Skip to content

build(deps): Bump mcp-contextforge-gateway from 1.0.0rc1 to 1.0.3#31

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/mcp-contextforge-gateway-1.0.3
Closed

build(deps): Bump mcp-contextforge-gateway from 1.0.0rc1 to 1.0.3#31
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/mcp-contextforge-gateway-1.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Contributor

Bumps mcp-contextforge-gateway from 1.0.0rc1 to 1.0.3.

Release notes

Sourced from mcp-contextforge-gateway's releases.

v1.0.3 - Auth & JWT Cleanup, Admin UI Fixes, FedRAMP/FIPS Hardening, and Bug Fixes

[1.0.3] - 2026-06-10 - Auth & JWT Cleanup, Admin UI Fixes, FedRAMP/FIPS Hardening, and Bug Fixes

Overview

Release 1.0.3 consolidates 61 PRs focused on authentication and JWT hardening, FedRAMP/FIPS compliance, rate-limiter and plugin improvements, performance/caching, and a broad set of bug fixes. This release cleans up the JWT token model, strengthens FIPS/STIG compliance, and improves multi-architecture builds and CI reliability:

  • 🔐 Security & Auth - JWT token cleanup (UUID-based subjects, JIT credential resolution), OAuth audience parameter support, CSRF cookie name standardization, same-origin cookie auth for OAuth callbacks, API-token idle-timeout handling, SSO callback redirect fixes, PII redaction in logs, and CA-cert validation handling for authless MCPs.
  • 🖥️ Admin UI - Alpine.js CSP migration and component consolidation, Teams panel loading fix, script-defer race-condition fix, SRI hash fixes, and plugin operator labels.
  • 🛡️ FedRAMP / FIPS Compliance - Opt-in FIPS compliance mode with parameterized base images, additional STIG controls, dotfile permission modes, and /app ownership adjustments.
  • 🧩 Plugins & Rate Limiting - Tightened plugin-bindings payload surface, dedicated Redis instance support for the rate limiter, CPEX plugin regression fixes and metadata resolution, and tool pre-invoke diagnostics.
  • ⚡ Performance & Caching - AuthCache full-team-object storage, token-revocation caching, team cache hardening, metrics aggregation throttling, and a faster Rust fast-test server.
  • 🏗️ Build & CI - Multi-architecture (s390x) wheels, merge-queue gates, FIPS-capable base images, container hardening, and node/Playwright CI fixes.
  • 🐛 Bug Fixes - Observability Resources tab, migration blockers, gateway CRUD REST API, DB CHECK-constraint ordering, edge-mode health convergence, and Streamable HTTP /mcp redirect handling.

Added

🔐 Security & Auth

  • 🎫 OAuth Audience Parameter (#4795) – Added OAuth audience parameter support for Atlassian and Auth0. Improves OAuth interoperability with providers that require an audience claim.
  • 🕵️ PII Redaction in Logs (#5013) – Redact PII from log output. Strengthens privacy and compliance posture.

🛡️ FedRAMP / FIPS Compliance

  • 🔒 Opt-in FIPS Compliance Mode (#4810) – Parameterized base images and added an opt-in FIPS compliance mode. Enables FedRAMP-aligned deployments.

🧩 Plugins & Rate Limiting

  • 🧪 Tool Pre-Invoke Diagnostics (#4937) – Added diagnostics for tool pre-invoke modified payloads. Improves plugin debugging.
  • 🚦 Separate Redis for Rate Limiter (#4859) – Enabled a dedicated Redis instance for the rate limiter. Isolates rate-limit state from the shared cache.

🏗️ Infrastructure

  • 📡 Redis Configuration Publisher (#4926) – Added a Redis-based configuration publisher for the experimental dataplane. Lays groundwork for distributed config propagation.

Changed

🔐 Security & Auth

  • 🎫 JWT Cleanup (#4816) – Removed unused data from JWT tokens, moved token subjects to user IDs (UUID), and resolved credentials just-in-time. Simplifies the token model and reduces token payload surface.
  • 🧩 Alpine.js CSP Build (#4676) – Migrated Alpine.js to the Vite-bundled @alpinejs/csp build and eliminated unsafe-eval. Strengthens Content Security Policy compliance.

🗄️ Database & API

  • 🔧 Admin Gateway CRUD REST Endpoints (#4808) – Added JSON support and RESTful endpoints for admin gateway CRUD operations. Improves API consistency and automation.

⚡ Performance & Caching

  • 👥 AuthCache Full Team Objects (#4550) – Store full team objects in AuthCache to eliminate a secondary DB query. Reduces auth hot-path latency.
  • 🎫 Token Revocation Caching (#4527) – Cache get_token_revocation / is_token_revoked to eliminate hot-path DB queries. Improves request throughput.

... (truncated)

Changelog

Sourced from mcp-contextforge-gateway's changelog.

