Skip to content

build(deps): bump rmcp from 1.8.0 to 2.2.0#9

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rmcp-2.2.0
Closed

build(deps): bump rmcp from 1.8.0 to 2.2.0#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/rmcp-2.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps rmcp from 1.8.0 to 2.2.0.

Release notes

Sourced from rmcp's releases.

rmcp-macros-v2.2.0

Added

  • [breaking] align model types with MCP 2025-11-25 spec (#927)

Fixed

  • fill missing fully qualified syntax in prompt_handler macros (#866)

Other

  • align README examples with v2 model API (#928)

rmcp-v2.2.0

Added

  • reject auth servers lacking S256 PKCE support (#955)

Fixed

  • pass client conformance suite (#960)
  • don't respond to cancelled requests (#957)
  • fail orphaned streamable HTTP responses on reinit (#914)
  • address 2025-11-25 conformance audit findings (#951)

rmcp-macros-v2.1.0

Added

  • [breaking] align model types with MCP 2025-11-25 spec (#927)

Fixed

  • fill missing fully qualified syntax in prompt_handler macros (#866)

Other

  • align README examples with v2 model API (#928)

rmcp-v2.1.0

Added

  • add SEP-414 trace context meta accessors (#910)
  • add SEP-2575 meta helpers (#942)

Fixed

  • (transport) make AsyncRwTransport::receive cancel-safe (#941) (#947)
  • (auth) preserve refresh_token when refresh response omits it (#949)
  • block redirect header leaks (#936)
  • don't respond to unparsable messages (#940)

... (truncated)

Commits
  • 5195776 chore: release v2.2.0 (#953)
  • 6dd7b85 chore(deps): update p256 requirement from 0.13 to 0.14 (#959)
  • a037935 fix: pass client conformance suite (#960)
  • dbda50c fix: don't respond to cancelled requests (#957)
  • 45f2f72 fix: fail orphaned streamable HTTP responses on reinit (#914)
  • 95490fa feat: reject auth servers lacking S256 PKCE support (#955)
  • bdf0c32 fix: address 2025-11-25 conformance audit findings (#951)
  • 8e44af4 chore: release v2.1.0 (#950)
  • 4833ec7 fix(transport): make AsyncRwTransport::receive cancel-safe (#941) (#947)
  • 5837e22 fix(auth): preserve refresh_token when refresh response omits it (#949)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [rmcp](https://github.com/modelcontextprotocol/rust-sdk) from 1.8.0 to 2.2.0.
- [Release notes](https://github.com/modelcontextprotocol/rust-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/rust-sdk/blob/main/release-plz.toml)
- [Commits](modelcontextprotocol/rust-sdk@rmcp-v1.8.0...rmcp-v2.2.0)

---
updated-dependencies:
- dependency-name: rmcp
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 9, 2026
AnderEnder added a commit that referenced this pull request Jul 10, 2026
…y fixes) (#11)

* build(deps): update dependencies within semver ranges

Resolves 3 security advisories via cargo update (all within existing
Cargo.toml ranges):

- quick-xml 0.37.5 -> 0.41.0 (via feed-rs 2.3.1 -> 2.4.0)
  fixes RUSTSEC-2026-0194 and RUSTSEC-2026-0195 (both high, 7.5)
- quinn-proto 0.11.14 -> 0.11.16 (via reqwest) fixes RUSTSEC-2026-0185 (high)
- anyhow 1.0.102 -> 1.0.103 fixes RUSTSEC-2026-0190 (unsound)

Also bumps clap_complete 4.6.5 -> 4.6.7 and assorted transitive crates.
cargo audit clean; build, test, clippy -D warnings all pass.

* build(deps): upgrade rmcp 1.x -> 2.2.0

Major bump of the MCP SDK. rmcp 2.0 aligns model types with the MCP
2025-11-25 spec; the only source change needed was the Content ->
ContentBlock rename (unified content model, replacing the Annotated<T>
wrapper). CallToolResult::success/error and the structured_content field
are unchanged, so the tool router, output schemas, annotations, and
structured-content behavior all carry over untouched.

Verified end-to-end against `rss mcp`: initialize negotiates protocol
2025-11-25, tools/list advertises all four tools with output schemas, and
a live fetch_feed tools/call returns structuredContent over the wire.
build, test (99 tests), and clippy -D warnings all pass.

Supersedes Dependabot PR #9.
@dependabot @github

dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

Looks like rmcp is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 10, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/rmcp-2.2.0 branch July 10, 2026 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants