deps(go): Bump the go-minor group across 1 directory with 24 updates

[dependabot]

Bumps the go-minor group with 16 updates in the / directory:

Package	From	To
charm.land/bubbles/v2	2.0.0	2.1.0
charm.land/glamour/v2	2.0.0-20260123212943-6014aa153a9b	2.0.1
github.com/alecthomas/chroma/v2	2.23.1	2.26.1
github.com/dmora/agentrun	0.6.0	0.7.1
github.com/glebarez/go-sqlite	1.21.2	1.22.0
github.com/go-git/go-git/v5	5.16.5	5.19.1
github.com/invopop/jsonschema	0.13.0	0.14.0
github.com/mattn/go-isatty	0.0.20	0.0.22
github.com/modelcontextprotocol/go-sdk	1.4.1	1.6.1
github.com/ncruces/go-sqlite3	0.30.5	0.35.1
github.com/pressly/goose/v3	3.27.0	3.27.1
github.com/sahilm/fuzzy	0.1.1	0.1.3
github.com/tidwall/gjson	1.18.0	1.19.0
github.com/zeebo/assert	1.3.0	1.3.1
google.golang.org/genai	1.48.0	1.60.0
mvdan.cc/sh/v3	3.12.1-0.20250902163504-3cf4fd5717a5	3.13.1

Updates charm.land/bubbles/v2 from 2.0.0 to 2.1.0

Release notes

Sourced from charm.land/bubbles/v2's releases.

v2.1.0

Shrink ’n’ grow your textareas

The update adds a new feature to automatically resize your textarea vertically as its content changes.

ta := textarea.New()
ta.DynamicHeight = true   // Enable dynamic resizing
ta.MinHeight = 3          // Minimum visible rows
ta.MaxHeight = 10         // Maximum visible rows
ta.MaxContentHeight = 20  // Maximum rows of content

Piece of cake, right?

Enjoy! 💘

Changelog

New!

• f1daacfa0cfee07e31a12498078426d275aa5286: feat(textarea): dynamic height (#910) (@​meowgorithm)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• f1daacf feat(textarea): dynamic height (#910)
• d2b804e chore(deps): bump the all group with 2 updates (#908)
• c2c79e3 chore(deps): bump the all group with 2 updates (#902)
• See full diff in compare view

Updates charm.land/bubbletea/v2 from 2.0.0 to 2.0.2

Release notes

Sourced from charm.land/bubbletea/v2's releases.

v2.0.2

This release contains a small patch fixing a rendering that might affect Wish users running on Unix platforms.

Changelog

Fixed

• f25595a848eb11a87631a9e43ffe078d713c2236: fix(renderer): use mapNl optimization when not on Windows and no PTY input (#1615) (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.1

A small patch release to fix opening the proper default stdin file for input.

Changelog

Fixed

• 110a91911314541601ff156fa96904350a4cd07f: fix(examples): add missing WithWidth to table example (#1598) (@​shv-ng)
• 66b7abdecfad6cc67a5b408e66d54170a063ff89: fix: check if os.Stdin is a terminal before opening the TTY (@​aymanbagabas)

Docs

• c7513746b118758a3412895bad933dcccba8893d: docs: correct whats new link (@​aymanbagabas)
• 736fba22c570ddccbc325b2e33af04c457fa7591: docs: upgrade guide: correct badge url (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• f25595a fix(renderer): use mapNl optimization when not on Windows and no PTY input (#...
• 736fba2 docs: upgrade guide: correct badge url
• 66b7abd fix: check if os.Stdin is a terminal before opening the TTY
• 110a919 fix(examples): add missing WithWidth to table example (#1598)
• c751374 docs: correct whats new link
• See full diff in compare view

Updates charm.land/glamour/v2 from 2.0.0-20260123212943-6014aa153a9b to 2.0.1

Release notes

Sourced from charm.land/glamour/v2's releases.

v2.0.1

Changelog

Bug fixes

• 975a0f30cc6519fde4481ab084987222c8f06c34: fix: close wrap writer before its downstream chain (#575) (@​taciturnaxolotl)

Other work

• c29364924407add0616fc067e4c70ddf9a5da0dd: chore: fix pre-existing lint failures (#575) (@​taciturnaxolotl)
• 95c93db04489cebf252ec856584445c7e85ee276: chore: bump lipgloss to v2.0.4 (@​taciturnaxolotl)
• 600b93a40bb9754522c7e3496b8b41989cf1dec7: chore: remove CODEOWNERS (@​aymanbagabas)
• 253da61fcb275fcd28296956ffae5f7d98ff618d: fix(ci): use local golangci config (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v2.0.0

What's New in Glamour v2

We're excited to announce the second major release of Glamour!

If you (or your LLM) are just looking for technical details on migrating from v1, please check out the Upgrade Guide.

[!NOTE] We don't take API changes lightly and strive to make the upgrade process as simple as possible. We believe these changes bring necessary improvements and pave the way for the future. If something feels way off, let us know.

❤️ Charm Land Import Path

We've updated our import paths to use vanity domains and use our domain to import Go packages.

// Before
import "github.com/charmbracelet/glamour"
// After
import "charm.land/glamour/v2"

💄 Lip Gloss v2 Integration

Glamour v2 now uses [Lip Gloss v2][lipgloss] under the hood, bringing improved performance and more consistent styling across the Charm ecosystem.

Since Glamour is designed to be pure (same input = same output), it doesn't peek at your terminal's capabilities. Instead, color downsampling is handled explicitly via Lip Gloss when you're ready to render:

r, _ := glamour.NewTermRenderer(glamour.WithWordWrap(80))
out, _ := r.Render(markdown)
</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates charm.land/lipgloss/v2 from 2.0.0 to 2.0.4

Release notes

Sourced from charm.land/lipgloss/v2's releases.

v2.0.4

Mini Crash Patch

Hi! This is a small patch to fix a writer-related panic. Thanks for using Lip Gloss!

Changelog

Fixed

• fefa41d: fix: prevent crash when writing to a closed wrap writer (#699) (@​taciturnaxolotl)

Docs

• 40ec0e6: docs: fix typo in table comment (#641) (@​aymanbagabas)
• a4d0b40: docs: restore missing diaereses (#664) (@​meowgorithm)

Chore

• aa91b99: chore: remove CODEOWNERS (@​aymanbagabas)
• 9cbfe8b: chore(lint): exclude revive naming linter (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.3

Changelog

Fixed

• 472d718e2314596549bee2c0c8ccf8beea5f25ae: fix: Avoid background color query hang (#636) (@​jedevc)

Docs

• 9e39a0ad4f4fc779d620f17783cee3494da6ae29: docs: fix README typo (#629) (@​Rohan5commit)
• cd93a9f5d2e3cb151da83150db29751d92585d23: docs: fix tree comment typo (#634) (@​Rohan5commit)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.2

Table patch

If you don't know, we made big improvements in table rendering recently shipped in v2.0.0.

@​MartinodF made a good job on improving it even further for tricky edge cases, in particular when content wrapping is enabled.

Changelog

Fixed

• c289bad531f2588fc7506d7fbd5cdfd3daf4cb27: fix(table): height and overflow with wrapping content (#620) (@​MartinodF)

---

... (truncated)

Commits

• b00306c fix: prevent crash when writing to a closed wrap writer
• 40ec0e6 docs: fix typo in table comment (#641)
• e3b78a2 chore(deps): bump golang.org/x/sys in the all group (#691)
• 758dd87 chore(deps): bump golang.org/x/sys in the all group (#674)
• aa91b99 chore: remove CODEOWNERS
• 9cbfe8b chore(lint): exclude revive naming linter
• a4d0b40 docs: restore missing diaereses (#664)
• 472d718 fix: Avoid background color query hang (#636)
• 89fafba chore: bump x/ansi to v0.11.7 to fix width calculation bug
• d6d41e1 chore(deps): bump golang.org/x/sys in the all group (#663)
• Additional commits viewable in compare view

