fix(deps): update module github.com/stacklok/toolhive to v0.6.17

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/toolhive	v0.6.7 → v0.6.17

---

Release Notes

stacklok/toolhive (github.com/stacklok/toolhive)

v0.6.17

Compare Source

What's Changed

• add feature flags to enable/disable controller groups by @​amirejaz in #​3093
• Ensure error types are checked with errors.Is() by @​dmjb in #​3189
• Enforce that errors are handled in the codebase by @​dmjb in #​3190
• Update registry from toolhive-registry release v2026.01.05 by @​github-actions[bot] in #​3184
• Remove use of the Workload Manager interface from k8s by @​dmjb in #​3187
• Add bearer token source and config foundation by @​amirejaz in #​3191
• fix: exit proxy when kubectl attach connection fails permanently by @​therealnb in #​3183
• Add DynamicRegistry with version-based cache invalidation by @​yrobla in #​3188
• Get rid of bespoke error handling by @​dmjb in #​3194
• Automatic type coercion for composite tool template expansion by @​jerm-dro in #​3139
• Implement Secret Reference Pattern for Bearer Tokens by @​amirejaz in #​3193
• VMCP: Delete rawConfig by @​jerm-dro in #​3155
• vMCP: camelCase the config by @​jerm-dro in #​3195
• Update registry from toolhive-registry release v2026.01.06 by @​github-actions[bot] in #​3198
• Add Bearer Token Authentication Discovery with Priority Handling by @​amirejaz in #​3197
• Add CLI flags for bearer token authentication by @​amirejaz in #​3202
• Update registry from toolhive-registry release v2026.01.07 by @​github-actions[bot] in #​3209
• Refresh logo and diagrams by @​danbarr in #​3206
• Allow edit operation to reuse proxy port of the old proxy by @​dmjb in #​3200
• Update module github.com/cedar-policy/cedar-go to v1.4.0 by @​renovate[bot] in #​3204
• add remote server configuration methods to Transport interface by @​amirejaz in #​3211
• Add reactive 401 detection for bearer token authentication failures by @​amirejaz in #​3201
• Add K8s manager infrastructure for vMCP dynamic backend discovery by @​yrobla in #​3192
• add bearer token authentication support to workload API by @​amirejaz in #​3214
• Vmcp: Add but do not use app config to the CRD by @​jerm-dro in #​3203
• Update registry from toolhive-registry release v2026.01.08 by @​github-actions[bot] in #​3220
• Update anthropics/claude-code-action digest to c9ec2b0 by @​renovate[bot] in #​3196
• Update k8s.io/utils digest to 0fe9cd7 by @​renovate[bot] in #​3199
• Check if a secret is empty before migrating by @​eleftherias in #​3223
• Add retry logic for health check failures by @​flfeurmou-indeed in #​3222
• Vmcp: migrate groupref into config by @​jerm-dro in #​3205
• Update module golang.org/x/sys to v0.40.0 by @​renovate[bot] in #​3225
• Update anchore/sbom-action action to v0.21.1 by @​renovate[bot] in #​3226
• Bump Image Versions to Latest Release by @​jerm-dro in #​3217
• Add X-Forwarded-Prefix support for SSE endpoint URL rewriting by @​dmjb in #​3210

