chore(deps): update dependency @brightdata/mcp to v2.11.0#469
chore(deps): update dependency @brightdata/mcp to v2.11.0#469renovate[bot] wants to merge 1 commit into
Conversation
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
🔒 MCP Security Scan Results
|
a5747b8 to
f0ae7d1
Compare
3eddbeb to
674490c
Compare
|
@renovatebot rebase |
9172b66 to
69e9ae5
Compare
Triage: build-containers blocked by genuine upstream CVEsLocal Grype scan (DB 2026-04-27) of the 2.9.5 image surfaces these HIGH findings (severity-cutoff: high, only-fixed: true):
These are genuine upstream CVEs, not false positives. The fix requires Recommendation: Hold this bump until upstream brightdata-com/brightdata-mcp updates the MCP SDK pin. |
48a090d to
3bad57a
Compare
f64e5c5 to
7cc9963
Compare
7cc9963 to
36adf9a
Compare
36adf9a to
6a5f89a
Compare
b1da6c9 to
a26436e
Compare
a26436e to
3c61fb7
Compare
…n spec.yaml
Renovate version bumps fail the build-containers Grype gate when the bumped
package pins or caps a transitive dependency to a vulnerable version. Add an
optional dependency-override mechanism to the spec.yaml schema, plumbed into the
generated Dockerfile.
- npx: spec.overrides ([]{package, version, reason}) is injected as an npm
"overrides" block in the generated package.json before the npm install step.
- uvx: spec.constraints ([]{spec, reason}) is written to a uv overrides
requirements file and passed to "uv tool install --overrides".
Both injection points match the install step by content (not line number) so
they stay robust to toolhive template formatting. Every entry requires a
non-empty reason (validation fails otherwise) so the justification for
circumventing an upstream pin is auditable in-repo.
Verified end-to-end against the CI build + Grype recipe:
- #469 @brightdata/mcp 2.9.5 + override @modelcontextprotocol/sdk 1.26.0:
resolves to SDK 1.26.0, grype --fail-on high --only-fixed passes.
- #527 mcp-clickhouse 0.3.0 + constraint fastmcp>=3.2.0: fastmcp 3.4.0,
import mcp_clickhouse OK, grype passes.
Refs #668
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This PR contains the following updates:
2.9.0→2.11.0Release Notes
brightdata/brightdata-mcp (@brightdata/mcp)
v2.11.0Compare Source
What's Changed
Added
web_data_reddit_comments— structured Reddit comments bypost/thread URL, with optional
days_backfilter. Datasetgd_lvzdpsdlw09j6t702. Completes Reddit parity alongsideweb_data_reddit_posts. (#154)Added (since v2.9.3)
search_dataset— search supported datasets by filter and getmatching records directly via the fast search API. (#142)
list_dataset_fields— discover a dataset's filterable fields(name, type, description) before building a filter. (#142)
discover— discovery tool for finding sources/pages by intent.(#130)
v2.10.0Compare Source
Added
search_datasettool to search supported datasets by a filter and get matching records back directly via the fast search API (PR #142)list_dataset_fieldstool to discover a dataset's filterable fields (name, type, description) before building a filter (PR #142)v2.9.5Compare Source
v2.9.4Compare Source
v2.9.3Compare Source
v2.9.3
codetool group - your coding agent's companionweb_data_npm_package- look up any npm package by name and get backstructured metadata: latest version, README, dependencies, and more
(e.g.
@brightdata/sdk,express,fastify)web_data_pypi_package- look up any PyPI package by name and get backstructured metadata: latest version, README, dependencies, and more
(e.g.
langchain-brightdata,requests,numpy)GROUPS="code"- works with Claude Code, Cursor, Windsurf,and any MCP-powered coding agent
codegroup row to the tool groups table in READMEWhy this matters
Coding agents constantly need to answer questions like "what's the latest
version of X?" or "what does this package do?". Until now that meant
scraping registry pages or relying on stale training data. The
codegroupgives agents a single, reliable tool to query npm and PyPI directly —
structured data, no scraping, no blocking, always up to date.
v2.9.2Compare Source
v2.9.1Compare Source
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.