Closed
Conversation
e692fdd to
7b48f8c
Compare
648bda9 to
09c335a
Compare
hughhennelly
referenced
this pull request
in hughhennelly/mcp-context-forge
Feb 8, 2026
* feat(api): standardize gateway response format - Set *_unmasked fields to null in GatewayRead.masked() - Apply masking consistently across all gateway return paths - Mask credentials on cache reads - Update admin UI to indicate stored secrets are write-only - Update tests to verify masking behavior Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * delete artifact sbom Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(gateway): add configurable URL validation for gateway endpoints Add comprehensive URL validation with configurable network access controls for gateway and tool URL endpoints. This allows operators to control which network ranges are accessible based on their deployment environment. New configuration options: - SSRF_PROTECTION_ENABLED: Master switch for URL validation (default: true) - SSRF_ALLOW_LOCALHOST: Allow localhost/loopback (default: true for dev) - SSRF_ALLOW_PRIVATE_NETWORKS: Allow RFC 1918 ranges (default: true) - SSRF_DNS_FAIL_CLOSED: Reject unresolvable hostnames (default: false) - SSRF_BLOCKED_NETWORKS: CIDR ranges to always block - SSRF_BLOCKED_HOSTS: Hostnames to always block Features: - Validates all resolved IP addresses (A and AAAA records) - Normalizes hostnames (case-insensitive, trailing dot handling) - Blocks cloud metadata endpoints by default (169.254.169.254, etc.) - Dev-friendly defaults with strict mode available for production - Full documentation and Helm chart support Also includes minor admin UI formatting improvements. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(auth): add token-scoped filtering for list endpoints and gateway forwarding - Add token_teams parameter to list_servers and list_gateways endpoints for proper scoping based on JWT token team claims - Update server_service.list_servers() and gateway_service.list_gateways() to filter results by token scope (public-only, team-scoped, or unrestricted) - Skip caching for token-scoped queries to prevent cross-user data leakage - Update gateway forwarding (_forward_request_to_all) to respect token team scope - Fix public-only token handling in create endpoints (tools, resources, prompts, servers, gateways, A2A agents) to reject team/private visibility - Preserve None vs [] distinction in SSE/WebSocket for proper admin bypass - Update get_team_from_token to distinguish missing teams (legacy fallback) from explicit empty teams (public-only access) - Add request.state.token_teams storage in all auth paths for downstream access Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(auth): add normalize_token_teams for consistent token scoping Introduces a centralized `normalize_token_teams()` function in auth.py that provides consistent token team normalization across all code paths: - Missing teams key → empty list (public-only access) - Explicit null teams + admin flag → None (admin bypass) - Explicit null teams without admin → empty list (public-only) - Empty teams array → empty list (public-only) - Team list → normalized string IDs (team-scoped) Additional changes: - Update _get_token_teams_from_request() to use normalized teams - Fix caching in server/gateway services to only cache public-only queries - Fix server creation visibility parameter precedence - Update token_scoping middleware to use normalize_token_teams() - Add comprehensive unit tests for token normalization behavior Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(websocket): forward auth credentials to /rpc endpoint The WebSocket /ws endpoint now propagates authentication credentials when making internal requests to /rpc: - Forward JWT token as Authorization header when present - Forward proxy user header when trust_proxy_auth is enabled - Enables WebSocket transport to work with AUTH_REQUIRED=true Also adds unit tests to verify auth credential forwarding behavior. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * feat(rbac): add granular permission checks to all admin routes - Add @require_permission decorators to all 177 admin routes with allow_admin_bypass=False to enforce explicit permission checks - Add allow_admin_bypass parameter to require_permission and require_any_permission decorators for configurable admin bypass - Add has_admin_permission() method to PermissionService for checking admin-level access (is_admin, *, or admin.* permissions) - Update AdminAuthMiddleware to use has_admin_permission() for coarse-grained admin UI access control - Create shared test fixtures in tests/unit/mcpgateway/conftest.py for mocking PermissionService across unit tests - Update test files to use proper user context dict format Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * docs(rbac): comprehensive update to authentication and RBAC documentation Update documentation to accurately reflect the two-layer security model (Token Scoping + RBAC) and correct token scoping behavior. rbac.md: - Rewrite overview with two-layer security model explanation - Fix token scoping matrix (missing teams key = PUBLIC-ONLY, not UNRESTRICTED) - Add admin bypass requirements warning (requires BOTH teams:null AND is_admin:true) - Add public-only token limitations (cannot access private resources even if owned) - Add Permission System section with categories and fallback permissions - Add Configuration Safety section (AUTH_REQUIRED, TRUST_PROXY_AUTH warnings) - Update enforcement points matrix with Token Scoping and RBAC columns multitenancy.md: - Add Token Scoping Model section with secure-first defaults - Add Two-Layer Security Model section with request flow diagram - Add Enforcement Points Matrix - Add Token Scoping Invariants - Document multi-team token behavior (first team used for request.state.team_id) oauth-design.md & oauth-authorization-code-ui-design.md: - Add scope clarification notes (gateway OAuth delegation vs user auth) - Add Token Verification section - Add cross-references to RBAC and multitenancy docs AGENTS.md: - Add Authentication & RBAC Overview section with quick reference llms/mcpgateway.md & llms/api.md: - Add token scoping quick reference and examples - Add links to full documentation Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(rbac): add explicit db dependency to RBAC-protected routes Address load test findings from RCA #1 and IBM#2: - Add `db: Session = Depends(get_db)` to routes in email_auth.py, llm_config_router.py, and teams.py that use @require_permission - Fix test files to pass mock_db parameter after signature changes - Add shm_size: 256m to PostgreSQL in docker-compose.yml - Remove non-serializable content from resource update events - Disable CircuitBreaker plugin for consistent load testing These changes fix the NoneType errors (~33,700) observed under 4000 concurrent users where current_user_ctx["db"] was always None. Remaining critical issue: Transaction leak in streamablehttp_transport.py causing idle-in-transaction connections (see todo/rca2.md for details). Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(db): resolve transaction leak and connection pool exhaustion Critical fixes for load test failures at 4000 concurrent users: Issue #1 - Transaction leak in streamablehttp_transport.py (CRITICAL): - Add explicit asyncio.CancelledError handling in get_db() context manager - When MCP handlers are cancelled (client disconnect, timeout), the finally block may not execute properly, leaving transactions "idle in transaction" - Now explicitly rollback and close before re-raising CancelledError - Add rollback in direct SessionLocal usage at line ~1425 Issue IBM#2 - Missing db parameter in admin routes (HIGH): - Add `db: Session = Depends(get_db)` to 73 remaining admin routes - Routes with @require_permission but no db param caused decorator to create fresh session via fresh_db_session() for EVERY permission check - This doubled connection usage for affected routes under load Issue IBM#3 - Slow recovery from transaction leaks (MEDIUM): - Reduce IDLE_TRANSACTION_TIMEOUT from 300s to 30s in docker-compose.yml - Reduce CLIENT_IDLE_TIMEOUT from 300s to 60s - Leaked transactions now killed faster, preventing pool exhaustion Root cause confirmed: list_resources() MCP handler was primary source, with 155+ connections stuck on `SELECT resources.