Updates github.com/alecthomas/chroma/v2 from 2.23.1 to 2.26.1

Release notes

Sourced from github.com/alecthomas/chroma/v2's releases.

v2.26.1

Changelog

• 56c7702 fix: downgrade go.mod version to 1.25

v2.26.0

Changelog

• a4d3f60 feat(chromad): use style counterparts for theme switching
• ce159e6 chore: migrate to new bit format
• 180ea9f perf(colour): replace Sprintf/ParseUint round-trip in NewColour with direct bit arithmetic (#1274)
• 68a08b0 docs: how to support dynamic theme switching
• 6fb9d92 feat(html): tag output with style mode
• a71fea3 feat(styles): add light/dark mode support

v2.25.0

Changelog

• c3826f0 chore: go mod tidy
• fb5bc39 fix: emit HTTP body tokens without Coalesce
• a3c2946 Improve Nu file detection (#1260)
• e841b1a chore(deps): update all non-major dependencies (#1272)
• 3ed2db8 Add Gemfile.lock lexer (& ruby improvements) (#1269)
• 41fb546 Add YAML+Jinja lexer (#1268)
• e99b881 chore(deps): update all non-major dependencies (#1263)
• e67dd2f (Markless) Fix parse issue for embed directives without options (#1266)
• dffa370 fix(go): tokenize trailing // as comment instead of consuming next line (#1265)
• 1cf1560 chore: upgrade to github.com/dlclark/regexp2/v2
• 2cbcf7b chore: upgrade golangci-lint
• 786675b chore(deps): update all non-major dependencies (#1257)
• 235590c feat: add JSONL support to JSON lexer (#1262)
• f9b5c97 fix(dart): match single-line comments without trailing newline (#1225) (#1261)
• 097f8e9 Mention Arturo in README (#1256)
• d46ce60 feat(markdown): highlight frontmatter and comments (#1245)
• f786b2a feat(lexers): add support for LilyPond (#1255)
• 0a02b98 chore(deps): update actions/checkout digest to de0fac2 (#1212)
• c55009e Fix AGENTS.md referencing a non-existent scripts directory (#1231)
• c5e763e Improve protobuf lexer (#1253)
• 113cd0e Add Arturo lexer (#1232)
• 4498d71 chore(deps): update dependency binaryen to v129 (#1238)
• 885f912 Added f4 to "Projects using Chroma" list (#1242)
• c42c9ef Update java lexer (#1254)

v2.24.1

Changelog

• d2a3784 fix: fallback bug

v2.24.0

Changelog

• 0b841ee chore: go mod tidy
• 10fcb68 chore(deps): update ubuntu docker tag to v26 (#1251)
• 2218de6 chore(deps): update all non-major dependencies (#1236)
• 2099887 Update Solarized Light to use correct background color (#1250)

... (truncated)

Commits

• 56c7702 fix: downgrade go.mod version to 1.25
• a4d3f60 feat(chromad): use style counterparts for theme switching
• ce159e6 chore: migrate to new bit format
• 180ea9f perf(colour): replace Sprintf/ParseUint round-trip in NewColour with direct b...
• 68a08b0 docs: how to support dynamic theme switching
• 6fb9d92 feat(html): tag output with style mode
• a71fea3 feat(styles): add light/dark mode support
• c3826f0 chore: go mod tidy
• fb5bc39 fix: emit HTTP body tokens without Coalesce
• a3c2946 Improve Nu file detection (#1260)
• Additional commits viewable in compare view

Updates github.com/aymanbagabas/go-udiff from 0.4.0 to 0.4.1

Commits

• 4608934 feat: import upstream package (#35)
• See full diff in compare view

Updates github.com/charmbracelet/colorprofile from 0.4.2 to 0.4.3

Release notes

Sourced from github.com/charmbracelet/colorprofile's releases.

v0.4.3

This release fixes an important issue where the writer when used as a middleware can cause short write errors. Kudos to @​abhinav for reporting this one.

Changelog

Fixed

• d085584efb48f2ad470e96cd0f3dcb8cc68a034b: fix(writer): ensure Write returns the number of processed bytes (#75) (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• d085584 fix(writer): ensure Write returns the number of processed bytes (#75)
• cf47ee4 chore(deps): bump golang.org/x/sys in the all group (#73)
• See full diff in compare view

Updates github.com/charmbracelet/x/ansi from 0.11.6 to 0.11.7

Commits

• 6921c75 fix(ansi): width: always use grapheme finder for width calculation
• 266cf5a chore(deps): bump the all group across 1 directory with 2 updates (#836)
• ad0b1ae chore(scripts): update builds script to use codecov v6 and dependabot/fetch-m...
• b18aac2 chore(deps): bump golang.org/x/image in /vttest in the all group (#840)
• ffd2a07 chore(deps): bump golang.org/x/image in /mosaic in the all group (#839)
• 7664402 chore(deps): bump golang.org/x/sys in /input in the all group (#833)
• 44f725f chore(deps): bump github.com/mattn/go-runewidth (#838)
• ac9fd4b chore(deps): bump github.com/mattn/go-runewidth (#837)
• e969fb5 chore(deps): bump golang.org/x/sys in /termios in the all group (#828)
• acb1aa7 chore(deps): bump golang.org/x/crypto in /sshkey in the all group (#835)
• Additional commits viewable in compare view

Updates github.com/dmora/agentrun from 0.6.0 to 0.7.1

Release notes

Sourced from github.com/dmora/agentrun's releases.

v0.7.1

What's Changed

• fix(agy): pure SpawnArgs, no temp-file leak, forward signals to agy by @​dmora in dmora/agentrun#54

Full Changelog: dmora/agentrun@v0.7.0...v0.7.1

v0.7.0

What's Changed

• feat: add agy backend, RunFirstTurn, ContentBlock/BlockSender, engine fixes by @​dmora in dmora/agentrun#53

Full Changelog: dmora/agentrun@v0.6.0...v0.7.0

Commits

• c84233d fix(agy): pure SpawnArgs, no temp-file leak, forward signals to agy (#54)
• c1cad63 feat: add agy backend, RunFirstTurn, ContentBlock/BlockSender, engine fixes (...
• See full diff in compare view

Updates github.com/glebarez/go-sqlite from 1.21.2 to 1.22.0

Release notes

Sourced from github.com/glebarez/go-sqlite's releases.

v1.22.0

Add compat package that register driver as sqlite3 (glebarez/go-sqlite#150)

Commits

• 74f6648 Add compat package that register driver as sqlite3
• 7c372d4 build(deps): bump actions/setup-go from 4 to 5
• d60c446 update go versions in workflows
• 58b2c87 update deps
• d52e825 build(deps): bump schneegans/dynamic-badges-action from 1.6.0 to 1.7.0
• ee56392 build(deps): bump actions/checkout from 3 to 4
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

• v5: plumbing: transport/ssh, Shell-quote path by @​hiddeco in go-git/go-git#2068
• v5: git: submodule, Fix relative URL resolution by @​hiddeco in go-git/go-git#2070
• v5: git: submodule, canonical remote for relative URLs by @​hiddeco in go-git/go-git#2074
• v5: git: submodule, error on remote without URLs by @​hiddeco in go-git/go-git#2078
• v5: plumbing: format/idxfile, Validate offset64 indices by @​hiddeco in go-git/go-git#2084
• v5: *: Reject malformed variable-length integers by @​hiddeco in go-git/go-git#2092
• v5: plumbing: format/packfile, Tighten delta validation by @​hiddeco in go-git/go-git#2091
• v5: Add worktreeFilesystem wrapper for worktree and hardening by @​hiddeco in go-git/go-git#2100
• v5: config: validate submodule names by @​hiddeco in go-git/go-git#2082
• build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2111
• v5: git: Allow MkdirAll on worktree-root paths by @​hiddeco in go-git/go-git#2117
• v5: git: Stop validating symlink target paths by @​pjbgf in go-git/go-git#2116
• v5: plumbing: format decoder input bounds and contracts by @​hiddeco in go-git/go-git#2125
• plumbing: format/packfile, cap delta chain depth in parser by @​pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2010
• v5: Bump sha1cd and go-billy by @​pjbgf in go-git/go-git#2060
• v5: Align object encoding with upstream by @​pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

v5.18.0

What's Changed

• plumbing: transport/http, Add support for followRedirects policy by @​pjbgf in go-git/go-git#2004

