Skip to content

chore(deps): bump google.golang.org/api from 0.272.0 to 0.275.0#145

Merged
wcatz merged 1 commit intomainfrom
dependabot/go_modules/google.golang.org/api-0.275.0
Apr 17, 2026
Merged

chore(deps): bump google.golang.org/api from 0.272.0 to 0.275.0#145
wcatz merged 1 commit intomainfrom
dependabot/go_modules/google.golang.org/api-0.275.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 11, 2026
edited
Loading

Bumps google.golang.org/api from 0.272.0 to 0.275.0.

Release notes

Sourced from google.golang.org/api's releases.

v0.275.0

0.275.0 (2026-04-07)

Features

v0.274.0

0.274.0 (2026-04-02)

Features

v0.273.1

0.273.1 (2026-03-31)

Bug Fixes

  • Merge duplicate x-goog-request-params header (#3547) (2008108)

v0.273.0

0.273.0 (2026-03-23)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.275.0 (2026-04-07)

Features

0.274.0 (2026-04-02)

Features

0.273.1 (2026-03-31)

Bug Fixes

  • Merge duplicate x-goog-request-params header (#3547) (2008108)

0.273.0 (2026-03-23)

Features

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 11, 2026
@dependabot dependabot Bot mentioned this pull request Apr 11, 2026
Closed
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/api-0.275.0 branch from dbda83b to c8c019e Compare April 17, 2026 13:30
@dependabot
chore(deps): bump google.golang.org/api from 0.272.0 to 0.275.0
d1039d5 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.272.0 to 0.275.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.272.0...v0.275.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.275.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/api-0.275.0 branch from c8c019e to d1039d5 Compare April 17, 2026 13:34
@wcatz wcatz merged commit 2153111 into main Apr 17, 2026
4 checks passed
@wcatz wcatz deleted the dependabot/go_modules/google.golang.org/api-0.275.0 branch April 17, 2026 20:41
wcatz pushed a commit that referenced this pull request Apr 17, 2026
@dependabot @wcatz
chore(deps): bump google.golang.org/api from 0.272.0 to 0.275.0 (#145)
df63bf2 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.272.0 to 0.275.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.272.0...v0.275.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.275.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
wcatz added a commit that referenced this pull request Apr 17, 2026
@wcatz @dependabot
fix(mcp): audit fixes — ownership check, panic guard, partial update,…
82ed8ad 
… hybrid search (#146)

* fix(mcp): audit fixes — ownership check, panic guard, partial update, hybrid search

Addresses 11 of 13 findings from MCP server audit:

🔴 Reds (crashes / data loss):
- ghost_health: p.ID[:8] panics on _global (7 chars) → min(len, 8)
- ghost_memory_delete: no ownership boundary → requires project_id, verifies via GetByIDs
- ghost_task_update: Priority int+omitempty silently clobbers to 0 → *int/*string + fetch current task

🟠 Correctness:
- ghost_task_update: omitting description wiped the field → fetch-and-merge via new GetTask store method
- ghost_search_all: FTS-only even when embedder available → SearchHybridAll (RRF) added to store
- Resource URI handlers: copy-pasted 3×, no PathUnescape → parseProjectIDFromURI helper

🟡 Quality / Design:
- EnsureProject path arg was project name, not fs path → pass "" for MCP-created projects
- ghost_memory_save / ghost_save_global: no content length limit → 2000-char cap, truncation reported
- ghost_task_list: hardcoded limit=30 → configurable Limit field (default 30, max 100)
- formatMemories: json.Marshal result silently discarded → check err before use
- ghost_memory_search description: category filter truncation undocumented → documented

Store additions: GetTask, SearchVectorAll, SearchHybridAll (all wired into MemoryStore interface).
Deferred: resolveProjectID O(n) scan (#6), registerTools monolith (#13).

* fix(lint): add nolint:errcheck to SearchVectorAll defer rows.Close()

* chore(deps): bump google.golang.org/api from 0.272.0 to 0.275.0 (#145)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.272.0 to 0.275.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.272.0...v0.275.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.275.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wcatz