New Contributors

• @​flfeurmou-indeed made their first contribution in #​3222

Full Changelog: stacklok/toolhive@v0.6.16...v0.6.17

v0.6.16

Compare Source

What's Changed

• Apply default MaxDataSize when config value is zero by @​jhrozek in #​3061
• Add /status HTTP endpoint to vMCP server (#​2998) by @​jhrozek in #​3066
• Update toolhive images to v0.6.15 by @​renovate[bot] in #​3088
• Update registry from toolhive-registry release v2025.12.18 by @​github-actions[bot] in #​3090
• Update anthropics/claude-code-action digest to 0d19335 by @​renovate[bot] in #​3092
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.1-1766033715 by @​renovate[bot] in #​3096
• add crd fields for vmcp audit config by @​yrobla in #​3098
• Set Format field for default Kubernetes registry by @​dmartinol in #​3099
• Update docker/setup-buildx-action action to v3.12.0 by @​renovate[bot] in #​3117
• Add core health monitoring infrastructure for vmcp backends by @​yrobla in #​3100
• Rotate K8s versions to add 1.35 for tests by @​danbarr in #​3124
• Update registry from toolhive-registry release v2025.12.20 by @​github-actions[bot] in #​3112
• Update anthropics/claude-code-action digest to 7145c3e by @​renovate[bot] in #​3123
• Update golang.org/x/exp/jsonrpc2 digest to 944ab1f by @​renovate[bot] in #​3122
• fix: set ObservedGeneration in all validateCOmpositeToolsRefs paths by @​slyt3 in #​2979
• Fix audit middleware to always restore request body by @​jhrozek in #​3060
• Update k8s.io/utils digest to 98d557b by @​renovate[bot] in #​3105
• Update registry from toolhive-registry release v2025.12.21 by @​github-actions[bot] in #​3129
• Update registry from toolhive-registry release v2025.12.22 by @​github-actions[bot] in #​3130
• fix error of invalid memory address on TestAudit by @​yrobla in #​3134
• Replace context.Background() with cmd.Context() in CLI commands by @​mohamedfawas in #​3095
• Update issue triage workflow by @​eleftherias in #​3135
• Update k8s.io/utils digest to 9d40a56 by @​renovate[bot] in #​3127
• Docs for Desired Error Handling by @​jerm-dro in #​3089
• Composite Tools: Fix plumbing for on-error-continue config by @​jerm-dro in #​3118
• cli: standardize error wrapping with %w (#​3040) by @​mohamedfawas in #​3094
• Update registry from toolhive-registry release v2025.12.23 by @​github-actions[bot] in #​3141
• Update k8s.io/utils digest to 718f0e5 by @​renovate[bot] in #​3140
• Add practical examples to major CLI commands by @​AlankarJagtap in #​3126
• Bump the operator values by @​rdimitrov in #​3145
• Update helm/kind-action digest to f5f117a by @​renovate[bot] in #​3137
• Update module github.com/lestrrat-go/httprc/v3 to v3.0.3 by @​renovate[bot] in #​3143
• Update kubernetes packages to v0.35.0 by @​renovate[bot] in #​3091
• Integrate health monitoring into vMCP server by @​yrobla in #​3101
• K8s Client: Apply Pod Spec Annotations by @​jerm-dro in #​3152
• Fix Failing Test: Remove Large File by @​jerm-dro in #​3154
• Update registry from toolhive-registry release v2025.12.24 by @​github-actions[bot] in #​3156
• Update registry from toolhive-registry release v2025.12.25 by @​github-actions[bot] in #​3158
• Update registry from toolhive-registry release v2025.12.26 by @​github-actions[bot] in #​3160
• Update registry from toolhive-registry release v2025.12.27 by @​github-actions[bot] in #​3162
• feat: Add tool annotations for improved LLM tool understanding by @​triepod-ai in #​3167
• Update registry from toolhive-registry release v2025.12.28 by @​github-actions[bot] in #​3170
• Update anchore/sbom-action action to v0.21.0 by @​renovate[bot] in #​3150
• Update registry from toolhive-registry release v2025.12.30 by @​github-actions[bot] in #​3172
• Update registry from toolhive-registry release v2025.12.31 by @​github-actions[bot] in #​3175
• Update registry from toolhive-registry release v2026.01.01 by @​github-actions[bot] in #​3176
• Update registry from toolhive-registry release v2026.01.02 by @​github-actions[bot] in #​3177
• fix: Convert secret.go subcommands from Run to RunE for proper error propagation by @​majiayu000 in #​3164
• fix: Standardize CLI output messages to use 'Workload' terminology by @​majiayu000 in #​3173
• fix: Ensure Toolhive Errors are Wrapped According to Docs by @​majiayu000 in #​3171
• cli: rename thv restart → thv start (add restart alias) by @​mohamedfawas in #​3151

New Contributors

• @​AlankarJagtap made their first contribution in #​3126
• @​triepod-ai made their first contribution in #​3167
• @​majiayu000 made their first contribution in #​3164

Full Changelog: stacklok/toolhive@v0.6.15...v0.6.16

v0.6.15

Compare Source

What's Changed

• Add OAuth/OIDC auth config to MCPRegistry CRD by @​blkt in #​3057
• adds slack alert for failed toolhive releases by @​ChrisJBurns in #​3086
• Update slackapi/slack-github-action action to v2.1.1 by @​renovate[bot] in #​3087

Full Changelog: stacklok/toolhive@v0.6.14...v0.6.15

v0.6.14

Compare Source

What's Changed

• Composite Tools Support Structured Content by @​jerm-dro in #​3009
• Adds PostgreSQL pgpass file support to the MCPRegistry operator by @​ChrisJBurns in #​2996
• includes vmcp in the images to update for toolhive by @​ChrisJBurns in #​3059
• Update toolhive images to v0.6.13 by @​renovate[bot] in #​3015
• Update registry from toolhive-registry release v2025.12.16 by @​github-actions[bot] in #​3065
• Add audit logging for composite workflow execution by @​yrobla in #​3011
• debugging test flakes by @​jerm-dro in #​3028
• FIX stdio URL bug with proxyMode by @​slyt3 in #​2935
• CompositeTools: fromJson function for manipulating text by @​jerm-dro in #​3063
• Add test for user identity capture in vMCP audit logs by @​yrobla in #​3029
• Add integration tests for audit log JSON output to files by @​yrobla in #​3033
• Fix YAML docs by @​jerm-dro in #​3070
• Update anthropics/claude-code-action digest to d7b6d50 by @​renovate[bot] in #​3072
• Bumps the registry to v1.4.0 by @​rdimitrov in #​3073
• Update registry from toolhive-registry release v2025.12.17 by @​github-actions[bot] in #​3080
• Fix inaccuracies in audit docs by @​jhrozek in #​3075
• fix(oauth): include refresh_token grant type in DCR requests by @​fredericlefeurmou in #​3076
• Fix Squid proxy crash loop on container restart by @​carlos-gn in #​3022
• fix: update workload status when health check fails for remote MCP servers by @​fredericlefeurmou in #​3077

New Contributors

• @​fredericlefeurmou made their first contribution in #​3076

Full Changelog: stacklok/toolhive@v0.6.13...v0.6.14

v0.6.13

Compare Source

What's Changed

• Bump operator versions by @​rdimitrov in #​3017
• Deprecate SSE proxy mode for stdio transport by @​carlos-gn in #​3008
• Composite Tools Supports DefaultResults for Skippable Steps by @​jerm-dro in #​3006
• Optimize VirtualMCP e2e test performance by @​yrobla in #​3012
• Update actions/cache digest to 9255dc7 by @​renovate[bot] in #​3019
• Remove RetryOnConflict Logic in Favour of Controller-Level Backoff by @​ChrisJBurns in #​3020
• Refactors ConfigMap management in the Operator to use reusable configmaps package by @​ChrisJBurns in #​3021
• Attempt to Deflake vMCP Tests by @​jerm-dro in #​3024
• Update registry from toolhive-registry release v2025.12.13 by @​github-actions[bot] in #​3026
• Update GitHub Artifact Actions (major) by @​renovate[bot] in #​3023
• Update registry from toolhive-registry release v2025.12.14 by @​github-actions[bot] in #​3027
• Update kindest/node Docker tag to v1.34.2 by @​renovate[bot] in #​3025
• add documentation for virtualmcp by @​yrobla in #​2931
• Temporarily skip flaky e2e tests by @​eleftherias in #​3037
• Fix workload restart API by using background context by @​eleftherias in #​3034
• Fix client registration by not skipping workloads by @​eleftherias in #​3035

Full Changelog: stacklok/toolhive@v0.6.12...v0.6.13

v0.6.12

Compare Source

What's Changed

• Update alpine Docker tag to v3.23.0 by @​renovate[bot] in #​2882
• Update registry from toolhive-registry release v2025.12.04 by @​github-actions[bot] in #​2886
• fix vmcp crd don't reconcile after podtemplatespec changes by @​yrobla in #​2817
• Require explicit authentication configuration in VirtualMCPServer by @​yrobla in #​2865
• validate that group membership changes trigger reconciliation by @​yrobla in #​2866
• Update module github.com/spf13/cobra to v1.10.2 by @​renovate[bot] in #​2887
• Bump the operator versions by @​rdimitrov in #​2889
• Revert "Update alpine Docker tag to v3.23.0" by @​rdimitrov in #​2894
• fix mcp controller and test status propagation by @​yrobla in #​2823
• Update module github.com/mark3labs/mcp-go to v0.43.2 by @​renovate[bot] in #​2892
• use status manager and constants on podtemplatespec reconciliation by @​yrobla in #​2888
• Fix legacy registry schema ID and file references by @​danbarr in #​2880
• Return error when custom registry is unreachable by @​JAORMX in #​2879
• Drop any code which writes to PID files by @​dmjb in #​2899
• Gracefully Shutdown Foreground Server on Interrupt by @​jerm-dro in #​2863
• Bump the registry-server version in the operator by @​rdimitrov in #​2904
• Fix VirtualMCPServer controller to check PodReady condition by @​JAORMX in #​2901
• Refactor CRD Telemetry Config Conversion for Reusability by @​jerm-dro in #​2908
• Update MCP protocol expert agent to spec 2025-11-25 by @​JAORMX in #​2911
• add validation tests to detect invalid configs by @​yrobla in #​2896
• Update registry from toolhive-registry release v2025.12.05 by @​github-actions[bot] in #​2912
• Implement CompositeToolRefs resolution in VirtualMCPServer converter by @​amirejaz in #​2885
• Fix: Added path configuration to registry server by @​dmartinol in #​2794
• Fix vMCP podTemplateSpec when only pod-level settings is applied by @​jhrozek in #​2897
• Update module github.com/lestrrat-go/httprc/v3 to v3.0.2 by @​renovate[bot] in #​2913
• Revert "Gracefully Shutdown Foreground Server on Interrupt (#​2863)" by @​dmjb in #​2916
• add examples of configuration for virtualmcp by @​yrobla in #​2900
• Disable failing vMCP test for k8s by @​dmjb in #​2919
• Ensure PID files are cleaned up after migration by @​dmjb in #​2905
• Move regex compilation to package-level variable in virtualmcpserver_controller #issue-2874 by @​deepika1214 in #​2875
• fixes generation of manifests via kubebuilder by @​eleftherias in #​2924
• Update module github.com/go-git/go-billy/v5 to v5.7.0 by @​renovate[bot] in #​2933
• Remove tool type column and rename created at to created in the thv list by @​carlos-gn in #​2917
• Update helm/kind-action digest to 2cd8ada by @​renovate[bot] in #​2937
• Add build auth file injection for protocol builds by @​JAORMX in #​2909
• Default anonymous authentication by @​dmartinol in #​2914
• adds permission for claude to make content write changes by @​ChrisJBurns in #​2925
• Add log level configuration support to VirtualMCPServer by @​4t8dd in #​2837
• Update module golang.org/x/sys to v0.39.0 by @​renovate[bot] in #​2943
• Gracefully Shutdown Foreground Server on Interrupt by @​jerm-dro in #​2927
• Instrument vMCP and Document o11y Configuration by @​jerm-dro in #​2906
• Validate ValidationStatus of referenced CompositeToolRefs by @​amirejaz in #​2944
• Fix logic bug in WaitForPodsReady that incorrectly reports pods as ready by @​slyt3 in #​2898
• Populate remote workload metadata in GetWorkload by @​carlos-gn in #​2929
• Update module golang.ngrok.com/ngrok/v2 to v2.1.1 by @​renovate[bot] in #​2928
