Skip to content

build(deps): Bump mcp-contextforge-gateway from 1.0.0rc1 to 1.0.4#32

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/mcp-contextforge-gateway-1.0.4
Closed

build(deps): Bump mcp-contextforge-gateway from 1.0.0rc1 to 1.0.4#32
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/mcp-contextforge-gateway-1.0.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps mcp-contextforge-gateway from 1.0.0rc1 to 1.0.4.

Release notes

Sourced from mcp-contextforge-gateway's releases.

v1.0.4 - Rust Migration, Docker Improvements, Security Enhancements, and Bug Fixes

[1.0.4] - 2026-06-22 - Rust Server Migration, Security Fixes, and Build Hardening

Overview

Release 1.0.4 consolidates 35+ PRs focused on Rust server migration, security and auth correctness, multi-architecture build hardening, and database reliability. This release migrates test servers to Rust and resolves a broad set of auth, CSRF, login, and container build issues:

  • 🔐 Security & Auth - Keycloak SSO role merging from access_token, client_secret_basic support for SSO token exchange, CSRF exempt-path fixes, login redirect loop fix, and OAuth auth_type propagation fix for tool creation.
  • 🦀 Rust Servers - Slow-time MCP test server migrated to Rust (breaking binary path change), Rust benchmark server added replacing Go, Rust A2A echo agent added for integration testing.
  • 🛡️ FedRAMP / Build - s390x rustup fix, hermetic wheel closure for s390x/ppc64le multiplatform builds, Containerfile.lite venv fix, PyPI UI bundle fix, PyO3 and Rust CI dependency updates.
  • 🗄️ Database & Performance - DB connection pool multiplication resolved, lazy log formatting migration across services, tag length made configurable via env vars.
  • 🌐 API - RFC 6585 HTTP status code compliance (429, etc.), HTTP 202 Accepted response support for async operations.
  • 🔧 CI / DevOps - Hadolint via Docker image, docker-scan scoped to merge queue, linting-full moved to merge queue, npm audit fixes, release dependency lock refresh, cpex-rate-limiter bump to 0.1.4.

Added

🔐 Security & Auth

  • 🔑 client_secret_basic SSO Token Exchange (#5132) – client_secret_basic HTTP Basic Auth support for SSO token exchange. Broadens compatibility with OAuth 2.0 compliant identity providers.

🌐 API

  • 📋 RFC 6585 HTTP Status Code Compliance (#4797) – RFC 6585 compliant HTTP status codes (429, etc.). Improves API standards conformance.
  • ✅ HTTP 202 Accepted Response (#5210) – HTTP 202 Accepted response support for async operations. Enables proper async API patterns.

🦀 Rust Servers

  • ⚡ Rust Benchmark Server (#5091) – Rust benchmark server replaces the Go benchmark server; benchmark compose profiles rewired to build from mcp-servers/rust/benchmark-server. Breaking: binary paths move from ./dist/benchmark-server to ./target/release/benchmark-server.
  • 🤖 Rust A2A Echo Agent (#5092) – Rust implementation of an A2A echo agent for integration testing. Provides a fast, low-overhead test target.

Changed

🦀 Rust Servers

  • ⚡ Slow-Time Server Migrated to Rust (#5090) – Slow-time MCP test server migrated from Python to Rust. Breaking: binary paths and compose targets change; update any local scripts referencing the old Python entrypoint.

🔧 Infrastructure & DevOps

  • 🔒 Security Policy — IBM PSIRT (#5225) – Security vulnerability reporting redirected to IBM PSIRT. Aligns with IBM security disclosure process.
  • 📦 cpex-rate-limiter Bump to 0.1.4 (#5242) – Bumped cpex-rate-limiter dependency to 0.1.4. Picks up upstream rate-limiter fixes.
  • 📝 Lazy Log Formatting (#4749) – Migrated f-string log calls to lazy %-style across services. Avoids string interpolation overhead when log level is suppressed.
  • 🔒 Configurable Tag Length (#5178) – Tag length now configurable via environment variables. Enables site-specific tag truncation policy.
  • 🔒 CODEOWNERS Update (#5275) – Updated code owners for certain topics. Ensures correct review routing.

🖥️ CI

  • 🔍 Linting-Full Moved to Merge Queue (#5189) – Full repo lint sweep moved to merge queue gate. Reduces PR feedback noise while maintaining merge quality.
  • 🔒 Docker-Scan Scoped to Merge Queue (#5209) – Docker vulnerability scan scoped to PR lint + merge-queue gate. Avoids redundant scans on every push.
  • ⬛ Hadolint via Docker Image (#5259) – Hadolint run via Docker image to satisfy org Actions allowlist. Removes dependency on non-allowlisted GitHub Action.
  • ⏩ Skip CI for Secrets Baseline Commits (#5012) – Full CI skipped for detect-secrets baseline-only commits. Reduces unnecessary CI load.

... (truncated)

Changelog

Sourced from mcp-contextforge-gateway's changelog.

