Update stacklok/toolhive to v0.29.3#930
Conversation
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Claude finished @renovate[bot]'s task in 10m 41s —— View job Upstream release docs: toolhive v0.29.1 → v0.29.3Pushed
Hand-written edits
Auto-regenerated (no hand-edit required)The release's other user-facing changes surface through the auto-synced reference assets in this PR:
Items with no docs displacement
|
Surface the MCPRegistry CRD deprecation (stacklok/toolhive#5470) in: - Registry Server quickstart, steering new long-lived deployments to the toolhive-registry-server Helm chart - MCPRegistry CRD reference intro and landing-page summary - Operator deploy guide's crds.install.registry row The unauthenticated-proxy SECURITY note (stacklok/toolhive#5488) and the Redis Cluster TLS description tweak surface automatically via the regenerated CRD schemas; no hand-edit needed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Claude finished @renovate[bot]'s task in 3m 31s —— View job Editorial review of v0.29.3 docs editsPushed
Edit applied
The destination page's title is "Deploy the Registry Server", and every other reference to that page in Findings left as-is
Branch · |
This PR contains the following updates:
v0.29.1→v0.29.3After this PR opens,
.github/workflows/upstream-release-docs.ymladds source-verified content edits for the new release. Forstacklok/toolhive, the same workflow also syncs reference assets (CLI help, Swagger) and regenerates the CRD MDX pages.Release Notes
stacklok/toolhive (stacklok/toolhive)
v0.29.3Compare Source
🚀 Toolhive v0.29.3 is live!
A small maintenance release that makes ToolHive's unauthenticated proxy default visible — surfacing it in logs and docs in response to GHSA-hfrv-94x5-85p2 — alongside internal release-tooling automation. No breaking changes and no behavioral changes to existing deployments.
🐛 Bug Fixes
MCPServer,MCPRemoteProxy, standalone CLI, or vMCP running withoutOIDCConfigRef(or any other auth source) now emits aWarn-level log stating that every request is forwarded under a synthetic local-user identity with no credential check, and the README/CRD docs are corrected to describe identity enforcement as conditional on configuring an authentication source — the unauthenticated default itself is unchanged (#5488)🧹 Misc
📦 Dependencies
github.com/stacklok/toolhive-catalogFull commit log
What's Changed
Full Changelog: stacklok/toolhive@v0.29.2...v0.29.3
🔗 Full changelog: stacklok/toolhive@v0.29.2...v0.29.3
What's Changed
Full Changelog: stacklok/toolhive@v0.29.2...v0.29.3
v0.29.2Compare Source
🚀 Toolhive v0.29.2 is live!
A hardening-focused patch release: two security fixes, an operator-chart regression safety net via helm-unittest, an OTLP header delivery fix, an OAuth public-client TTL fix, continued vMCP New/Serve refactor scaffolding, and the deprecation of the
MCPRegistryCRD.🔄 Deprecations
MCPRegistryCRD deprecated in favour of thetoolhive-registry-serverHelm chart — the CRD remains fully functional but now emits akubectldeprecation warning and an operatorWarningevent; it will be removed in a future release (#5470)🐛 Bug Fixes
invalid_clientfailures (#5469)OTEL_EXPORTER_OTLP_HEADERSare no longer silently dropped on thePOST /api/v1/workloadspath, so collectors requiring an auth header now receive telemetry ([#5474]#5474))operator.serviceAccount.namein the operator Helm chart no longer breaks the deployment — every reference now routes through the sameserviceAccountNamehelper (#5476)LocalStore.getFilePathso state-store file operations can no longer escape the base directory (#5464, Fixes [#4736]#4736))X-Content-Type-Options: nosniffandCross-Origin-Resource-Policy: same-originsecurity headers to everythvREST API response (#5458)🧹 Misc
VMCPconstructor (#5457), added theServetransport skeleton andServerConfig(#5467), wired the Cedar admission seam into the core so list and call enforce one shared decision (#5459), moved the SDK hooks and two-phase session creation underServe(#5471), and domain-typed the elicitation seam (#5456) — all additive, withserver.Newbehavior unchanged📦 Dependencies
github.com/stacklok/toolhive-coregolang.org/x/exp/jsonrpc2055de63github/codeql-action8aad20danthropics/claude-code-actionfbda2ebWhat's Changed
055de63by @renovate[bot] in #54638aad20dby @renovate[bot] in #5462fbda2ebby @renovate[bot] in #5460🔗 Full changelog: stacklok/toolhive@v0.29.1...v0.29.2
New Contributors
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
Docs update for
toolhivev0.29.3At a glance
stacklok/toolhivev0.29.1→v0.29.3Summary of changes
docs/toolhive/guides-registry/quickstart.mdx, steering new long-lived deployments to the toolhive-registry-server Helm chart (stacklok/toolhive#5470).MCPRegistryCRD reference intro inscripts/lib/crd-intros.mjsand the regenerateddocs/toolhive/reference/crds/mcpregistry.mdxto lead with a deprecation admonition pointing at the Helm chart (stacklok/toolhive#5470).docs/toolhive/reference/crds/index.mdx) to flag the deprecation in the index listing.crds.install.registryrow indocs/toolhive/guides-k8s/deploy-operator.mdxto flag MCPRegistry as deprecated where the CRD install toggle is documented.Run cost
How this PR was built
Two Claude Opus sessions run per release: a generation pass
(
upstream-release-docsskill, 6 phases) followed by a fresh-context editorial pass (
docs-review). Prettier/ESLintauto-fixes are applied after.
Auto-synced paths — do not hand-edit these in review:
docs/toolhive/reference/cli/docs/toolhive/reference/crds/static/api-specs/If a "Gaps needing human context" section is present above,
each entry includes a paste-ready Helper prompt for local
Claude a reviewer can use to resolve the gap.