• fix and test mcptoolconfig for vmcp by @​yrobla in #​2891
• Update module golang.org/x/mod to v0.31.0 by @​renovate[bot] in #​2952
• Add unauthenticated and headerinjection auth strategy to MCPExternalAuthConfig by @​yrobla in #​2915
• Use autoupdate github action to auto update all PRs. by @​dmjb in #​2958
• Bump the registry-server version in the operator to v0.4.2 by @​rdimitrov in #​2959
• Update kyverno/action-install-chainsaw action to v0.2.14 by @​renovate[bot] in #​2939
• Warn users about affected workloads when updating or deleting secrets by @​JAORMX in #​2945
• Update module golang.org/x/term to v0.38.0 by @​renovate[bot] in #​2965
• Update module github.com/onsi/gomega to v1.38.3 by @​renovate[bot] in #​2947
• Add design proposal for K8s-aware vMCP with dynamic backend discovery by @​jhrozek in #​2884
• Update module golang.org/x/oauth2 to v0.34.0 by @​renovate[bot] in #​2940
• Update peter-evans/create-pull-request digest to 22a9089 by @​renovate[bot] in #​2926
• Update module golang.org/x/sync to v0.19.0 by @​renovate[bot] in #​2942
• Add vulnerability exclusion support to govulncheck workflow by @​jhrozek in #​2972
• Bump the operator versions by @​rdimitrov in #​2974
• Update peter-evans/create-pull-request action to v8 by @​renovate[bot] in #​2973
• Update golang.org/x/exp/jsonrpc2 digest to 8475f28 by @​renovate[bot] in #​2966
• Fix VirtualMCPServer reconciliation for discovered auth config updates by @​yrobla in #​2957
• add test for composite workflow by reference by @​yrobla in #​2956
• Update module github.com/onsi/ginkgo/v2 to v2.27.3 by @​renovate[bot] in #​2946
• Update anthropics/claude-code-action digest to f0c8eb2 by @​renovate[bot] in #​2969
• Update module golang.org/x/net to v0.48.0 by @​renovate[bot] in #​2963
• Update kubernetes packages to v0.34.3 by @​renovate[bot] in #​2977
• Update anchore/sbom-action action to v0.20.11 by @​renovate[bot] in #​2975
• Add audit middleware to vMCP server by @​yrobla in #​2981
• Add OnDecline and OnCancel handlers for workflow steps by @​yrobla in #​2961
• Add configurable scopes to the auth info handler and expose them through CLI by @​jhrozek in #​2982
• Update opentelemetry-go monorepo by @​renovate[bot] in #​2967
• vMCP: Composite Tools supports non-string Arguments by @​jerm-dro in #​2971
• enable CRD upgrades via Helm with feature flags by @​ChrisJBurns in #​2809
• adds reusable Kubernetes secrets functionality in Operator by @​ChrisJBurns in #​2991
• Pass debug flag to detached process restart command by @​carlos-gn in #​2992
• Remove redundant ToolType field from Workload by @​carlos-gn in #​2932
• Add scopes field to MCPServer CRD for OIDC config by @​jhrozek in #​2988
• Update module github.com/sigstore/sigstore-go to v1.1.4 by @​renovate[bot] in #​2990
• Remove autoupdate for now by @​dmjb in #​3002
• Wire up audit config to vMCP CLI by @​yrobla in #​2987
• adds reusable Kubernetes configmap functionality in Operato for C/R/U actions by @​ChrisJBurns in #​2997
• Update registry from toolhive-registry release v2025.12.11 by @​github-actions[bot] in #​2930
• Consolidate and fix VirtualMCP E2E tests by @​yrobla in #​2978
• Simplify the registry auto-detection by @​rdimitrov in #​2976
• Wire scopes through VirtualMCPServer to auth middleware by @​jhrozek in #​3005
• Enable MCPRemoteProxy discovery in MCPGroup and VirtualMCPServer by @​amirejaz in #​2970
• Add backend routing capture to vMCP audit logs by @​yrobla in #​2983
• Update registry from toolhive-registry release v2025.12.12 by @​github-actions[bot] in #​3010
• Update actions/cache action to v5 by @​renovate[bot] in #​3007
• Vmcp rbac mcpremoteproxies by @​amirejaz in #​3013

New Contributors

• @​deepika1214 made their first contribution in #​2875
• @​carlos-gn made their first contribution in #​2917
• @​slyt3 made their first contribution in #​2898

Full Changelog: stacklok/toolhive@v0.6.11...v0.6.12

v0.6.11

Compare Source

Headline changes:

• Include ping checks for remote workloads.
• Allow build envs to include secrets from the secrets manager and environment variables on the host.

What's Changed

• Add Debug Logs for thv run Server Location by @​jerm-dro in #​2834
• bumps toolhive operator and registry api images by @​ChrisJBurns in #​2842
• Update actions/checkout digest to 8e8c483 by @​renovate[bot] in #​2844
• Implement ExternalAuthConfig discovery for VirtualMCPServer backends by @​amirejaz in #​2726
• upgrade go to 1.25.5 to fix GO-2025-4155 by @​ChrisJBurns in #​2846
• Update registry from toolhive-registry release v2025.12.03 by @​github-actions[bot] in #​2862
• Update golangci/golangci-lint-action action to v9.2.0 by @​renovate[bot] in #​2861
• Split out podTemplateBuilder to be reusable and cover with integration tests by @​jhrozek in #​2840
• Fix VirtualMCPServer OIDC configuration by implementing OIDCConfigurable interface by @​jhrozek in #​2821
• Refactor vMCP e2e tests to extract common helpers by @​jhrozek in #​2839
• Update build-env proposal with secure credential handling by @​JAORMX in #​2859
• Use gopkg.in/yaml.v3 not v2 by @​JAORMX in #​2868
• Change pinging logic for remote workloads by @​dmjb in #​2872
• Add --from-secret and --from-env flags to set-build-env by @​JAORMX in #​2860
• Display custom metadata in registry info text output by @​JAORMX in #​2871
• Use ubuntu-slim runner for lightweight CI jobs by @​JAORMX in #​2869
• List workloads once to ensure consistency by @​amirejaz in #​2867

New Contributors

• @​jerm-dro made their first contribution in #​2834

Full Changelog: stacklok/toolhive@v0.6.10...v0.6.11

v0.6.10

Compare Source

What's Changed

• Update toolhive images to v0.6.9 and registry server to v0.3.1 by @​renovate[bot] in #​2737
• Update registry from toolhive-registry release v2025.11.29 by @​github-actions[bot] in #​2808
• Make client_secret_env optional in vMCP OIDC config by @​jhrozek in #​2803
• Remove tokenCache documentation and examples by @​jhrozek in #​2801
• Update registry from toolhive-registry release v2025.11.30 by @​github-actions[bot] in #​2810
• Update module github.com/olekukonko/tablewriter to v1.1.2 by @​renovate[bot] in #​2812
• Add vMCP image to operator-deploy-local task by @​jhrozek in #​2802
• Update registry from toolhive-registry release v2025.12.01 by @​github-actions[bot] in #​2814
• remove mixed mode to simplify vmcp operation by @​yrobla in #​2798
• Fix vMCP error on partially set operational config by @​jhrozek in #​2813
• fix lint problems on main by @​yrobla in #​2816
• fix: propagate identity for token exchange + add real integration tests by @​yrobla in #​2769
• add tests for validating conflict resolution by @​yrobla in #​2818
• Refactor/typed backend auth strategy by @​jhrozek in #​2797
• Centralize container image references in e2e tests by @​4t8dd in #​2819
• Make client_id optional in vMCP OIDC config by @​jhrozek in #​2822
• Add PVC source support for MCPRegistry by @​jonburdo in #​2719
• Add Output Schema Support to CompositeToolSpec CRD by @​tgrunnagle in #​2824
• Proposal: Kubernetes source type for registry server by @​JAORMX in #​2829
• adds kubernetes registry config for registry server by @​ChrisJBurns in #​2830
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.1-1764604111 by @​renovate[bot] in #​2828
• Update anthropics/claude-code-action digest to 6337623 by @​renovate[bot] in #​2827
• Update registry from toolhive-registry release v2025.12.02 by @​github-actions[bot] in #​2833
• Add support for Zed client by @​eleftherias in #​2836
• Add vMCP e2e tests for tool overrides and composite workflows by @​JAORMX in #​2826
• add RBAC resources for MCPRegistry API server by @​ChrisJBurns in #​2832

New Contributors

• @​jonburdo made their first contribution in #​2719

Full Changelog: stacklok/toolhive@v0.6.9...v0.6.10

v0.6.9

Compare Source

🚀 Toolhive v0.6.9 is live!

This release brings enhancements to MCP workflows, better registry customization, and improved developer experience across the board.

MCP & Workflows
• Smart transport auto-detection makes thv mcp commands easier to use
• Standard JSON Schema format now used for composite tool parameters
• Added RetryDelay to error handling in WorkflowStep CRD for more resilient workflows
• Extracted MCP client setup into reusable CreateInitializedMCPClient helper
• E2E tests now use mcp.LATEST_PROTOCOL_VERSION for better compatibility
• Removed token cache from vMCP for cleaner authentication flow

Registry & Deployment
• Registry server can now be configured with custom database connection details
• New podTemplateSpec field in MCPRegistry CRD lets you fully customize registry API deployments
• MergePodTemplateSpecs utility added for cleaner pod template composition
• Updated registry from toolhive-registry release v2025.11.28

Tool Filtering & Configuration
• New ExcludeAll option provides more flexible tool filtering controls
• Better error handling throughout vMCP code (replaced utilruntime.Must with proper error checks)
• Minor fixe

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
github.com/cedar-policy/cedar-go	v1.3.0 -> v1.3.1
golang.org/x/exp/jsonrpc2	v0.0.0-20251113190631-e25ba8c21ef6 -> v0.0.0-20251125195548-87e1e737ad39

[github-actions]

🔒 MCP Security Scan Results

✅ adb-mysql-mcp-server

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ agentql-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ arxiv-mcp-server

• Status: Passed
• Tools scanned: 4
• Result: No security issues detected

✅ astra-db-mcp

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ aws-diagram

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ aws-documentation

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ blender-mcp

• Status: Passed
• Tools scanned: 21
• Result: No security issues detected

✅ brightdata-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ browserbase-mcp-server

• Status: Passed
• Tools scanned: 9
• Result: No security issues detected

✅ chroma-mcp

• Status: Passed
• Tools scanned: 13
• Result: No security issues detected

✅ chrome-devtools-mcp

• Status: Passed
• Tools scanned: 26
• Result: No security issues detected

✅ context7

• Status: Passed
• Tools scanned: 2
• Result: No security issues detected

✅ graphlit-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ heroku-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ ida-pro-mcp

• Status: Passed
• Tools scanned: 48
• Result: No security issues detected

✅ launchdarkly-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ magic-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-clickhouse