Full Changelog: go-git/go-git@v5.17.2...v5.18.0

v5.17.2

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1941
• dotgit: skip writing pack files that already exist on disk by @​pjbgf in go-git/go-git#1944

⚠️ This release fixes a bug (go-git/go-git#1942) that blocked some users from upgrading to v5.17.1. Thanks @​pskrbasu for reporting it. 🙇

Full Changelog: go-git/go-git@v5.17.1...v5.17.2

v5.17.1

What's Changed

• build: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1930
• [v5] plumbing: format/index, Improve v4 entry name validation by @​pjbgf in go-git/go-git#1935
• [v5] plumbing: format/idxfile, Fix version and fanout checks by @​pjbgf in go-git/go-git#1937

... (truncated)

Commits

• 3c3be60 Merge pull request #2137 from go-git/validate-v5
• 3fba897 plumbing: format/packfile, cap delta chain depth in parser
• a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
• aeaa125 plumbing: format/objfile, require Header before Read
• 1f38e17 plumbing: format/packfile, bound inflate size
• f7545a0 plumbing: format/idxfile, bound nr by file size
• 170b881 Merge pull request #2116 from pjbgf/symlink-v5
• 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
• f0709b3 git: Stop validating symlink target paths
• 776d00f git: Allow MkdirAll on worktree-root paths
• Additional commits viewable in compare view

Updates github.com/invopop/jsonschema from 0.13.0 to 0.14.0

Release notes

Sourced from github.com/invopop/jsonschema's releases.

v0.14.0

What's Changed

• Upgrade to golangci-lint v2 by @​samlown in invopop/jsonschema#187
• Bump minimum Go version to 1.24 by @​samlown in invopop/jsonschema#188
• Support omitzero json tags by @​YvanGuidoin in invopop/jsonschema#161
• feat: Respect json:",string" for integer fields in generated schema by @​fengxsong in invopop/jsonschema#183
• Split jsonschema_extras only on unescaped commas by @​liorokman in invopop/jsonschema#173
• Fix nil pointer dereference in ReflectFromType with ExpandedStruct (fix #163) by @​edznux-dd in invopop/jsonschema#186
• Replace wk8/go-ordered-map with pb33f/ordered-map by @​samlown in invopop/jsonschema#189

New Contributors

• @​YvanGuidoin made their first contribution in invopop/jsonschema#161
• @​fengxsong made their first contribution in invopop/jsonschema#183
• @​liorokman made their first contribution in invopop/jsonschema#173
• @​edznux-dd made their first contribution in invopop/jsonschema#186

Full Changelog: invopop/jsonschema@v0.13.0...v0.14.0

Commits

• 2c57d60 Merge pull request #189 from invopop/replace-wk8-with-pb33f-ordered-map
• d8cc8eb Replace wk8/go-ordered-map with pb33f/ordered-map
• 0d5bd75 Merge pull request #186 from edznux-dd/fix/expanded-struct-nil-deref
• 3d69373 Merge pull request #173 from liorokman/escape-extras-tags
• b43264d Silence revive unused-parameter on fuzz callback
• 7b21bb5 Merge remote-tracking branch 'origin/main' into pr-186-expanded-struct
• 0487398 Fix ExtraWithComman typo in test struct field
• bc93236 Merge remote-tracking branch 'origin/main' into pr-173-escape-extras
• d39f13c Merge pull request #183 from fengxsong/feat/reflect-json-string-for-integers
• f2e2b91 Extend json:",string" support to number and boolean fields
• Additional commits viewable in compare view

Updates github.com/lucasb-eyer/go-colorful from 1.3.0 to 1.4.0

Release notes

Sourced from github.com/lucasb-eyer/go-colorful's releases.

v1.4.0

This release adds support for CSS Color Level 4 wide-gamut RGB color spaces, along with D50 XYZ helpers and a small HexColor usability improvement.

