Skip to content

chore(deps-dev): bump mcp from 0.8.0 to 0.9.2#7

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/mcp-0.9.2
Open

chore(deps-dev): bump mcp from 0.8.0 to 0.9.2#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/mcp-0.9.2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 27, 2026

Bumps mcp from 0.8.0 to 0.9.2.

Release notes

Sourced from mcp's releases.

v0.9.2

Fixed

  • Use accessor method in server_context_with_meta instead of ivar (#273)
  • Reject duplicate SSE connections with 409 to prevent stream hijacking

v0.9.1

Added

  • Allow Client#call_tool to accept a tool name (#266)

Fixed

  • Return 404 for invalid session ID in handle_delete (#261)

v0.9.0

Added

  • MCP::Client::Stdio transport (#262)
  • Progress notifications per MCP specification (#254)
  • Automatic _meta parameter extraction support (#172)
  • CORS and Accept wildcard support for browser-based MCP clients (#253)

Changed

  • Use autoload to defer loading of unused subsystems (#255)
  • Reduce release package size (#239)

Fixed

  • Return 404 for invalid session ID in handle_regular_request (#257)
  • Use mutex-protected session_exists? in handle_regular_request (#258)
Changelog

Sourced from mcp's changelog.

[0.9.2] - 2026-03-27

Fixed

  • Use accessor method in server_context_with_meta instead of ivar (#273)
  • Reject duplicate SSE connections with 409 to prevent stream hijacking

[0.9.1] - 2026-03-23

Added

  • Allow Client#call_tool to accept a tool name (#266)

Fixed

  • Return 404 for invalid session ID in handle_delete (#261)

[0.9.0] - 2026-03-20

Added

  • MCP::Client::Stdio transport (#262)
  • Progress notifications per MCP specification (#254)
  • Automatic _meta parameter extraction support (#172)
  • CORS and Accept wildcard support for browser-based MCP clients (#253)

Changed

  • Use autoload to defer loading of unused subsystems (#255)
  • Reduce release package size (#239)

Fixed

  • Return 404 for invalid session ID in handle_regular_request (#257)
  • Use mutex-protected session_exists? in handle_regular_request (#258)
Commits
  • 3fc7bcd Merge pull request #272 from koic/release_0_9_2
  • 8fbc2b4 Release 0.9.2
  • 6b09279 Merge pull request #273 from koic/use_accessor_in_server_context_with_meta
  • a2575b2 Use accessor method in server_context_with_meta instead of ivar
  • e189d78 Merge commit from fork
  • db40143 Reject duplicate SSE connections with 409 to prevent stream hijacking
  • 3b1fc72 Merge pull request #267 from koic/release_0_9_1
  • f29259c Release 0.9.1
  • ccddd87 Merge pull request #266 from koic/allow_client_call_tool_to_accept_a_tool_name
  • 73070f1 Allow Client#call_tool to accept a tool name
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps-dev): bump mcp from 0.8.0 to 0.9.2
8831792 
Bumps [mcp](https://github.com/modelcontextprotocol/ruby-sdk) from 0.8.0 to 0.9.2.
- [Release notes](https://github.com/modelcontextprotocol/ruby-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/ruby-sdk/blob/main/CHANGELOG.md)
- [Commits](modelcontextprotocol/ruby-sdk@v0.8.0...v0.9.2)

---
updated-dependencies:
- dependency-name: mcp
  dependency-version: 0.9.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 27, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 27, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
kings-lendas Ready Ready Preview, Comment Mar 27, 2026 8:41pm

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

Brakeman Security Scan

  • Total warnings: 0
  • High confidence: 0

[OK] Nenhum issue de alta confiança.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

Dependency Security Check

[WARN] Vulnerabilidades em dependências!

Ver relatório 
Name: activestorage
Version: 8.0.4
CVE: CVE-2026-33658
GHSA: GHSA-p9fm-f462-ggrg
Criticality: Unknown
URL: https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg
Title: Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
Solution: update to '~> 7.2.3, >= 7.2.3.1', '~> 8.0.4, >= 8.0.4.1', '>= 8.1.2.1'

Name: json
Version: 2.19.0
CVE: CVE-2026-33210
GHSA: GHSA-3m6g-2423-7cp3
Criticality: Unknown
URL: https://github.com/ruby/json/security/advisories/GHSA-3m6g-2423-7cp3
Title: Ruby JSON has a format string injection vulnerability
Solution: update to '~> 2.15.2.1', '~> 2.17.1.2', '>= 2.19.2'

Name: loofah
Version: 2.25.0
GHSA: GHSA-46fp-8f5p-pf2m
Criticality: Unknown
URL: https://github.com/flavorjones/loofah/security/advisories/GHSA-46fp-8f5p-pf2m
Title: Improper detection of disallowed URIs by Loofah `allowed_uri?`
Solution: update to '>= 2.25.1'

Vulnerabilities found!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

Semgrep Static Analysis

  • Errors: 1
  • Critical (high confidence): 0
  • Warnings: 15

[FAIL] Errors encontrados! Corrigir.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 27, 2026

Security Scan — Kings Lendas

SAST (análise estática)

Check Status
Brakeman [OK] success
Dependências [FAIL] failure
Semgrep [OK] success
TruffleHog [OK] success
Segredos locais [OK] success

DAST (testes dinâmicos)

Check Status
Autenticação [OK] success
SQL Injection [OK] success
SSRF / Path Traversal [OK] success
Integridade dos dados [OK] success

[WARN] Alguns checks falharam. Revisar acima.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants