-go/issues/3591))
[@&#8203;thaJeztah](https://redirect.github.com/thaJeztah)

#### 🔒 Security

- chore(deps): bump moby/client v0.4.0, moby/api v1.54.1
([#&#8203;3634](https://redirect.github.com/testcontainers/testcontainers-go/issues/3634))
[@&#8203;thaJeztah](https://redirect.github.com/thaJeztah)

#### 🐛 Bug Fixes

- fix: return an error when docker host cannot be retrieved
([#&#8203;3613](https://redirect.github.com/testcontainers/testcontainers-go/issues/3613))
[@&#8203;ash2k](https://redirect.github.com/ash2k)

#### 🧹 Housekeeping

- chore: gitignore Gas Town agent artifacts
([#&#8203;3633](https://redirect.github.com/testcontainers/testcontainers-go/issues/3633))
[@&#8203;mdelapenya](https://redirect.github.com/mdelapenya)
- fix(usage-metrics): include last release in the legend pop over
([#&#8203;3630](https://redirect.github.com/testcontainers/testcontainers-go/issues/3630))
[@&#8203;mdelapenya](https://redirect.github.com/mdelapenya)
- chore: update usage metrics (2026-04)
([#&#8203;3621](https://redirect.github.com/testcontainers/testcontainers-go/issues/3621))
@&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
- fix(usage-metrics): order of actions matters
([#&#8203;3623](https://redirect.github.com/testcontainers/testcontainers-go/issues/3623))
[@&#8203;mdelapenya](https://redirect.github.com/mdelapenya)
- fix(usage-metrics): reduce rate-limit cascade errors
([#&#8203;3622](https://redirect.github.com/testcontainers/testcontainers-go/issues/3622))
[@&#8203;mdelapenya](https://redirect.github.com/mdelapenya)
- fix(usage-metrics): replace the per-version inline retry with a
multi-pass approach
([#&#8203;3620](https://redirect.github.com/testcontainers/testcontainers-go/issues/3620))
[@&#8203;mdelapenya](https://redirect.github.com/mdelapenya)