*` for up to 273 seconds. See todo/rca2.md for full analysis including live test data showing connection leak progression and 606+ idle transaction timeout errors. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(teams): use consistent user context format across all endpoints - Update request_to_join_team and leave_team to use dict-based user context - Fix teams router to use get_current_user_with_permissions consistently - Move /discover route before /{team_id} to prevent route shadowing - Update test fixtures to use mock_user_context dict format - Add transaction commits in resource_service to prevent connection leaks - Add missing docstring parameters for flake8 compliance Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(db): add explicit db.commit/close to prevent transaction leaks Add explicit db.commit(); db.close() calls to 100+ endpoints across all routers to prevent PostgreSQL connection leaks under high load. Problem: Under high concurrency, FastAPI's Depends(get_db) cleanup runs after response serialization, causing transactions to remain in 'idle in transaction' state for 20-30+ seconds, exhausting the connection pool. Solution: Explicitly commit and close database sessions immediately after database operations complete, before response serialization. Routers fixed: - tokens.py: 10 endpoints (create, list, get, update, revoke, usage, admin, team tokens) - llm_config_router.py: 14 endpoints (provider/model CRUD, health, gateway models) - sso.py: 5 endpoints (SSO provider CRUD) - email_auth.py: 3 endpoints (user create/update/delete) - oauth_router.py: 1 endpoint (delete_registered_client) - teams.py: 18 endpoints (team CRUD, members, invitations, join requests) - rbac.py: 12 endpoints (roles, user roles, permissions) - main.py: 14 CUD + 3 list + 7 RPC handlers Also fixes: - admin.py: Rename 21 unused db params to _db (pylint W0613) - test_teams*.py: Add mock_db fixture to tests calling router functions directly - Add llms/audit-db-transaction-management.md for future audits Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * ci(coverage): lower doctest coverage threshold to 30% Reduce the required doctest coverage from 34% to 30% to accommodate current coverage levels (32.17%). Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(rpc): fix list_gateways tuple unpacking and add token scoping The RPC list_gateways handler had two bugs: 1. Did not unpack the tuple (gateways, next_cursor) returned by gateway_service.list_gateways(), causing 'list' object has no attribute 'model_dump' error 2. Was missing token scoping via _get_rpc_filter_context(), which was the original R-02 security fix Also fixed all callers of list_gateways that expected a list but now receive a tuple: - mcpgateway/admin.py: get_gateways_section() - mcpgateway/services/import_service.py: 3 call sites Updated test mocks to return (list, None) tuples instead of lists. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(teams): build response before db.close() to avoid lazy-load errors The teams router was calling db.commit(); db.close() before building the TeamResponse, but TeamResponse includes team.get_member_count() which needs an active session. When the session is closed, the fallback in get_member_count() tries to access self.members (lazy-loaded), causing "Parent instance is not bound to a Session" errors. Fixed by building TeamResponse BEFORE calling db.close() in: - create_team - get_team - update_team Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(teams): fix update_team expecting team object but getting bool The service's update_team() returns bool, but the router was treating the return value as a team object and trying to access .id, .name, etc. Fixed by: 1. Checking the boolean return value for success 2. Fetching the team again after successful update to build the response Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix(teams): fix update_member_role return type mismatch The service's update_member_role() returns bool, but the router treated it as a member object. Fixed by: 1. Checking the boolean success 2. Added get_member() method to TeamManagementService 3. Fetching the updated member to build the response Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix teams return Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Signed-off-by: hughhennnelly <hughhennelly06@gmail.com>