Added

• Constructors, decomposers, and blend functions for the CSS Color Level 4 wide-gamut RGB color spaces DisplayP3, A98Rgb, ProPhotoRgb, and Rec2020 (#81)
• XyzD50, Color.XyzD50, D50ToD65, and D65ToD50 for working with D50-based color spaces (#81)
• HexColor now implements fmt.Stringer

Changelog

Sourced from github.com/lucasb-eyer/go-colorful's changelog.

[1.4.0] - 2026-03-28

Added

• Constructors, decomposers, and blend functions for the CSS Color Level 4 wide-gamut RGB color spaces DisplayP3, A98Rgb, ProPhotoRgb, and Rec2020 (#81)
• XyzD50, Color.XyzD50, D50ToD65, and D65ToD50 for working with D50-based color spaces (#81)
• HexColor now implements fmt.Stringer

Commits

• 960803e ready for v1.4.0
• e898165 feat(HexColor): add fmt.Stringer interface support
• e7e3399 feat: add CSS Color Level 4 wide-gamut RGB color spaces and XYZ D50
• 5017032 Clarify loss of alpha-parsing in Hex in changelog.
• f2a4dc6 Update README.md to discuss Oklab and Oklch support
• See full diff in compare view

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.22

Commits

• 9a68506 Fix isCygwinPipeName to accept Windows 7 trailing suffix (#90)
• 4237fb1 Update Go test matrix to current versions (1.24-1.26)
• 433c12b Update GitHub Actions to latest versions
• 1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
• 1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
• ac9c88d Fix typo in comment: undocomented -> undocumented
• 8b7124e Add availability check for NtQueryObject in init
• 08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
• See full diff in compare view

Updates github.com/modelcontextprotocol/go-sdk from 1.4.1 to 1.6.1

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.6.1

This release adds an MCPGODEBUG flag to opt out of the Content-Type check on POST requests.

Behavior Changes

Prior to v1.6.0 (v1.4.0...v1.5.0), the Content-Type check on POST requests was gated by the same disablecrossoriginprotection MCPGODEBUG flag as the cross-origin protection. In v1.6.0, the cross-origin protection was disabled by default (replaced by the opt-in enableoriginverification flag), but the Content-Type check was kept on unconditionally, leaving no way to disable it. This release restores an escape hatch for both the Streamable HTTP and SSE transports: setting MCPGODEBUG=disablecontenttypecheck=1 skips the Content-Type: application/json validation on POST requests. See #957.

What's Changed

• mcp: add MCPGPDEBUG for opt-in Content-Type check by @​guglielmo-san in modelcontextprotocol/go-sdk#972

Full Changelog: modelcontextprotocol/go-sdk@v1.6.0...v1.6.1

v1.6.0

This release is equivalent to v1.6.0-pre.1. Thank you to those who tested the pre-release.

In this release we introduce several smaller fixes and improvements, and we started working for release 2026-06-30. The main new feature is the introduction of ClientCredentialsHandler for OAuth client credentials grant.

Add ClientCredentialsHandler for OAuth client credentials grant

Added ClientCredentialsHandler implementing auth.OAuthHandler using the OAuth 2.0 Client Credentials grant (RFC 6749 Section 4.4) for service-to-service authentication with pre-registered credentials.

• extauth: add ClientCredentialsHandler for OAuth client credentials grant by @​ravyg in modelcontextprotocol/go-sdk#895

2026-06-30 Release related PRs

• feat: add automatic application_type inference by @​guglielmo-san in modelcontextprotocol/go-sdk#904

  New application_type field is added to the ClientRegistrationMetadata for DynamicClientRegistration. If not specified, the application_type will be inferred from the RedirectURIs. This implements SEP-837.

• feat: HTTP Header Standardization for method and name by @​guglielmo-san in modelcontextprotocol/go-sdk#907

  By mirroring key fields from the JSON-RPC payload into HTTP headers, network intermediaries such as load balancers, proxies, and observability tools can route and process MCP traffic without deep packet inspection, reducing latency and computational overhead. This partially implements SEP-2243.

Behavior Changes

SetError Behavior Change

Previously the SetError method on CallToolResult always overwrote the Content field with the error text. Now SetError preserves the existing value if it has already been populated. You can restore the previous behavior by setting the environment variable seterroroverwrite=1.

• mcp: preserve existing Content in SetError by @​ravyg in modelcontextprotocol/go-sdk#864

Cross-Origin Protection Default Change

Previously (v1.4.1-v1.5.0) default (zero-value) cross-origin protection was applied when CrossOriginProtection in StreamableHTTPOptions was nil. Now cross-origin protection is not enabled by default when CrossOriginProtection is nil. You can restore the previous behavior (enable by default) by setting enableoriginverification=1.

• mcp: remove default cross origin protection by @​maciej-kisiel in modelcontextprotocol/go-sdk#906

... (truncated)

Commits

• d454bba mcp: add MCPGPDEBUG for opt-in Content-Type check (#972)
• f5f2015 MCPGODEBUG update for 1.6.0 (#893)
• e01639a feat: HTTP Header Standardization for method and name (#907)
• 93a41b2 internal/jsonrpc2: remove unused code (#910)
• 446beae mcp: Upgrade jsonschema-go (#912)
• 2e21834 extauth: add ClientCredentialsHandler for OAuth client credentials grant (#895)
• 2643b22 feat: add automatic application_type inference (#904)
• db50910 mcp: do not re-prompt OAuth after cancelled Authorize (#885)
• 5f2cd8f mcp: preserve transport errors in Write error chain (#888)
• 0edc597 Update README.md (#896)
• Additional commits viewable in compare view

Updates github.com/ncruces/go-sqlite3 from 0.30.5 to 0.35.1

Release notes

Sourced from github.com/ncruces/go-sqlite3's releases.

v0.35.1

What's Changed

Fixed issue #401.

Full Changelog: ncruces/go-sqlite3@v0.35.0...v0.35.1

Artifact attestations

v0.35.0

What's Changed

In an effort to keep the code size small (and compile times relatively fast) while continuing to add more SQLite features, the FTS5 and R*Tree/Geopoly extensions are now compiled separately. This is a breaking change. Now, to use:

• FTS5, you need github.com/ncruces/go-sqlite3/ext/fts5
• R*Tree/Geopoly, you need github.com/ncruces/go-sqlite3/ext/rtree

In addition, support for the pre-update hook was added.

Also, Go 1.27 uses encoding/json/v2 for improved performance.

Full Changelog: ncruces/go-sqlite3@v0.34.4...v0.35.0

Artifact attestations

v0.34.4

What's Changed

Updates:

• SQLite 3.43.2
• Vec1 0.6

Improved the dotlk VFS under Linux containers: #392

Full Changelog: ncruces/go-sqlite3@v0.34.3...v0.34.4

Artifact attestations

v0.34.3

What's Changed

Fix a code generation bug: ncruces/wasm2go#31

Improved support for Go 1.27: golang/go#67546

Full Changelog: ncruces/go-sqlite3@v0.34.2...v0.34.3

Artifact attestations

v0.34.2

What's Changed

... (truncated)

Commits

• 2900c3e CI.
• d581398 Issue #401.
• f063720 Memory size.
• cc974a6 JSON 1.27.
• 2f00389 Bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#396)
• 25266ab Pre-update hook.
• dc662cf Split FTS5 and R-Tree.
• 174151a SQLite 3.53.2.
• 312b416 Fix #392.
• b7dd234 Deps.
• Additional commits viewable in compare view

Upd...

Description has been truncated