#### 📦 Dependency updates

- chore(deps): bump
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from
1.28.0 to 1.43.0 in /modules/grafana-lgtm
([#&#8203;3639](https://redirect.github.com/testcontainers/testcontainers-go/issues/3639))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from
1.42.0 to 1.43.0 in /modules/compose
([#&#8203;3641](https://redirect.github.com/testcontainers/testcontainers-go/issues/3641))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from
1.42.0 to 1.43.0 in /modules/compose
([#&#8203;3645](https://redirect.github.com/testcontainers/testcontainers-go/issues/3645))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2
([#&#8203;3626](https://redirect.github.com/testcontainers/testcontainers-go/issues/3626))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2
to 1.97.3 in /modules/localstack
([#&#8203;3638](https://redirect.github.com/testcontainers/testcontainers-go/issues/3638))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from
1.41.0 to 1.43.0 in /modules/grafana-lgtm
([#&#8203;3643](https://redirect.github.com/testcontainers/testcontainers-go/issues/3643))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0
in /modules/milvus
([#&#8203;3644](https://redirect.github.com/testcontainers/testcontainers-go/issues/3644))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore: update to Go 1.25.9, 1.26.9
([#&#8203;3647](https://redirect.github.com/testcontainers/testcontainers-go/issues/3647))
[@&#8203;thaJeztah](https://redirect.github.com/thaJeztah)
- chore(deps): bump bump github.com/klauspost/compress v1.18.5,
github.com/docker/compose v5.1.2
([#&#8203;3646](https://redirect.github.com/testcontainers/testcontainers-go/issues/3646))
[@&#8203;thaJeztah](https://redirect.github.com/thaJeztah)
- chore(deps): bump moby/client v0.4.0, moby/api v1.54.1
([#&#8203;3634](https://redirect.github.com/testcontainers/testcontainers-go/issues/3634))
[@&#8203;thaJeztah](https://redirect.github.com/thaJeztah)
- chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0
([#&#8203;3629](https://redirect.github.com/testcontainers/testcontainers-go/issues/3629))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1
([#&#8203;3628](https://redirect.github.com/testcontainers/testcontainers-go/issues/3628))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3
([#&#8203;3627](https://redirect.github.com/testcontainers/testcontainers-go/issues/3627))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- fix(localstack): accept community-archive as a valid tag
([#&#8203;3601](https://redirect.github.com/testcontainers/testcontainers-go/issues/3601))
[@&#8203;johnduhart](https://redirect.github.com/johnduhart)
- chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in
/modules/gcloud
([#&#8203;3632](https://redirect.github.com/testcontainers/testcontainers-go/issues/3632))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0
([#&#8203;3625](https://redirect.github.com/testcontainers/testcontainers-go/issues/3625))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump pygments from 2.19.2 to 2.20.0
([#&#8203;3615](https://redirect.github.com/testcontainers/testcontainers-go/issues/3615))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in
/modules/milvus
([#&#8203;3612](https://redirect.github.com/testcontainers/testcontainers-go/issues/3612))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in
/modules/etcd
([#&#8203;3611](https://redirect.github.com/testcontainers/testcontainers-go/issues/3611))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in
/modules/ollama
([#&#8203;3610](https://redirect.github.com/testcontainers/testcontainers-go/issues/3610))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in
/modules/pinecone
([#&#8203;3609](https://redirect.github.com/testcontainers/testcontainers-go/issues/3609))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in
/modules/couchbase
([#&#8203;3608](https://redirect.github.com/testcontainers/testcontainers-go/issues/3608))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump requests from 2.32.4 to 2.33.0
([#&#8203;3604](https://redirect.github.com/testcontainers/testcontainers-go/issues/3604))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in
/modules/meilisearch
([#&#8203;3607](https://redirect.github.com/testcontainers/testcontainers-go/issues/3607))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in
/modules/compose
([#&#8203;3605](https://redirect.github.com/testcontainers/testcontainers-go/issues/3605))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in
/modules/qdrant
([#&#8203;3606](https://redirect.github.com/testcontainers/testcontainers-go/issues/3606))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.3.1 to
1.4.1 in /modules/dockermcpgateway
([#&#8203;3599](https://redirect.github.com/testcontainers/testcontainers-go/issues/3599))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.69.2 to 1.79.3 in
/modules/dockermodelrunner
([#&#8203;3594](https://redirect.github.com/testcontainers/testcontainers-go/issues/3594))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.79.3 in
/modules/toxiproxy
([#&#8203;3595](https://redirect.github.com/testcontainers/testcontainers-go/issues/3595))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.79.3 in
/modules/weaviate
([#&#8203;3596](https://redirect.github.com/testcontainers/testcontainers-go/issues/3596))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in
/modules/compose
([#&#8203;3597](https://redirect.github.com/testcontainers/testcontainers-go/issues/3597))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in
/modules/grafana-lgtm
([#&#8203;3598](https://redirect.github.com/testcontainers/testcontainers-go/issues/3598))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in
/modules/gcloud
([#&#8203;3593](https://redirect.github.com/testcontainers/testcontainers-go/issues/3593))
@&#8203;[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)

</details>

<details>
<summary>valkey-io/valkey-go (github.com/valkey-io/valkey-go)</summary>

###
[`v1.0.74`](https://redirect.github.com/valkey-io/valkey-go/releases/tag/v1.0.74):
1.0.74

[Compare
Source](https://redirect.github.com/valkey-io/valkey-go/compare/v1.0.73...v1.0.74)

### Changes

- feat: add SetOnInvalidations to DedicatedClient
- feat: make valkeycompat.Pipeliner a Cmdable
- fix: premature recycles in MGet/MSet helpers
- fix: remove incorrect Start/Stop swap in valkeycompat.ZRange Rev
- fix: add expiration key to valkeylimiter script execution

#### Contributors

We'd like to thank all the contributors who worked on this release!

[@&#8203;Luis729](https://redirect.github.com/Luis729),
[@&#8203;jinbum-kim](https://redirect.github.com/jinbum-kim),
[@&#8203;junsred](https://redirect.github.com/junsred),
[@&#8203;rueian](https://redirect.github.com/rueian) and
[@&#8203;tmchow](https://redirect.github.com/tmchow)

</details>

<details>
<summary>golang/go (go)</summary>

###
[`v1.26.2`](https://redirect.github.com/golang/go/compare/go1.26.1...go1.26.2)

</details>

<details>
<summary>googleapis/google-api-go-client
(google.golang.org/api)</summary>

###
[`v0.275.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.275.0)

[Compare
Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0)

##### Features

- **all:** Auto-regenerate discovery clients
([#&#8203;3557](https://redirect.github.com/googleapis/google-api-go-client/issues/3557))
([2b2ef99](https://redirect.github.com/googleapis/google-api-go-client/commit/2b2ef99cb9f245743690a4d26e4fdc65287253e0))
- **all:** Auto-regenerate discovery clients
([#&#8203;3560](https://redirect.github.com/googleapis/google-api-go-client/issues/3560))
([9437d4d](https://redirect.github.com/googleapis/google-api-go-client/commit/9437d4d741a6ae9e1c20a6f727b9c8f64e1bc19e))

</details>

<details>
<summary>googleapis/go-genai (google.golang.org/genai)</summary>

###
[`v1.54.0`](https://redirect.github.com/googleapis/go-genai/releases/tag/v1.54.0)

[Compare
Source](https://redirect.github.com/googleapis/go-genai/compare/v1.53.0...v1.54.0)

##### Features

- Add "eu" as a supported service location for Vertex AI platform.
([9245aba](https://redirect.github.com/googleapis/go-genai/commit/9245aba251afea99b1560fae07b93498ed5b5d8e))
- Add Live Avatar new fields
([2ae252c](https://redirect.github.com/googleapis/go-genai/commit/2ae252caaf0d5273d5656d32858e54c354326248))
- Add webhook\_config to batches.create() and models.generate\_videos()
([4790027](https://redirect.github.com/googleapis/go-genai/commit/4790027b553d401d5cc99f21776dcfa49cbda16d))

###
[`v1.53.0`](https://redirect.github.com/googleapis/go-genai/releases/tag/v1.53.0)

[Compare
Source](https://redirect.github.com/googleapis/go-genai/compare/v1.52.1...v1.53.0)

##### Miscellaneous Chores

- release 1.53.0
([07f38c9](https://redirect.github.com/googleapis/go-genai/commit/07f38c926798eb5f4d9ef3af531ee3f4d91c6fd6))

</details>

<details>
<summary>cznic/sqlite (modernc.org/sqlite)</summary>

###
[`v1.48.2`](https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.48.2)

[Compare
Source](https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.48.2)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/googleapis/mcp-toolbox).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /docs/en…
5e624b4 
…/documentation/configuration/pre-post-processing/js/langchain (#3084)

Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.11 to 1.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a>
Release version 1.16.0 of the npm package.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a>
Add sensitiveHeaders option.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a>
ci: add Node.js 24.x to the CI matrix</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a>
ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a>
Sanitizing input.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.11&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump protobufjs from 7.5.4 to 7.5.5 in /docs/en/document…
98e4ddf 
…ation/getting-started/quickstart/js/genkit (#3085)

Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4
to 7.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md">protobufjs's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1">8.0.1</a>
(2026-03-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>bump protobufjs dependency version for cli package (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2128">#2128</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377">549b05e</a>)</li>
<li>correct json syntax in tsconfig.json (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2120">#2120</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687">8065625</a>)</li>
<li><strong>descriptor:</strong> guard oneof index for non-Type parents
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2122">#2122</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728">1cac5cf</a>)</li>
<li>do not allow setting <strong>proto</strong> in Message constructor
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad">f05e3c3</a>)</li>
<li>filter invalid characters from the type name (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75">535df44</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0">8.0.0</a>
(2025-12-16)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>add Edition 2024 Support (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add Edition 2024 Support (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7">53e8492</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47"><code>b7bdfaf</code></a>
chore: release 7.5.5</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"><code>ff7b2af</code></a>
fix: filter invalid characters from the type name (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482"><code>086b19d</code></a>
fix: do not allow setting <strong>proto</strong> in Message constructor
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)</li>
<li>See full diff in <a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~fenster">fenster</a>, a new releaser for
protobufjs since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.5.4&new-version=7.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /docs/en…
a078377 
…/documentation/getting-started/quickstart/js/langchain (#3086)

Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.11 to 1.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a>
Release version 1.16.0 of the npm package.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a>
Add sensitiveHeaders option.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a>
ci: add Node.js 24.x to the CI matrix</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a>
ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a>
Sanitizing input.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.11&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /docs/en…
4711058 
…/documentation/getting-started/quickstart/js/genAI (#3087)

Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.11 to 1.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a>
Release version 1.16.0 of the npm package.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a>
Add sensitiveHeaders option.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a>
ci: add Node.js 24.x to the CI matrix</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a>
ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a>
Sanitizing input.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.11&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /docs/en…
f22b664 
…/documentation/getting-started/quickstart/js/genkit (#3088)

Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.11 to 1.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a>
Release version 1.16.0 of the npm package.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a>
Add sensitiveHeaders option.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a>
ci: add Node.js 24.x to the CI matrix</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a>
ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a>
Sanitizing input.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.11&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump protobufjs from 7.5.4 to 7.5.5 in /docs/en/document…
86c02be 
…ation/configuration/pre-post-processing/js/adk (#3089)

Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4
to 7.5.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md">protobufjs's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1">8.0.1</a>
(2026-03-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>bump protobufjs dependency version for cli package (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2128">#2128</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377">549b05e</a>)</li>
<li>correct json syntax in tsconfig.json (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2120">#2120</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687">8065625</a>)</li>
<li><strong>descriptor:</strong> guard oneof index for non-Type parents
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2122">#2122</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728">1cac5cf</a>)</li>
<li>do not allow setting <strong>proto</strong> in Message constructor
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad">f05e3c3</a>)</li>
<li>filter invalid characters from the type name (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75">535df44</a>)</li>
</ul>
<h2><a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0">8.0.0</a>
(2025-12-16)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>add Edition 2024 Support (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add Edition 2024 Support (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2060">#2060</a>)
(<a
href="https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7">53e8492</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47"><code>b7bdfaf</code></a>
chore: release 7.5.5</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"><code>ff7b2af</code></a>
fix: filter invalid characters from the type name (<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2127">#2127</a>)</li>
<li><a
href="https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482"><code>086b19d</code></a>
fix: do not allow setting <strong>proto</strong> in Message constructor
(<a
href="https://redirect.github.com/protobufjs/protobuf.js/issues/2126">#2126</a>)</li>
<li>See full diff in <a
href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~fenster">fenster</a>, a new releaser for
protobufjs since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=protobufjs&package-manager=npm_and_yarn&previous-version=7.5.4&new-version=7.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@dependabot @Yuan325
chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /docs/en…
4a9abe8 
…/documentation/getting-started/quickstart/js/adk (#3090)

Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.11 to 1.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b"><code>0c23a22</code></a>
Release version 1.16.0 of the npm package.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9"><code>844c4d3</code></a>
Add sensitiveHeaders option.</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be"><code>5e8b8d0</code></a>
ci: add Node.js 24.x to the CI matrix</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af"><code>7953e22</code></a>
ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6</li>
<li><a
href="https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75"><code>86dc1f8</code></a>
Sanitizing input.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.11&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/mcp-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@pull pull Bot locked and limited conversation to collaborators Apr 17, 2026
@pull pull Bot added the ⤵️ pull label Apr 17, 2026
@pull pull Bot merged commit 4a9abe8 into pepe57:main Apr 17, 2026
12 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@renovate-bot