[1.0.4] - 2026-06-22 - Rust Server Migration, Security Fixes, and Build Hardening

Overview

Release 1.0.4 consolidates 35+ PRs focused on Rust server migration, security and auth correctness, multi-architecture build hardening, and database reliability. This release migrates test servers to Rust and resolves a broad set of auth, CSRF, login, and container build issues:

  • 🔐 Security & Auth - Keycloak SSO role merging from access_token, client_secret_basic support for SSO token exchange, CSRF exempt-path fixes, login redirect loop fix, and OAuth auth_type propagation fix for tool creation.
  • 🦀 Rust Servers - Slow-time MCP test server migrated to Rust (breaking binary path change), Rust benchmark server added replacing Go, Rust A2A echo agent added for integration testing.
  • 🛡️ FedRAMP / Build - s390x rustup fix, hermetic wheel closure for s390x/ppc64le multiplatform builds, Containerfile.lite venv fix, PyPI UI bundle fix, PyO3 and Rust CI dependency updates.
  • 🗄️ Database & Performance - DB connection pool multiplication resolved, lazy log formatting migration across services, tag length made configurable via env vars.
  • 🌐 API - RFC 6585 HTTP status code compliance (429, etc.), HTTP 202 Accepted response support for async operations.
  • 🔧 CI / DevOps - Hadolint via Docker image, docker-scan scoped to merge queue, linting-full moved to merge queue, npm audit fixes, release dependency lock refresh, cpex-rate-limiter bump to 0.1.4.

Added

🔐 Security & Auth

  • 🔑 client_secret_basic SSO Token Exchange (#5132) – client_secret_basic HTTP Basic Auth support for SSO token exchange. Broadens compatibility with OAuth 2.0 compliant identity providers.

🌐 API

  • 📋 RFC 6585 HTTP Status Code Compliance (#4797) – RFC 6585 compliant HTTP status codes (429, etc.). Improves API standards conformance.
  • ✅ HTTP 202 Accepted Response (#5210) – HTTP 202 Accepted response support for async operations. Enables proper async API patterns.

🦀 Rust Servers

  • ⚡ Rust Benchmark Server (#5091) – Rust benchmark server replaces the Go benchmark server; benchmark compose profiles rewired to build from mcp-servers/rust/benchmark-server. Breaking: binary paths move from ./dist/benchmark-server to ./target/release/benchmark-server.
  • 🤖 Rust A2A Echo Agent (#5092) – Rust implementation of an A2A echo agent for integration testing. Provides a fast, low-overhead test target.

Changed

🦀 Rust Servers

  • ⚡ Slow-Time Server Migrated to Rust (#5090) – Slow-time MCP test server migrated from Python to Rust. Breaking: binary paths and compose targets change; update any local scripts referencing the old Python entrypoint.

🔧 Infrastructure & DevOps

  • 🔒 Security Policy — IBM PSIRT (#5225) – Security vulnerability reporting redirected to IBM PSIRT. Aligns with IBM security disclosure process.
  • 📦 cpex-rate-limiter Bump to 0.1.4 (#5242) – Bumped cpex-rate-limiter dependency to 0.1.4. Picks up upstream rate-limiter fixes.
  • 📝 Lazy Log Formatting (#4749) – Migrated f-string log calls to lazy %-style across services. Avoids string interpolation overhead when log level is suppressed.
  • 🔒 Configurable Tag Length (#5178) – Tag length now configurable via environment variables. Enables site-specific tag truncation policy.
  • 🔒 CODEOWNERS Update (#5275) – Updated code owners for certain topics. Ensures correct review routing.

🖥️ CI

  • 🔍 Linting-Full Moved to Merge Queue (#5189) – Full repo lint sweep moved to merge queue gate. Reduces PR feedback noise while maintaining merge quality.
  • 🔒 Docker-Scan Scoped to Merge Queue (#5209) – Docker vulnerability scan scoped to PR lint + merge-queue gate. Avoids redundant scans on every push.
  • ⬛ Hadolint via Docker Image (#5259) – Hadolint run via Docker image to satisfy org Actions allowlist. Removes dependency on non-allowlisted GitHub Action.
  • ⏩ Skip CI for Secrets Baseline Commits (#5012) – Full CI skipped for detect-secrets baseline-only commits. Reduces unnecessary CI load.
  • 📌 Pin buildx Version – Pinned setup-buildx-action to a fixed version to avoid Docker Hub rate-limit failures. Prevents intermittent CI build failures from upstream rate limiting.

... (truncated)

Commits
  • dc637b2 Release/v1.0.4 (#5311)
  • 30a7057 fix(docker): hermetic wheel closure for s390x/ppc64le multiplatform builds (#...
  • ada6ced added code changes for 202, only testing code remaining (#5210)
  • 48288c1 fix(api): Login redirect loop (#5190) (#5203)
  • 9fc7c8d fix(docker): Containerfile.lite ships empty venv, masked by stray || true (#5...
  • 74a6aeb fix(playwright): user deletion FK cascade, team selector delegation, … (#5211)
  • fc7422d Updating code owners for certain topics (#5275)
  • f4dec63 fix(api): oauth offered as auth_type in Add Tool form but silently ignored by...
  • 58d92ac fix: include workspace members in a2a image build (#5268)
  • af50b2e chore: deprecate runtime sidecars and validation middleware (#5179)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [mcp-contextforge-gateway](https://github.com/IBM/mcp-context-forge) from 1.0.0rc1 to 1.0.4.
- [Release notes](https://github.com/IBM/mcp-context-forge/releases)
- [Changelog](https://github.com/IBM/mcp-context-forge/blob/main/CHANGELOG.md)
- [Commits](IBM/mcp-context-forge@v1.0.0-RC1...v1.0.4)

---
updated-dependencies:
- dependency-name: mcp-contextforge-gateway
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 24, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #33.

@dependabot dependabot Bot closed this Jul 8, 2026
@dependabot dependabot Bot deleted the dependabot/pip/mcp-contextforge-gateway-1.0.4 branch July 8, 2026 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants