build(deps): bump github.com/modelcontextprotocol/go-sdk from 1.2.0 to 1.3.1

[dependabot]

Bumps github.com/modelcontextprotocol/go-sdk from 1.2.0 to 1.3.1.

Release notes

Sourced from github.com/modelcontextprotocol/go-sdk's releases.

v1.3.1

This release is a patch release for v1.3.0.

It contains a cherry-pick for a security issue reported in #805, which takes advantage of the default behavior of Go's standard library JSON decoder that allows case-insensitive matches to struct field names (or "json" tags). The issue has been addressed by changing the JSON decoder to one that supports case sensitive matching.

Fixes

• all: use case-sensitive JSON unmarshaling by @​maciej-kisiel in modelcontextprotocol/go-sdk#807

New external dependencies

• https://github.com/segmentio/encoding, which is the package that provides the new decoder.

Full Changelog: modelcontextprotocol/go-sdk@v1.3.0...v1.3.1

v1.3.0

This release is equivalent to v1.3.0-pre.1. Thank you to those who tested the pre-release.

This release includes several enhancements and bugfixes. Worth mentioning is the addition of schema caching, which significantly improves the performance in some stateless server deployment scenarios.

Dependency updates

• go.mod: upgrade to jsonschema v0.4.2 by @​jba in modelcontextprotocol/go-sdk#732

Enhancements

• perf: add schema caching to avoid repeated reflection by @​SamMorrowDrums in modelcontextprotocol/go-sdk#685
• mcp: add DisableListening option to StreamableClientTransport by @​zxxf18 in modelcontextprotocol/go-sdk#729
• feat: deprecated logger in client & add Logger in ClientOption by @​CocaineCong in modelcontextprotocol/go-sdk#738
• feat: deleted the old logger in client by @​CocaineCong in modelcontextprotocol/go-sdk#744
• Export GetError and SetError methods by @​jba in modelcontextprotocol/go-sdk#753

Bugfixes

• fix: connectStandaloneSSE checking Content-Type header by @​liushuangls in modelcontextprotocol/go-sdk#736
• mcp: fix SSEClientTransport to report HTTP errors properly by @​hassan123789 in modelcontextprotocol/go-sdk#740
• mcp: add Allow header to 405 responses per RFC 9110 §15.5.6 by @​SamMorrowDrums in modelcontextprotocol/go-sdk#757
• mcp: fix a race condition in logging by @​maciej-kisiel in modelcontextprotocol/go-sdk#761

Chores

• docs: adds SDK version support matrix by @​La002 in modelcontextprotocol/go-sdk#737
• .github/workflows: add nightly conformance tests by @​findleyr in modelcontextprotocol/go-sdk#752

New Contributors

• @​La002 made their first contribution in modelcontextprotocol/go-sdk#737
• @​hassan123789 made their first contribution in modelcontextprotocol/go-sdk#740
• @​liushuangls made their first contribution in modelcontextprotocol/go-sdk#736
• @​CocaineCong made their first contribution in modelcontextprotocol/go-sdk#738
• @​zxxf18 made their first contribution in modelcontextprotocol/go-sdk#729
• @​SamMorrowDrums made their first contribution in modelcontextprotocol/go-sdk#685
• @​maciej-kisiel made their first contribution in modelcontextprotocol/go-sdk#761

Full Changelog: modelcontextprotocol/go-sdk@v1.2.0...v1.3.0

... (truncated)

Commits

• 6e8ca56 all: use case-sensitive JSON unmarshaling (#807)
• 6b75899 mcp: fix a race condition in logging
• 52e03de mcp: add Allow header to 405 responses per RFC 9110 §15.5.6 (#757)
• c2c7edc perf: add schema caching to avoid repeated reflection (#685)
• 3381035 .github/workflows: add nightly conformance tests
• 13488f7 Export GetError and SetError methods (#753)
• b4f957f mcp: add DisableListening option to StreamableClientTransport (#729)
• a225d4d delete the old logger in client (#744)
• 61be548 feat: deprecated logger in client & add Logger in ClientOption (#738)
• e66c23f mcp: fix connectStandaloneSSE checking Content-Type header (#736)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated internal dependencies (including indirect packages) to newer compatible versions to improve stability and compatibility.

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign mitalibhalla for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

Walkthrough

Updated direct dependencies in go.mod: github.com/modelcontextprotocol/go-sdk v1.2.0 → v1.3.1 and github.com/google/jsonschema-go v0.3.0 → v0.4.2. Added two indirect transitive dependencies: github.com/segmentio/asm and github.com/segmentio/encoding.

Changes

Cohort / File(s)	Summary
Dependency Updates go.mod	Bumped github.com/modelcontextprotocol/go-sdk v1.2.0 → v1.3.1 and github.com/google/jsonschema-go v0.3.0 → v0.4.2; added indirect transitive dependencies github.com/segmentio/asm v1.1.3 and github.com/segmentio/encoding v0.5.3.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	PR adds 1,218 assertions but only ~7% include meaningful failure messages; ~93% lack diagnostic context per quality requirements.	Add descriptive failure messages to all 1,130+ assertions lacking them and consider implementing linting rules to enforce this standard in future PRs.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly references the primary dependency update from v1.2.0 to v1.3.1, which is the main change in the PR, but omits the secondary dependency update to jsonschema-go.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	This pull request is a pure dependency update that only modifies go.mod and go.sum files with no test files modified, making the test names check not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/github.com/modelcontextprotocol/go-sdk-1.3.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.04%. Comparing base (6e5f228) to head (45ef141).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #898      +/-   ##
==========================================
+ Coverage   53.01%   53.04%   +0.03%     
==========================================
  Files          86       86              
  Lines        6538     6538              
==========================================
+ Hits         3466     3468       +2     
+ Misses       2610     2609       -1     
+ Partials      462      461       -1     

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[openshift-ci]

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/lint	45ef141	link	true	/test lint

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.