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ mcp-jetbrains

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-aura-manager

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-cypher

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ mcp-neo4j-memory

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-box

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-circleci

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ mcp-server-neon

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ netbird

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ notion

• Status: Passed
• Tools scanned: 21
• Result: No security issues detected

✅ onchain-mcp

• Status: Passed
• Tools scanned: 10
• Result: No security issues detected

✅ pagerduty-mcp

• Status: Passed
• Tools scanned: 38
• Result: No security issues detected

✅ phoenix-mcp

• Status: Passed
• Tools scanned: 19
• Result: No security issues detected

✅ playwright-mcp

• Status: Passed
• Tools scanned: 22
• Result: No security issues detected

✅ sentry-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ supabase-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ tavily-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

---

Summary: Scanned 34 MCP server(s), all passed security checks. ✅

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 39 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.3 -> 1.25.5
github.com/cedar-policy/cedar-go	v1.3.0 -> v1.4.0
github.com/lestrrat-go/httprc/v3	v3.0.1 -> v3.0.3
github.com/mark3labs/mcp-go	v0.43.1 -> v0.43.2
github.com/modelcontextprotocol/registry	v1.3.10 -> v1.4.0
github.com/prometheus/common	v0.66.1 -> v0.67.4
github.com/prometheus/otlptranslator	v0.0.2 -> v1.0.0
github.com/prometheus/procfs	v0.17.0 -> v0.19.2
go.opentelemetry.io/otel	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/exporters/prometheus	v0.60.0 -> v0.61.0
go.opentelemetry.io/otel/metric	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/sdk	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/sdk/metric	v1.38.0 -> v1.39.0
go.opentelemetry.io/otel/trace	v1.38.0 -> v1.39.0
go.opentelemetry.io/proto/otlp	v1.8.0 -> v1.9.0
go.yaml.in/yaml/v2	v2.4.2 -> v2.4.3
golang.ngrok.com/ngrok/v2	v2.1.0 -> v2.1.1
golang.org/x/crypto	v0.45.0 -> v0.46.0
golang.org/x/exp/event	v0.0.0-20251023183803-a4bb9ffd2546 -> v0.0.0-20251125195548-87e1e737ad39
golang.org/x/exp/jsonrpc2	v0.0.0-20251113190631-e25ba8c21ef6 -> v0.0.0-20251219203646-944ab1f22d93
golang.org/x/mod	v0.30.0 -> v0.31.0
golang.org/x/net	v0.47.0 -> v0.48.0
golang.org/x/oauth2	v0.33.0 -> v0.34.0
golang.org/x/sync	v0.18.0 -> v0.19.0
golang.org/x/sys	v0.38.0 -> v0.40.0
golang.org/x/term	v0.37.0 -> v0.38.0
golang.org/x/text	v0.31.0 -> v0.32.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250929231259-57b25ae835d4 -> v0.0.0-20251202230838-ff82c1b0f217
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251103181224-f26f9409b101 -> v0.0.0-20251202230838-ff82c1b0f217
google.golang.org/grpc	v1.76.0 -> v1.77.0
gopkg.in/evanphx/json-patch.v4	v4.12.0 -> v4.13.0
k8s.io/api	v0.34.2 -> v0.35.0
k8s.io/apimachinery	v0.34.2 -> v0.35.0
k8s.io/client-go	v0.34.2 -> v0.35.0
k8s.io/kube-openapi	v0.0.0-20250710124328-f3f2b991d03b -> v0.0.0-20250910181357-589584f1c912
k8s.io/utils	v0.0.0-20251002143259-bc988d571ff4 -> v0.0.0-20260106112306-0fe9cd71b2f8
sigs.k8s.io/json	v0.0.0-20241014173422-cfa47c3a1cc8 -> v0.0.0-20250730193827-2d320260d730

[JAORMX]

Minor version update for toolhive (v0.6.7 → v0.6.17). Includes bearer token auth support, dynamic registry improvements, and error handling enhancements. Core dependency, well-tested upstream.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.