deps: upgrade modelcontextprotocol/go-sdk to v1.5.0#2336
Merged
SamMorrowDrums merged 3 commits intomainfrom Apr 15, 2026
Merged
deps: upgrade modelcontextprotocol/go-sdk to v1.5.0#2336SamMorrowDrums merged 3 commits intomainfrom
SamMorrowDrums merged 3 commits intomainfrom
Conversation
Upgrade the MCP Go SDK from v1.3.1-0.20260220105450-b17143f71798 (pseudo-version) to v1.5.0 (latest stable). This also resolves #2333, as the SDK now correctly handles Content-Type headers with MIME parameters (e.g. charset=utf-8) via mime.ParseMediaType in StreamableHTTPHandler (added in v1.4.1). Transitive dependency updates: - go directive: 1.24.0 → 1.25.0 (required by SDK) - golang.org/x/oauth2: v0.34.0 → v0.35.0 - golang.org/x/sys: v0.40.0 → v0.41.0 - segmentio/encoding: v0.5.3 → v0.5.4 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Auto-generated by license-check workflow
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades the modelcontextprotocol/go-sdk dependency to a stable release to resolve Content-Type validation issues seen by some MCP clients (e.g., application/json; charset=utf-8) and to drop reliance on a pinned pseudo-version.
Changes:
- Bump
github.com/modelcontextprotocol/go-sdkfrom a pseudo-version tov1.5.0. - Update the module
godirective to1.25.0and refresh transitive dependencies ingo.sum.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Upgrades MCP go-sdk requirement and updates the module Go version to 1.25.0. |
| go.sum | Updates checksums for the new SDK version and transitive dependency bumps. |
Copilot's findings
- Files reviewed: 5/6 changed files
- Comments generated: 1
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
Hi @SamMorrowDrums when do we expect this to roll out? We have been getting customer tickets on 415 error. Thanks |
Collaborator
Author
|
Should be shipping today! |
|
I am still experiencing this at this moment on https://api.githubcopilot.com/mcp. Should I wait a bit longer? |
|
Just to help those eager to restart interacting with the github mcp, i'm adding this reproducer. Run as: export GITHUB_TOKEN=$(gh auth token)
uv run --with httpx python mcp_reproducer.pyimport httpx
import sys
import os
def reproduce():
# To run this, you need a valid GitHub Installation Token or PAT
token = os.environ.get("GITHUB_TOKEN")
if not token:
print("Error: Please set GITHUB_TOKEN environment variable.")
sys.exit(1)
url = "https://api.githubcopilot.com/mcp"
# This payload follows the MCP JSON-RPC 2.0 spec
payload = {
"jsonrpc": "2.0",
"method": "tools/list",
"id": 1
}
print(f"Target URL: {url}")
print("-" * 50)
# 1. SUCCESS CASE: Exact header
print("Test 1: Content-Type: application/json (Expected: 200 OK)")
headers_ok = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json",
"Accept": "application/json, text/event-stream"
}
try:
r1 = httpx.post(url, headers=headers_ok, json=payload)
print(f"Result: {r1.status_code} {r1.reason_phrase}")
if r1.status_code != 200:
print(f"Body: {r1.text}")
except Exception as e:
print(f"Error: {e}")
print("-" * 50)
# 2. FAILURE CASE: With charset parameter
print("Test 2: Content-Type: application/json; charset=utf-8 (Expected: Failure if bug persists)")
headers_fail = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json; charset=utf-8",
"Accept": "application/json, text/event-stream"
}
try:
r2 = httpx.post(url, headers=headers_fail, json=payload)
print(f"Result: {r2.status_code} {r2.reason_phrase}")
if r2.status_code == 415:
print("Reproduced: Server strictly requires 'application/json' and rejects parameters.")
print(f"Server Message: {r2.text}")
elif r2.status_code == 200:
print("Fixed: Server now accepts the charset parameter.")
except Exception as e:
print(f"Error: {e}")
if __name__ == "__main__":
reproduce() |
Collaborator
Author
|
Thank you for confirming, I will check and we can add back a middleware for this if we need to, that's unfortunate. |
Collaborator
Author
|
Reopened #2333 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Upgrade the MCP Go SDK from
v1.3.1-0.20260220105450-b17143f71798(pseudo-version) to v1.5.0 (latest stable).Fixes #2333
Why
The pinned pseudo-version predates go-sdk v1.4.1, which introduced Content-Type validation in
StreamableHTTPHandler. That validation already usesmime.ParseMediaTypeto correctly handleContent-Type: application/json; charset=utf-8, so the middleware proposed in #2334 is unnecessary with this upgrade.What changed
go.mod/go.sum: bumpedmodelcontextprotocol/go-sdkto v1.5.0godirective 1.24→1.25,golang.org/x/oauth2,golang.org/x/sys,segmentio/encodingValidation
go build ./...✅script/test✅ (all tests pass)script/lint✅ (0 issues)