Skip to content

보안(deps): Update mcp requirement from !=1.27.1,<1.27.3,>=1.0 to >=1.0,!=1.27.1,<1.28.2 in the python-ai-tooling group across 1 directory#75

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-ai-tooling-1a1fe7bf02
Open

보안(deps): Update mcp requirement from !=1.27.1,<1.27.3,>=1.0 to >=1.0,!=1.27.1,<1.28.2 in the python-ai-tooling group across 1 directory#75
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/python-ai-tooling-1a1fe7bf02

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on mcp to permit the latest version.
Updates mcp to 1.28.1

Commits
  • 777b8d0 [v1.x] Support TransportSecuritySettings in the WebSocket server transport (#...
  • 4720467 [v1.x] Set Development Status classifier to Production/Stable (#2976)
  • 6df3d73 [v1.x] Buffer per-request StreamableHTTP streams; store priming event before ...
  • 32d3290 [v1.x] Pass a list to parametrize in test_docs_examples (pytest 9.1.0 compat)...
  • 0dca751 [v1.x] Deflake the child process cleanup tests (#2839)
  • 52258a9 [v1.x] Add a v2 status banner to the README (#2835)
  • b8f4917 [v1.x] Deprecate the WebSocket transport and the experimental tasks entry poi...
  • 2309e5e fix: omit null optional fields from task result payloads (#2809)
  • 494eb11 [v1.x] Support Python 3.14 (#2769)
  • 6213787 [v1.x] Scope experimental tasks to the session that created them (#2720)
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from eddmpython as a code owner July 1, 2026 00:12
@eddmpython

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot dependabot Bot changed the title 보안(deps): Update mcp requirement from !=1.27.1,<1.27.3,>=1.0 to >=1.0,!=1.27.1,<1.28.2 in the python-ai-tooling group 보안(deps): Update mcp requirement from !=1.27.1,<1.27.3,>=1.0 to >=1.0,!=1.27.1,<1.28.2 in the python-ai-tooling group across 1 directory Jul 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/python-ai-tooling-1a1fe7bf02 branch from 8f230ba to aba5648 Compare July 5, 2026 01:00
@eddmpython

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/pip/python-ai-tooling-1a1fe7bf02 branch from aba5648 to bf04c6d Compare July 9, 2026 12:55
eddmpython added a commit that referenced this pull request Jul 9, 2026
npm(landing)·github-actions 는 open-pull-requests-limit: 0 으로 정기 범프 중단.
보안 업데이트는 이 설정과 무관하게 별도 한도로 계속 흐른다.

근거 (실측):
- dependabot PR 42건 중 머지 6건, 운영자가 직접 닫은 것 23건 (29건 중 79% 폐기)
- npm: PR 체크에 빌드가 없어 머지 후 Deploy Site 가 첫 검증 (#64 전례)
- github-actions: PR 체크가 대상 sync 워크플로를 실행하지 않음
- pip 는 유지. lockfile 없이 pyproject 상한 범위로 PyPI 배포되므로
  상한 완화 검증이 실익이다 (#74 pandera, #75 mcp)

레포 설정에서 Dependabot alerts + security updates 활성화 동행.
Updates the requirements on [mcp](https://github.com/modelcontextprotocol/python-sdk) to permit the latest version.

Updates `mcp` to 1.28.1
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.0.0...v1.28.1)

---
updated-dependencies:
- dependency-name: mcp
  dependency-version: 1.28.1
  dependency-type: direct:production
  dependency-group: python-ai-tooling
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/python-ai-tooling-1a1fe7bf02 branch from bf04c6d to 78940b5 Compare July 9, 2026 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant