Skip to content

azd-ext-jongio-azd-copilot_0.2.4-pr72

@jongio jongio tagged this 09 Jul 19:33
* deps: upgrade all dependencies to latest

Go:
- cli: bump go directive 1.26.4 -> 1.26.5 to remediate GO-2026-5856
  (crypto/tls stdlib vuln fixed in go1.26.5)
- cli: golang.org/x/crypto 0.53.0->0.54.0, sync 0.21.0->0.22.0,
  sys 0.46.0->0.47.0, term 0.44.0->0.45.0, text 0.39.0->0.40.0
- tools/scenario: golang.org/x/sys 0.46.0->0.47.0,
  modernc.org/libc 1.74.0->1.74.1
- workflows: GO_VERSION 1.26.4 -> 1.26.5 (ci, pr-build, release,
  release-only, update-azd-core)

npm (cli):
- refresh 11 transitive @azure/msal-* deps in package-lock.json (0 vulns)

pnpm (web):
- astro 7.0.6 -> 7.0.7
- @types/node 26.1.0 -> 26.1.1
- overrides: tinyglobby>picomatch 4.0.4->4.0.5,
  yaml-language-server>yaml 2.8.3->2.9.0

All builds, vet, gofmt, golangci-lint, gosec, govulncheck, and test
suites pass locally under go1.26.5; web build + frozen-lockfile install
verified.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* deps: upgrade all dependencies to latest

- github.com/mark3labs/mcp-go: v0.55.1 -> v0.56.0

- golang.org/x/net: v0.56.0 -> v0.57.0 (indirect)

- golang.org/x/exp: bump (indirect)

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Assets 2
Loading