[1.0.3] - 2026-06-10 - Auth & JWT Cleanup, Admin UI Fixes, FedRAMP/FIPS Hardening, and Bug Fixes

Overview

Release 1.0.3 consolidates 61 PRs focused on authentication and JWT hardening, FedRAMP/FIPS compliance, rate-limiter and plugin improvements, performance/caching, and a broad set of bug fixes. This release cleans up the JWT token model, strengthens FIPS/STIG compliance, and improves multi-architecture builds and CI reliability:

  • 🔐 Security & Auth - JWT token cleanup (UUID-based subjects, JIT credential resolution), OAuth audience parameter support, CSRF cookie name standardization, same-origin cookie auth for OAuth callbacks, API-token idle-timeout handling, SSO callback redirect fixes, PII redaction in logs, and CA-cert validation handling for authless MCPs.
  • 🖥️ Admin UI - Alpine.js CSP migration and component consolidation, Teams panel loading fix, script-defer race-condition fix, SRI hash fixes, and plugin operator labels.
  • 🛡️ FedRAMP / FIPS Compliance - Opt-in FIPS compliance mode with parameterized base images, additional STIG controls, dotfile permission modes, and /app ownership adjustments.
  • 🧩 Plugins & Rate Limiting - Tightened plugin-bindings payload surface, dedicated Redis instance support for the rate limiter, CPEX plugin regression fixes and metadata resolution, and tool pre-invoke diagnostics.
  • ⚡ Performance & Caching - AuthCache full-team-object storage, token-revocation caching, team cache hardening, metrics aggregation throttling, and a faster Rust fast-test server.
  • 🏗️ Build & CI - Multi-architecture (s390x) wheels, merge-queue gates, FIPS-capable base images, container hardening, and node/Playwright CI fixes.
  • 🐛 Bug Fixes - Observability Resources tab, migration blockers, gateway CRUD REST API, DB CHECK-constraint ordering, edge-mode health convergence, and Streamable HTTP /mcp redirect handling.

Added

🔐 Security & Auth

  • 🎫 OAuth Audience Parameter (#4795) – Added OAuth audience parameter support for Atlassian and Auth0. Improves OAuth interoperability with providers that require an audience claim.
  • 🕵️ PII Redaction in Logs (#5013) – Redact PII from log output. Strengthens privacy and compliance posture.

🛡️ FedRAMP / FIPS Compliance

  • 🔒 Opt-in FIPS Compliance Mode (#4810) – Parameterized base images and added an opt-in FIPS compliance mode. Enables FedRAMP-aligned deployments.

🧩 Plugins & Rate Limiting

  • 🧪 Tool Pre-Invoke Diagnostics (#4937) – Added diagnostics for tool pre-invoke modified payloads. Improves plugin debugging.
  • 🚦 Separate Redis for Rate Limiter (#4859) – Enabled a dedicated Redis instance for the rate limiter. Isolates rate-limit state from the shared cache.

🏗️ Infrastructure

  • 📡 Redis Configuration Publisher (#4926) – Added a Redis-based configuration publisher for the experimental dataplane. Lays groundwork for distributed config propagation.

Changed

🔐 Security & Auth

  • 🎫 JWT Cleanup (#4816) – Removed unused data from JWT tokens, moved token subjects to user IDs (UUID), and resolved credentials just-in-time. Simplifies the token model and reduces token payload surface.
  • 🧩 Alpine.js CSP Build (#4676) – Migrated Alpine.js to the Vite-bundled @alpinejs/csp build and eliminated unsafe-eval. Strengthens Content Security Policy compliance.

🗄️ Database & API

  • 🔧 Admin Gateway CRUD REST Endpoints (#4808) – Added JSON support and RESTful endpoints for admin gateway CRUD operations. Improves API consistency and automation.

⚡ Performance & Caching

  • 👥 AuthCache Full Team Objects (#4550) – Store full team objects in AuthCache to eliminate a secondary DB query. Reduces auth hot-path latency.
  • 🎫 Token Revocation Caching (#4527) – Cache get_token_revocation / is_token_revoked to eliminate hot-path DB queries. Improves request throughput.
  • 🦀 Rust Fast-Test Server Speedup (#5059) – Sped up the Rust fast-test server. Reduces benchmark/test cycle time.

... (truncated)

Commits
  • 65dcfe2 Release/v1.0.3 (#5159)
  • 84cb8d1 fix: Disable CA Cert validation on authless MCPs (#5075)
  • 7944992 fix: resolve teams panel not loading due to undefined getPaginationParams in ...
  • c6acf5c fix(ui): add defer attribute to script tags to prevent Alpine.js race conditi...
  • 6eb1ff7 fix(compose): repoint fast_test_server build context to renamed rust crate (#...
  • b1663bf removed extra spaces introduced in yaml files #4983 (#5120)
  • 285da49 perf: speed up rust fast-test server (#5059)
  • a798fdf fix(fedramp): keep /app group-owned by root so FIPS 0750 mode survives arbitr...
  • 9291a7d fix(sso): SSO callback redirect for non-admin users with team memberships (#4...
  • d6b9076 Add hashed version to external repositories installed in pre-commit (#4983)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump mcp-contextforge-gateway from 1.0.0rc1 to 1.0.3
4b86aef 
Bumps [mcp-contextforge-gateway](https://github.com/IBM/mcp-context-forge) from 1.0.0rc1 to 1.0.3.
- [Release notes](https://github.com/IBM/mcp-context-forge/releases)
- [Changelog](https://github.com/IBM/mcp-context-forge/blob/main/CHANGELOG.md)
- [Commits](IBM/mcp-context-forge@v1.0.0-RC1...v1.0.3)

---
updated-dependencies:
- dependency-name: mcp-contextforge-gateway
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 11, 2026
@dependabot dependabot Bot mentioned this pull request Jun 11, 2026
Closed
@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #32.

@dependabot dependabot Bot closed this Jun 24, 2026
@dependabot dependabot Bot deleted the dependabot/pip/mcp-contextforge-gateway-1.0.3 branch June 24, 2026 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants