chore(deps): bump the go-minor-patch group across 1 directory with 4 updates

[dependabot]

Bumps the go-minor-patch group with 4 updates in the / directory: github.com/go-resty/resty/v2, github.com/mark3labs/mcp-go, github.com/sirupsen/logrus and gitlab.com/gitlab-org/api/client-go.

Updates github.com/go-resty/resty/v2 from 2.17.1 to 2.17.2

Release notes

Sourced from github.com/go-resty/resty/v2's releases.

v2.17.2

Release Notes

Backport

• backport: header deepcopy fix by @​jeevatkm in go-resty/resty#1110

Release

• release: version bump to v2.17.2 and readme update by @​jeevatkm in go-resty/resty#1112

Full Changelog: go-resty/resty@v2.17.1...v2.17.2

Commits

• b1b3aaa release: version bump to v2.17.2 and readme update (#1112)
• fb4a091 backport: header deepcopy fix (#1110)
• See full diff in compare view

Updates github.com/mark3labs/mcp-go from 0.43.2 to 0.44.0

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.44.0

What's Changed

• feat: defer tool loading to enable Anthropic's "Tool Search" pattern by @​wolfeidau in mark3labs/mcp-go#644
• fix: return an error if the responseWriter does not support Flush by @​JoelPfaffDD in mark3labs/mcp-go#652
• Add Icons support for MCP spec 2025-11-25 compliance by @​dask-58 in mark3labs/mcp-go#660
• fix: add ErrUnauthorized sentinel for static token 401 responses by @​ezynda3 in mark3labs/mcp-go#661
• Add lastModified field to Annotations for MCP spec 2025-11-25 by @​dask-58 in mark3labs/mcp-go#663
• Add server-side support for MCP tasks by @​JAORMX in mark3labs/mcp-go#635
• fix: drain all pending notification before writing the response to avoid missing notifications by @​archit-harness in mark3labs/mcp-go#670
• fix for nil resources slice by @​furysama in mark3labs/mcp-go#665
• Add docstrings for annotation-related functions by @​ezynda3 in mark3labs/mcp-go#673
• fix: add timeout for SSE response waiting to prevent indefinite blocking by @​everfid-ever in mark3labs/mcp-go#668
• Try OAuth Authorization Server Metadata first by @​staugaard in mark3labs/mcp-go#669
• fix(oauth): check for OAuth error responses even when status code is 200 by @​sd2k in mark3labs/mcp-go#646
• fix: Add missing session cleanup to the StreamableHTTPServer DELETE handler by @​cnnrznn in mark3labs/mcp-go#667
• Implement Elicitation URL mode for MCP spec 2025-11-25 by @​dask-58 in mark3labs/mcp-go#666
• feat: Add Host header override support for manual DNS resolution by @​ComingCL in mark3labs/mcp-go#674
• fix: low mcp version been selected by mcp server, mcp server may also raise 'unsupported protocol version 2025-11-25' error by @​yuehaii in mark3labs/mcp-go#687
• Add AdditionalProperties to ToolInputSchema by @​mohit-gupta-glean in mark3labs/mcp-go#678
• fix: fix TestSSE_SendRequest_Timeout flaky test by @​everfid-ever in mark3labs/mcp-go#683
• feat:add version 2025-11-25 & unit test for version by @​CocaineCong in mark3labs/mcp-go#684
• fix: use sync.Once for thread-safe Close in StreamableHTTP by @​semihbkgr in mark3labs/mcp-go#685
• docs: fix ListTools usage to include ListToolsRequest parameter by @​everfid-ever in mark3labs/mcp-go#681
• fix: return 404 instead of 400 for invalid session IDs by @​burugo in mark3labs/mcp-go#689
• fix: rename NewToolResultAudio second parameter from imageData to aud… by @​mosesyu95 in mark3labs/mcp-go#691
• Server handlers implementation for auto-completion by @​ezraisw in mark3labs/mcp-go#679
• Fix: the header information set by the client being lost. by @​button-chen in mark3labs/mcp-go#686
• Set test client info by @​urisimchoni in mark3labs/mcp-go#692
• refactor: fix modernize lint issues by @​alexandear in mark3labs/mcp-go#699
• refactor: simplify tests with the usetesting linter by @​alexandear in mark3labs/mcp-go#703
• typo: fix duplicate description of mcp-go in README by @​milairhu in mark3labs/mcp-go#701
• feat(server): implement task-augmented tools capability by @​ezynda3 in mark3labs/mcp-go#707
• tool "properties" and "required" fields missing if set them as null, AdditionalProperties can't be masharl by @​yuehaii in mark3labs/mcp-go#713
• Fix no way to detect connection closure in non-NO_ERROR cases by @​manx98 in mark3labs/mcp-go#709
• fix: accept HTTP 204 No Content in SendNotification by @​satish-karri-glean in mark3labs/mcp-go#717
• fix: use custom session id generator when provided by @​FlameHost10 in mark3labs/mcp-go#715
• fix: SendRequest hangs forever when server process dies by @​ichoosetoaccept in mark3labs/mcp-go#714

