fix(deps): update module github.com/stacklok/toolhive to v0.3.7

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/toolhive	v0.3.3 -> v0.3.7

---

Release Notes

stacklok/toolhive (github.com/stacklok/toolhive)

v0.3.7

Compare Source

🚀 ToolHive v0.3.7 is now available!

This release focuses on improved authorization handling, better network isolation, and enhanced reliability across the platform.

Authorization & Security
• Fixed authorization behavior for tools/list endpoint and text/event-stream content
• Improved audit middleware to detect transport types accurately instead of relying on hardcoded paths
• Added network isolation support with inbound host configuration and end-to-end testing

APIs & Configuration
• Registry defaults now update properly when auth config is provided via CLI
• OAuth scope field now handles both string and array formats correctly
• Proxy mode is now returned in server type for stdio connections
• Endpoint URLs now use X-Forwarded-* headers for more accurate construction

Reliability & Testing
• Refactored status collector with structured error handling for better diagnostics
• Added new pkg/testkit package to improve testing infrastructure
• Fixed nil pointer dereference issue in retriever tests
• ServiceAccount now propagates correctly to StatefulSet in ConfigMap mode

Registry & Tooling
• Multiple registry updates (v2025.10.01 through v2025.10.06)
• Added sample Grafana dashboard for CLI tutorial
• Improved Grafana dashboard UID length handling

Dependencies
• Updated mcp-go to v0.41.1
• Updated Docker to v28.5.0
• Updated Ginkgo to v2.26.0
• Updated go-git to v5.16.3
• Updated Claude Code action to v1

Full Changelog: stacklok/toolhive@v0.3.6...v0.3.7

v0.3.6

Compare Source

🚀 Toolhive v0.3.6 Release Summary

🔧 Enhancements & Fixes

• Reliability & Observability

  • Improved error logging (service name/version)
  • Context-aware logging in the operator
  • Fixed reconciliation loops and flaky tests
  • Corrected Jaeger query URL and telemetry namespace alignment
  • Adjusted Registry API output and added new enforce flag for MCPRegistry

• Security & CI/CD

  • Added Trivy security scanning to GitHub Actions
  • Fixed CI workflow triggers for security scans
  • Improved remote MCP authentication, including issuer mismatch fixes

• Dependencies

  • Updated mcp-go (v0.40.0 → v0.41.0), sigstore-go (v1.1.3), tablewriter (1.1.0)
  • Updated Docker and login-action dependencies
  • Regular registry updates from toolhive-registry releases

• Infrastructure & Deployment

  • Fixed goreleaser warnings
  • Improved ARM64 build for egress proxy
  • Disabled SELinux labeling
  • Added registry deploy from controller & Git Source Handler for MCPRegistry
  • Changed default behavior of proxyrunner
  • Used status files to retrieve PID
  • Removed server deployment counter

📖 Documentation

• Added documentation for remote MCP authentication

🙌 Community

• New contributor: @​TomerFi 🎉

What's Changed

• improves error logs for specific service name and version by @​ChrisJBurns in #​1968
• Fix goreleaser warnings by @​rdimitrov in #​1969
• chore(deps): update toolhive images to v0.3.5 by @​renovate[bot] in #​1967
• Update registry from toolhive-registry release v2025.09.19 by @​github-actions[bot] in #​1971
• Ensure version output works before releasing by @​rdimitrov in #​1970
• Thv registry deploy from controller by @​jhrozek in #​1931
• Git Source Handler for MCPRegistry by @​dmartinol in #​1925
• fix(deps): update module github.com/mark3labs/mcp-go to v0.40.0 by @​renovate[bot] in #​1978
• Use status files to retrieve PID by @​dmjb in #​1805
• corrects jaeger query url for otel collector by @​ChrisJBurns in #​1984
• Update registry from toolhive-registry release v2025.09.20 by @​github-actions[bot] in #​1986
• Update registry from toolhive-registry release v2025.09.21 by @​github-actions[bot] in #​1987
• Update registry from toolhive-registry release v2025.09.22 by @​github-actions[bot] in #​1991
• Remove counter of deployed server by @​dmartinol in #​1979
• Bump github.com/olekukonko/tablewriter from 1.0.9 to 1.1.0 by @​dependabot[bot] in #​1992
• Update registry from toolhive-registry release v2025.09.23 by @​github-actions[bot] in #​1999
• Disable selinux labeling by @​kaharlichenko in #​1988
• Fix flaky TestGetRegistryAPIImage test by using dependency injection by @​JAORMX in #​2002
• Add Trivy security scanning to GitHub Actions workflows by @​JAORMX in #​2000
• Update registry from toolhive-registry release v2025.09.24 by @​github-actions[bot] in #​2005
• Fix CI: Add workflow_call trigger to security-scan workflow by @​JAORMX in #​2008
• Replace global logger with context-aware logging in operator by @​JAORMX in #​2007
• Fix reconciliation loops by @​dmartinol in #​1996
• Adjust output of Registry API by @​dmartinol in #​2001
• Add an enforce flag to MCPRegistry by @​jhrozek in #​1997
• fix: the telemetry namesapce should match the operator's one by @​TomerFi in #​2003
• Update registry from toolhive-registry release v2025.09.26 by @​github-actions[bot] in #​2011
• fix(deps): update module github.com/sigstore/sigstore-go to v1.1.3 by @​renovate[bot] in #​2019
• fix(deps): update module github.com/mark3labs/mcp-go to v0.41.0 by @​renovate[bot] in #​2021
• Update registry from toolhive-registry release v2025.09.28 by @​github-actions[bot] in #​2020
• Update registry from toolhive-registry release v2025.09.29 by @​github-actions[bot] in #​2022
• Fix egress proxy ARM64 build by using Alpine edge repository by @​JAORMX in #​1995
• chore(deps): update docker/login-action action to v3.6.0 by @​renovate[bot] in #​2025
• Add remote MCP authentication documentation by @​JAORMX in #​1981
• Fix remote MCP server authentication with issuer mismatch by @​JAORMX in #​1980
• fix issues with propagating server and transport on telemetry by @​yrobla in #​1973
• change the default behaviour of proxyrunner by @​yrobla in #​1952
• Update registry from toolhive-registry release v2025.09.30 by @​github-actions[bot] in #​2029
• corrects jaeger URLs for otel example by @​ChrisJBurns in #​2036
• Fix GoReleaser archive formats by @​danbarr in #​2038

Full Changelog: stacklok/toolhive@v0.3.5...v0.3.6

v0.3.5

Compare Source

This release fixes an issue with job name references in the release workflow that affected v0.3.3 and v0.3.4.

What's Changed

• fixes job name reference by @​ChrisJBurns in #​1966

Full Changelog: stacklok/toolhive@v0.3.4...v0.3.5

v0.3.4

Compare Source

This is primarily a re-release due to a workflow issue with the v0.3.3 release which impacted version output and OpenTelemetry configurations.

What's Changed

• Add ginkgolinter to golangci-lint configuration by @​JAORMX in #​1956
• chore(deps): update toolhive images to v0.3.2 by @​renovate[bot] in #​1754
• chore(deps): update toolhive images to v0.3.3 by @​renovate[bot] in #​1963
• adds tests for packages missing them (core/env/errors/transport/errors/versions) by @​ChrisJBurns in #​1729
• Add Roddie and Daniele as ToolHive Maintainers by @​rdimitrov in #​1965

Full Changelog: stacklok/toolhive@v0.3.3...v0.3.4

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 7 additional dependencies were updated

Details:

Package	Change
github.com/docker/docker	v28.4.0+incompatible -> v28.5.0+incompatible
github.com/sigstore/rekor-tiles	v0.1.10 -> v0.1.11
github.com/sigstore/sigstore-go	v1.1.2 -> v1.1.3
github.com/sigstore/timestamp-authority	v1.2.8 -> v1.2.9
github.com/theupdateframework/go-tuf/v2	v2.1.1 -> v2.2.0
github.com/transparency-dev/tessera	v1.0.0-rc2 -> v1.0.0-rc3
google.golang.org/protobuf	v1.36.8 -> v1.36.9