fix(deps): update module github.com/stacklok/toolhive to v0.6.9

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/toolhive	v0.6.7 -> v0.6.9

---

Release Notes

stacklok/toolhive (github.com/stacklok/toolhive)

v0.6.9

Compare Source

🚀 Toolhive v0.6.9 is live!

This release brings enhancements to MCP workflows, better registry customization, and improved developer experience across the board.

MCP & Workflows
• Smart transport auto-detection makes thv mcp commands easier to use
• Standard JSON Schema format now used for composite tool parameters
• Added RetryDelay to error handling in WorkflowStep CRD for more resilient workflows
• Extracted MCP client setup into reusable CreateInitializedMCPClient helper
• E2E tests now use mcp.LATEST_PROTOCOL_VERSION for better compatibility
• Removed token cache from vMCP for cleaner authentication flow

Registry & Deployment
• Registry server can now be configured with custom database connection details
• New podTemplateSpec field in MCPRegistry CRD lets you fully customize registry API deployments
• MergePodTemplateSpecs utility added for cleaner pod template composition
• Updated registry from toolhive-registry release v2025.11.28

Tool Filtering & Configuration
• New ExcludeAll option provides more flexible tool filtering controls
• Better error handling throughout vMCP code (replaced utilruntime.Must with proper error checks)
• Minor fixes for retryDelay handling improve reliability

Testing & Quality
• Added vMCP E2E tests using yardstick MCP server
• Proposal naming validation now only checks new files, reducing false positives

Infrastructure
• Updated docker/metadata-action to v5.10.0

👋 Welcome to our newest contributors @​ignorant05 and @​4t8dd! 🥳

🔗 Full changelog: stacklok/toolhive@v0.6.8...v0.6.9

What's Changed

• Update docker/metadata-action action to v5.10.0 by @​renovate[bot] in #​2760
• adds MergePodTemplateSpecs that merges podTemplateSpecs by @​ChrisJBurns in #​2770
• Use standard JSON Schema format for VMCP composite tool parameters by @​JAORMX in #​2651
• Fix proposal naming validation to only check new files by @​JAORMX in #​2788
• Update registry from toolhive-registry release v2025.11.28 by @​github-actions[bot] in #​2791
• Replace utilruntime.Must with proper error handling in vMCP code by @​JAORMX in #​2787
• Add smart transport auto-detection for thv mcp commands by @​JAORMX in #​2790
• Add vmcp e2e tests using yardstick MCP server by @​JAORMX in #​2778
• Enhancement: Added ExcludeAll option for toll filtering by @​ignorant05 in #​2789
• Use mcp.LATEST_PROTOCOL_VERSION in E2E tests by @​jhrozek in #​2793
• Add RetryDelay to ErrorHandling in WorkflowStep CRD by @​JAORMX in #​2776
• adds podTemplateSpec field to MCPRegistry CRD that allows user to customise registry api deployment by @​ChrisJBurns in #​2777
• Extract MCP client setup to CreateInitializedMCPClient helper by @​jhrozek in #​2796
• Two minor fixes for vMCP retryDelay handling by @​jhrozek in #​2795
• Issue 2680 by @​4t8dd in #​2757
• fix: remove tokencache from vmcp by @​yrobla in #​2799
• adds ability to configure database details for registry server by @​ChrisJBurns in #​2800

New Contributors

• @​ignorant05 made their first contribution in #​2789
• @​4t8dd made their first contribution in #​2757

Full Changelog: stacklok/toolhive@v0.6.8...v0.6.9

v0.6.8

Compare Source

What's Changed

• Add OAuth authorization server fallback for registration endpoint discovery by @​amirejaz in #​2711
• Add schema test ensuring the correct version by @​rdimitrov in #​2738
• Update registry from toolhive-registry release v2025.11.26 by @​github-actions[bot] in #​2739
• Add build environment configuration and validation by @​JAORMX in #​2740
• Add header injection authentication support by @​yrobla in #​2730
• fix: follow up for removing not needed value on secrets by @​yrobla in #​2744
• Remove redundant best_effort failure mode from composer by @​jhrozek in #​2746
• adds multi-configmap data source for registry by @​ChrisJBurns in #​2745
• removes unused registry helper functions by @​ChrisJBurns in #​2748
• Add new diagram to README by @​danbarr in #​2743
• Remove NewUpstreamRegistryFromUpstreamServers by @​rdimitrov in #​2752
• Update module github.com/cedar-policy/cedar-go to v1.3.1 by @​renovate[bot] in #​2751
• Update golang.org/x/exp/jsonrpc2 digest to 87e1e73 by @​renovate[bot] in #​2735
• Add CLI commands and template integration for build environment by @​JAORMX in #​2742
• adds dedicated podtemplatespec builder for registry server deployment by @​ChrisJBurns in #​2754
• Update registry from toolhive-registry release v2025.11.27 by @​github-actions[bot] in #​2756
• Implement discovered mode for vMCP authentication by @​yrobla in #​2747
• Remove unimplemented pass_through auth strategy by @​jhrozek in #​2753
• fix: fail when discover of auth creds fail by @​yrobla in #​2758
• Remove local incoming auth type from operator CRDs by @​jhrozek in #​2759

Full Changelog: stacklok/toolhive@v0.6.7...v0.6.8

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
github.com/cedar-policy/cedar-go	v1.3.0 -> v1.3.1
golang.org/x/exp/jsonrpc2	v0.0.0-20251113190631-e25ba8c21ef6 -> v0.0.0-20251125195548-87e1e737ad39

[github-actions]

🔒 MCP Security Scan Results

✅ adb-mysql-mcp-server

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ agentql-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ arxiv-mcp-server

• Status: Passed
• Tools scanned: 4
• Result: No security issues detected

✅ astra-db-mcp

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ aws-diagram

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ aws-documentation

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ blender-mcp

• Status: Passed
• Tools scanned: 21
• Result: No security issues detected

✅ brightdata-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ browserbase-mcp-server

• Status: Passed
• Tools scanned: 9
• Result: No security issues detected

✅ chroma-mcp

• Status: Passed
• Tools scanned: 13
• Result: No security issues detected

✅ chrome-devtools-mcp

• Status: Passed
• Tools scanned: 26
• Result: No security issues detected

✅ context7

• Status: Passed
• Tools scanned: 2
• Result: No security issues detected

✅ graphlit-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ heroku-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ ida-pro-mcp

• Status: Passed
• Tools scanned: 48
• Result: No security issues detected

✅ launchdarkly-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ magic-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-clickhouse

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-jetbrains

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-aura-manager

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-cypher

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ mcp-neo4j-memory

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-box

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-circleci

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ mcp-server-neon

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ netbird

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ notion

• Status: Passed
• Tools scanned: 19
• Result: No security issues detected

✅ onchain-mcp

• Status: Passed
• Tools scanned: 10
• Result: No security issues detected

✅ phoenix-mcp

• Status: Passed
• Tools scanned: 19
• Result: No security issues detected

✅ playwright-mcp

• Status: Passed
• Tools scanned: 22
• Result: No security issues detected

✅ sentry-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ supabase-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ tavily-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

---

Summary: Scanned 33 MCP server(s), all passed security checks. ✅