New Contributors

• @​wolfeidau made their first contribution in mark3labs/mcp-go#644
• @​JoelPfaffDD made their first contribution in mark3labs/mcp-go#652
• @​dask-58 made their first contribution in mark3labs/mcp-go#660
• @​JAORMX made their first contribution in mark3labs/mcp-go#635
• @​archit-harness made their first contribution in mark3labs/mcp-go#670
• @​furysama made their first contribution in mark3labs/mcp-go#665
• @​everfid-ever made their first contribution in mark3labs/mcp-go#668
• @​staugaard made their first contribution in mark3labs/mcp-go#669
• @​cnnrznn made their first contribution in mark3labs/mcp-go#667
• @​ComingCL made their first contribution in mark3labs/mcp-go#674
• @​mohit-gupta-glean made their first contribution in mark3labs/mcp-go#678

... (truncated)

Commits

• 0510f0c fix: SendRequest hangs forever when server process dies (#714)
• 962f31b fix: use custom session id generator when provided (#715)
• 7ce32bf fix: accept HTTP 204 No Content in SendNotification (#717)
• 7c44752 fix(ci): pin Go version to 1.25 in lint workflow
• 859588d fix: call onConnectionLost when SSE connection closes, not only on NO_ERROR (...
• b2fb8ba tool "properties" and "required" fields missing if set them as null, Addition...
• e2c1762 feat(server): implement task-augmented tools capability (#707)
• 45740a0 typo: fix duplicate description of mcp-go in README (#701)
• d46cf85 refactor: simplify tests with the usetesting linter (#703)
• 889fb05 refactor: fix modernize lint issues (#699)
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates gitlab.com/gitlab-org/api/client-go from 1.10.0 to 1.34.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v1.34.0

1.34.0

🚀 Features

• feat(workitems): Add an initial "Work Items" service with "Get" and "List" methods. (!2719) by Florian Forster

🔄 Other Changes

• refactor: migrate to math/rand/v2 (!2759) by Ville Skyttä

1.34.0 (2026-02-13)

Bug Fixes

• workitems: Use int64 for global work item IDs. (f04e3d0)

Features

• request_options: Add boolean return value to WithNext. (1cd1e1e)
• workitems: Add comprehensive filtering to ListWorkItemsOptions (052a897)
• workitems: Add pagination support to ListWorkItems. (cfdf5ee)
• workitems: Add WorkItems service with Get methods (00925c2), closes gitlab-org/api/client-go#2213
• workitems: Implement the ListWorkItems method. (4f8a709)

v1.33.0

1.33.0

🚀 Features

• Support unauthenticated clients via Unauthenticated auth source (!2761) by Timo Furrer

1.33.0 (2026-02-13)

v1.32.0

1.32.0

🚀 Features

• Implement endpoints for runner controller scopes (!2758) by Timo Furrer

🔄 Other Changes

• test(namespaces): Address test feedback to simplify the test (!2744) by Patrick Rice

... (truncated)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

1.34.0

🚀 Features

• feat(workitems): Add an initial "Work Items" service with "Get" and "List" methods. (!2719) by Florian Forster

🔄 Other Changes

• refactor: migrate to math/rand/v2 (!2759) by Ville Skyttä

1.34.0 (2026-02-13)

Bug Fixes

• workitems: Use int64 for global work item IDs. (f04e3d0)

Features

• request_options: Add boolean return value to WithNext. (1cd1e1e)
• workitems: Add comprehensive filtering to ListWorkItemsOptions (052a897)
• workitems: Add pagination support to ListWorkItems. (cfdf5ee)
• workitems: Add WorkItems service with Get methods (00925c2), closes gitlab-org/api/client-go#2213
• workitems: Implement the ListWorkItems method. (4f8a709)

1.33.0

🚀 Features

• Support unauthenticated clients via Unauthenticated auth source (!2761) by Timo Furrer

1.33.0 (2026-02-13)

1.32.0

🚀 Features

• Implement endpoints for runner controller scopes (!2758) by Timo Furrer

🔄 Other Changes

• test(namespaces): Address test feedback to simplify the test (!2744) by Patrick Rice
• chore(deps): update golangci/golangci-lint docker tag to v2.9.0 (!2755) by GitLab Dependency Bot
• chore(deps): update dependency golangci-lint to v2.9.0 (!2754) by GitLab Dependency Bot

... (truncated)

Commits

• 86ac3ea chore(release): 1.34.0 [skip ci]
• b7a169b Merge branch 'fforster/workitems' into 'main'
• 1cd1e1e feat(request_options): Add boolean return value to WithNext.
• 55e59d8 chore(workitems): Use tabs to indent GraphQL queries.
• cfdf5ee feat(workitems): Add pagination support to ListWorkItems.
• 6f47257 docs(workitems): Add links to API reference documentation to all exported fun...
• 3c47114 chore(workitems): Address review comments.
• 525ba6b refactor(workitems): Pre-allocate slices.
• 0807699 test: Validate the GraphQL schema of queries.
• 2df0107 ci: Add job for downloading the GraphQL schema.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
gitlab.com/gitlab-org/api/client-go	1.34.0	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/go-resty/resty/v2	2.17.2	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/google/go-querystring	1.2.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 10 all dependencies are pinned Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1
gomod/github.com/mark3labs/mcp-go	0.44.0	Unknown	Unknown
gomod/github.com/sirupsen/logrus	1.9.4	🟢 5	Details Check Score Reason Code-Review 🟢 7 Found 10/13 approved changesets -- score normalized to 7 Maintained 🟢 10 18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/gitlab.com/gitlab-org/api/client-go	1.34.0	Unknown	Unknown

Scanned Files

• go.mod