[ca] Update CLI/MCP versions: Playwright MCP 0.0.69, MCP Gateway v0.2.10

[github-actions]

Two CLI/MCP server updates detected on 2026-03-31. Constants updated and workflows recompiled (178/178).

Summary

Tool	Previous	New	Risk
@playwright/mcp	0.0.68	0.0.69	Low
MCP Gateway (gh-aw-mcpg)	v0.2.9	v0.2.10	Medium (security)

No changes needed for: GitHub MCP Server (v0.32.0 current), Playwright Browser (v1.58.2 current), Claude Code / Copilot / Codex (all pinned to latest).

---

Update @playwright/mcp 0.0.68 → 0.0.69

Released: 2026-03-30

View Full Changelog

New Tools

• browser_network_state_set — Toggle network offline mode for testing connectivity scenarios (feat(mcp): add network offline state tools microsoft/playwright#39459)
• browser_video_chapter — Add a chapter marker to the video recording, showing a full-screen chapter card with blurred backdrop (feat(cli): add video-chapter command microsoft/playwright#39891)

Tool Improvements

• browser_mouse_click_xy — Added button, clickCount, and delay options for more precise mouse interaction control (feat(mcp): add button and clickCount options to browser_mouse_click_xy microsoft/playwright#39368, feat(mcp): add delay options to browser_mouse_click_xy (#39368) microsoft/playwright#39465)
• browser_network_requests — Added filtering support and optional headers/body fields in responses (feat(mcp): filtering and optional headers/body in browser_network_requests microsoft/playwright#39672)
• Non-ref selectors — Tools now accept plain CSS/text selectors in addition to aria-ref handles (feat: support non-ref selectors in mcp and cli microsoft/playwright#39581)

Other Changes

• Added mcpName field to package for MCP Registry ownership verification (feat(package): add mcpName field for MCP Registry ownership verification microsoft/playwright-mcp#1432)
• Chrome extension: inject public key into release zip to preserve Web Store extension ID (feat(extension): inject public key into release zip to preserve Web Store extension ID microsoft/playwright-mcp#1462)

Bug Fixes

• Fix verify tools not working inside iframes (fix(mcp): make verify tools work in iframes microsoft/playwright#39374)
• Fix fs-based lock file not respected for Chromium family browsers (fix(mcp): respect fs-based lock file for chromium family microsoft/playwright#39377)
• Fix console entries being printed when --snapshot-mode=none is set (fix(mcp): do not print console entries when --snapshot-mode=none set microsoft/playwright#39378)
• Fix non-deterministic right-click behavior due to contextmenu/mouseup ordering (fix(mcp): handle non-deterministic contextmenu/mouseup order in right… microsoft/playwright#39416)
• Fix header value parsing when header contains colons in value (fix(mcp): split header value only on first colon in headerParser microsoft/playwright#39401)
• Fix persistent context incorrectly using per-session isolation (fix(mcp): persistent context is always shared microsoft/playwright#39601)
• Fix malformed Unicode characters in MCP tool responses (fix: sanitize malformed Unicode in MCP responses microsoft/playwright#39625)
• Fix toWellFormed() compatibility with Node.js 18 (fix(mcp): guard toWellFormed() for Node 18 compatibility microsoft/playwright#39674)
• Fix empty cdpHeaders from environment overriding config file values (fix(mcp): do not let empty cdpHeaders from env override config file microsoft/playwright#39866)
• Fix file path validation in browser_set_storage_state tool (fix(mcp): validate file path in browser_set_storage_state tool microsoft/playwright#39881)
• Fix Chrome for Testing executable location resolution in browser extension (fix(mcp-extension): properly resolve chrome-for-testing executable location microsoft/playwright#39936)
• Fix extension inactivity timers not armed for pending tabs (fix(extension): arm inactivity timers for all pending tabs microsoft/playwright-mcp#1443)

Impact Assessment

• Risk: Low
• Affects: Playwright browser automation workflows
• Migration: No breaking changes; new tools available

Package Links

• NPM Package: https://www.npmjs.com/package/`@playwright/mcp`
• Repository: https://github.com/microsoft/playwright-mcp
• Release Notes: https://github.com/microsoft/playwright-mcp/releases/tag/v0.0.69

---

Update MCP Gateway v0.2.9 → v0.2.10

Released: 2026-03-31 (today)

View Full Changelog

Security Improvements

• Expanded DIFC Labels for Write Tools (feat(guard): add DIFC labels for 30 write tools and clean up stale entries gh-aw-mcpg#2873): DIFC security labels now cover 30 additional write tools, closing gaps in information flow control coverage
• DIFC Proxy Feature Enabled on All Guarded Workflows (feat: enable difc-proxy feature flag on all guarded workflows gh-aw-mcpg#2885): The difc-proxy feature flag is now active across all guarded workflows

New Features

• GitHub Actions OIDC Authentication (feat: GitHub Actions OIDC token authentication for custom HTTP MCP servers gh-aw-mcpg#2878): Custom HTTP MCP servers can now authenticate using GitHub Actions OIDC tokens — enabling credential-free authentication in CI/CD workflows
• Collaborator Permission–Based Integrity Filtering (feat: use collaborator permission level for integrity filtering gh-aw-mcpg#2863): Integrity filtering now uses collaborator permission levels for more accurate access control
• MCP Gateway Spec v1.9.0 (bump MCPGatewaySpecVersion to 1.9.0 gh-aw-mcpg#2850): Updated to MCP Gateway specification version 1.9.0

Bug Fixes & Improvements

• Broader Guard Coverage for gh repo Operations (Guard coverage: block all modifying gh repo operations gh-aw-mcpg#2806): All modifying gh repo operations are now blocked by the guard
• Repo-Assist Min-Integrity Adjustment (fix: lower repo-assist min-integrity to unapproved gh-aw-mcpg#2890): The repo-assist minimum integrity level has been lowered to unapproved
• Code Deduplication (fix: eliminate three duplicate-code patterns across server and guard packages gh-aw-mcpg#2852): Eliminated three duplicate-code patterns across server and guard packages

Documentation

• Proxy Mode Auth Token Docs (docs: add GITHUB_PERSONAL_ACCESS_TOKEN to proxy mode auth token docs gh-aw-mcpg#2821): Added GITHUB_PERSONAL_ACCESS_TOKEN as an authentication option

Impact Assessment

• Risk: Medium (security hardening — expanded DIFC labels and guard coverage)
• Affects: MCP Gateway sandboxed agent workflows; guard policy enforcement
• Migration: No breaking changes; DIFC proxy feature now enabled on all guarded workflows by default
• Docker Image: ghcr.io/github/gh-aw-mcpg:v0.2.10

Package Links

• Repository: https://github.com/github/gh-aw-mcpg
• Release Notes: https://github.com/github/gh-aw-mcpg/releases/tag/v0.2.10

---

References:

• §23780267414

Generated by CLI Version Checker · ◷

• expires on Apr 2, 2026, 4:25 AM UTC