This was referenced Feb 11, 2026
5 tasks
This was referenced Feb 19, 2026
4 tasks
crivetimihai
pushed a commit
that referenced
this pull request
Feb 24, 2026
1. Fix broken imports (Issue #1): - Change from ..database to ..db - Fix unified_pdp imports to use plugins.unified_pdp - Update in routes, services, schemas, and tests 2. Register sandbox router in main.py (Issue #2): - Add import and app.include_router call 3. Fix XSS vulnerability (Issue #3): - Replace f-string HTML with Jinja2 template - Create sandbox_simulate_results.html template - Add Request parameter for template access 4. Add authentication (Issue #4): - Add Depends(get_current_user) to simulate endpoint 5. Remove scratch files (Issue #5): - Delete sandbox_header.txt and sandbox_new_header.txt 6. Resolve schemas conflict (Issue #6): - Merge schemas/sandbox.py into schemas.py - Remove conflicting schemas/ directory - Update imports in routes and services All changes tested and ready for review. Related to #2226 Signed-off-by: hughhennelly <hughhennelly06@gmail.com>
This was referenced Feb 25, 2026
4 tasks
This was referenced Feb 26, 2026
4 tasks
10 tasks
7 tasks
10 tasks
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
Detected Package Files
deployment/ansible/ibm-cloud/requirements.yml(ansible-galaxy)mcp-servers/rust/fast-test-server/Cargo.toml(cargo)plugins_rust/Cargo.toml(cargo)compose.upgrade.yml(docker-compose)docker-compose-debug.yml(docker-compose)docker-compose-performance.yml(docker-compose)docker-compose-verbose-logging.yml(docker-compose)docker-compose.mariadb.yml(docker-compose)docker-compose.phoenix-simple.yml(docker-compose)docker-compose.with-phoenix.yml(docker-compose)docker-compose.yml(docker-compose)mcp-servers/python/mcp_eval_server/docker-compose.yml(docker-compose)plugins/external/llmguard/docker-compose.yaml(docker-compose).devcontainer/Dockerfile(dockerfile)Containerfile(dockerfile)Containerfile.lite(dockerfile)Containerfile.scratch(dockerfile)agent_runtimes/langchain_agent/Dockerfile(dockerfile)infra/nginx/Dockerfile(dockerfile)mcp-servers/go/benchmark-server/Dockerfile(dockerfile)mcp-servers/go/fast-time-server/Dockerfile(dockerfile)mcp-servers/go/pandoc-server/Dockerfile(dockerfile)mcp-servers/go/system-monitor-server/Dockerfile(dockerfile)mcp-servers/python/csv_pandas_chat_server/Containerfile(dockerfile)mcp-servers/python/data_analysis_server/Containerfile(dockerfile)mcp-servers/python/docx_server/Containerfile(dockerfile)mcp-servers/python/graphviz_server/Containerfile(dockerfile)mcp-servers/python/latex_server/Containerfile(dockerfile)mcp-servers/python/libreoffice_server/Containerfile(dockerfile)mcp-servers/python/mcp-rss-search/Containerfile(dockerfile)mcp-servers/python/mcp_eval_server/Containerfile(dockerfile)mcp-servers/python/pm_mcp_server/Containerfile(dockerfile)mcp-servers/python/pptx_server/Containerfile(dockerfile)mcp-servers/python/python_sandbox_server/Containerfile(dockerfile)mcp-servers/python/python_sandbox_server/docker/Dockerfile.sandbox(dockerfile)mcp-servers/python/synthetic_data_server/Containerfile(dockerfile)mcp-servers/python/url_to_markdown_server/Containerfile(dockerfile)mcp-servers/python/xlsx_server/Containerfile(dockerfile)mcp-servers/rust/fast-test-server/Containerfile(dockerfile)mcp-servers/rust/fast-test-server/Dockerfile(dockerfile)mcp-servers/templates/go/Dockerfile.jinja(dockerfile)mcp-servers/templates/python/Containerfile.jinja(dockerfile)plugin_templates/external/Containerfile(dockerfile)plugins/external/cedar/Containerfile(dockerfile)plugins/external/llmguard/Containerfile(dockerfile)plugins/external/opa/Containerfile(dockerfile).github/workflows/bandit.yml(github-actions).github/workflows/codeql.yml(github-actions).github/workflows/dependency-review.yml(github-actions).github/workflows/docker-multiplatform.yml(github-actions).github/workflows/docker-release.yml(github-actions).github/workflows/docker-scan.yml(github-actions).github/workflows/full-build-pipeline.yml(github-actions).github/workflows/ibm-cloud-code-engine.yml(github-actions).github/workflows/lint-plugins.yml(github-actions).github/workflows/lint-web.yml(github-actions).github/workflows/lint.yml(github-actions).github/workflows/pytest.yml(github-actions).github/workflows/python-package.yml(github-actions).github/workflows/rust-plugins.yml(github-actions)mcp-servers/go/benchmark-server/go.mod(gomod)mcp-servers/go/calculator-server/go.mod(gomod)mcp-servers/go/fast-time-server/go.mod(gomod)mcp-servers/go/pandoc-server/go.mod(gomod)mcp-servers/go/system-monitor-server/go.mod(gomod)charts/mcp-stack/values.yaml(helm-values)mcpgateway/templates/admin.html(html)mcpgateway/templates/change-password-required.html(html)mcpgateway/templates/login.html(html)package.json(npm)agent_runtimes/langchain_agent/pyproject.toml(pep621)mcp-servers/python/chunker_server/pyproject.toml(pep621)mcp-servers/python/code_splitter_server/pyproject.toml(pep621)mcp-servers/python/csv_pandas_chat_server/pyproject.toml(pep621)mcp-servers/python/data_analysis_server/pyproject.toml(pep621)mcp-servers/python/docx_server/pyproject.toml(pep621)mcp-servers/python/graphviz_server/pyproject.toml(pep621)mcp-servers/python/latex_server/pyproject.toml(pep621)mcp-servers/python/libreoffice_server/pyproject.toml(pep621)mcp-servers/python/mcp-rss-search/pyproject.toml(pep621)mcp-servers/python/mcp_eval_server/pyproject.toml(pep621)mcp-servers/python/mermaid_server/pyproject.toml(pep621)mcp-servers/python/output_schema_test_server/pyproject.toml(pep621)mcp-servers/python/plotly_server/pyproject.toml(pep621)mcp-servers/python/pm_mcp_server/pyproject.toml(pep621)mcp-servers/python/pptx_server/pyproject.toml(pep621)mcp-servers/python/python_sandbox_server/pyproject.toml(pep621)mcp-servers/python/synthetic_data_server/pyproject.toml(pep621)mcp-servers/python/url_to_markdown_server/pyproject.toml(pep621)mcp-servers/python/xlsx_server/pyproject.toml(pep621)plugins/external/cedar/pyproject.toml(pep621)plugins/external/llmguard/pyproject.toml(pep621)plugins/external/opa/pyproject.toml(pep621)plugins_rust/pyproject.toml(pep621)pyproject.toml(pep621)agent_runtimes/langchain_agent/requirements.txt(pip_requirements)docs/requirements.txt(pip_requirements)mcp-servers/python/data_analysis_server/requirements.txt(pip_requirements)deployment/terraform/ibm-cloud/helm_release.tf(terraform)deployment/terraform/ibm-cloud/provider.tf(terraform)deployment/terraform/ibm-cloud/versions.tf(terraform)deployment/terraform/ibm-cloud/vpc_cluster.tf(terraform)Configuration Summary
Based on the default config's presets, Renovate will:
fixfor dependencies andchorefor all others if semantic commits are in use.node_modules,bower_components,vendorand various test/tests (except for nuget) directories.🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to
renovate.jsonin this branch. Renovate will update the Pull Request description the next time it runs.What to Expect
With your current configuration, Renovate will create 46 Pull Requests:
chore(deps): update mcp-contextforge-gateway digest to 0d8fb71
renovate/mcp-contextforge-gateway-digestmain0d8fb7191c6ffc3772008fef7ca3529a95ad4002fix(deps): update github.com/knetic/govaluate digest to 7625b7f
renovate/github.com-knetic-govaluate-digestmain7625b7f8c03df11d0ec9b5617b0ea21e8b8af61bchore(deps): update dependency astral-sh/uv to v0.9.25
renovate/astral-sh-uv-0.xmain0.9.25chore(deps): update dependency codemirror to v5.65.20
renovate/codemirror-5.xmain5.65.20chore(deps): update dependency eslint-plugin-prettier to v5.5.5
renovate/eslint-plugin-prettier-5.x-lockfilemain5.5.5chore(deps): update registry.access.redhat.com/ubi10-minimal docker tag to v10.1-1766033715
renovate/registry.access.redhat.com-ubi10-minimal-10.xmain10.1-1766033715chore(deps): update registry.access.redhat.com/ubi10/ubi-minimal docker tag to v10.1-1766033715
renovate/registry.access.redhat.com-ubi10-ubi-minimal-10.xmain10.1-1766033715chore(deps): update dependency font-awesome to v6.7.2
renovate/font-awesome-6.xmain6.7.2chore(deps): update dependency go to v1.25.5
renovate/go-1.xmain1.25.5chore(deps): update dependency keyv to v5.5.5
renovate/keyv-5.xmain5.5.5chore(deps): update dependency prettier to v3.8.0
renovate/prettier-3.x-lockfilemain3.8.0chore(deps): update dependency python
renovate/python-3.xmain3.143.12-slim3.12-alpinechore(deps): update docker/dockerfile docker tag to v1.20
renovate/docker-dockerfile-1.xmain1.20chore(deps): update docker/login-action action to v3.6.0
renovate/docker-login-action-3.xmainv3.6.0chore(deps): update docker/setup-buildx-action action to v3.12.0
renovate/docker-setup-buildx-action-3.xmainv3.12.0chore(deps): update golang docker tag to v1.25
renovate/golang-1.xmain1.25-alpine1.25chore(deps): update mariadb docker tag to v10.11
renovate/mariadb-10.xmain10.11chore(deps): update quay.io/pypa/manylinux2014 docker tag
renovate/quay.io-pypa-manylinux2014-2025.xmain2025.12.26-22025.12.29-1chore(deps): update registry.access.redhat.com/ubi9/ubi docker tag to v9.7-1767674301
renovate/registry.access.redhat.com-ubi9-ubi-9.xmain9.7-1767674301chore(deps): update registry.access.redhat.com/ubi10/ubi docker tag to v10.1-1767602397
renovate/registry.access.redhat.com-ubi10-ubi-10.xmain10.1-1767602397chore(deps): update rust crate criterion to 0.8
renovate/criterion-0.xmain0.8fix(deps): update module github.com/mark3labs/mcp-go to v0.43.2
renovate/github.com-mark3labs-mcp-go-0.xmainv0.43.2fix(deps): update module github.com/shirou/gopsutil/v3 to v3.24.5
renovate/github.com-shirou-gopsutil-v3-3.xmainv3.24.5fix(deps): update module github.com/shopspring/decimal to v1.4.0
renovate/github.com-shopspring-decimal-1.xmainv1.4.0fix(deps): update module gonum.org/v1/gonum to v0.17.0
renovate/gonum.org-v1-gonum-0.xmainv0.17.0fix(deps): update rust crate schemars to 0.9
renovate/schemars-0.xmain0.9chore(deps): update actions/cache action to v5
renovate/actions-cache-5.xmainv5chore(deps): update actions/checkout action to v6
renovate/actions-checkout-6.xmainv6chore(deps): update actions/setup-node action to v6
renovate/actions-setup-node-6.xmainv6chore(deps): update actions/setup-python action to v6
renovate/actions-setup-python-6.xmainv6chore(deps): update astral-sh/setup-uv action to v7
renovate/astral-sh-setup-uv-7.xmainv7chore(deps): update codecov/codecov-action action to v5
renovate/codecov-codecov-action-5.xmainv5chore(deps): update dependency @stylistic/stylelint-config to v3
renovate/stylistic-stylelint-config-3.xmain^3.0.0chore(deps): update dependency codemirror to v6
renovate/codemirror-6.xmain6.65.7chore(deps): update dependency eslint-config-prettier to v10
renovate/eslint-config-prettier-10.xmain^10.0.0chore(deps): update dependency font-awesome to v7
renovate/font-awesome-7.xmain7.0.1chore(deps): update dependency node to v24
renovate/node-24.xmain24chore(deps): update dependency stylelint-config-standard to v39
renovate/stylelint-config-standard-39.xmain^39.0.0chore(deps): update github artifact actions to v6 (major)
renovate/major-github-artifact-actionsmainv6v6.0.0chore(deps): update github/codeql-action action to v4
renovate/github-codeql-action-4.xmainv4chore(deps): update mariadb docker tag to v12
renovate/mariadb-12.xmain12.1chore(deps): update postgres docker tag to v18
renovate/postgres-18.xmain18chore(deps): update quay.io/pypa/manylinux2014 docker tag to v2026
renovate/quay.io-pypa-manylinux2014-2026.xmain2026.01.03-22026.01.10-1chore(deps): update redis docker tag to v8
renovate/redis-8.xmain8-alpinefix(deps): update module github.com/shirou/gopsutil/v3 to v4
renovate/github.com-shirou-gopsutil-v3-4.xmainv4.25.12fix(deps): update rust crate schemars to v1
renovate/schemars-1.xmain1.0🚸 Branch creation will be limited to maximum 1 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for
prhourlylimitfor details.Warning
Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this PR.
Failed to look up galaxy-collection package ibm.cloudcollection # IBM Cloud wrapper modulesFailed to look up galaxy-collection package kubernetes.core # k8s + helm modulesFailed to look up git-tags package helm/k8sFailed to look up galaxy-collection package community.general # random-password lookupFailed to look up docker package ghcr.io/ibm/mcp-context-forge-chart/mcp-context-forge-chart/mcpgatewayFiles affected:
deployment/ansible/ibm-cloud/requirements.yml,deployment/terraform/ibm-cloud/helm_release.tf❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.
This PR was generated by Mend Renovate. View the repository job log.