* deps: upgrade all dependencies to latest
Go:
- cli: bump go directive 1.26.4 -> 1.26.5 to remediate GO-2026-5856
(crypto/tls stdlib vuln fixed in go1.26.5)
- cli: golang.org/x/crypto 0.53.0->0.54.0, sync 0.21.0->0.22.0,
sys 0.46.0->0.47.0, term 0.44.0->0.45.0, text 0.39.0->0.40.0
- tools/scenario: golang.org/x/sys 0.46.0->0.47.0,
modernc.org/libc 1.74.0->1.74.1
- workflows: GO_VERSION 1.26.4 -> 1.26.5 (ci, pr-build, release,
release-only, update-azd-core)
npm (cli):
- refresh 11 transitive @azure/msal-* deps in package-lock.json (0 vulns)
pnpm (web):
- astro 7.0.6 -> 7.0.7
- @types/node 26.1.0 -> 26.1.1
- overrides: tinyglobby>picomatch 4.0.4->4.0.5,
yaml-language-server>yaml 2.8.3->2.9.0
All builds, vet, gofmt, golangci-lint, gosec, govulncheck, and test
suites pass locally under go1.26.5; web build + frozen-lockfile install
verified.
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
* deps: upgrade all dependencies to latest
- github.com/mark3labs/mcp-go: v0.55.1 -> v0.56.0
- golang.org/x/net: v0.56.0 -> v0.57.0 (indirect)
- golang.org/x/exp: bump (indirect)
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>