fix(deps): update module github.com/stacklok/toolhive to v0.7.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/toolhive	v0.6.17 → v0.7.1

---

Release Notes

stacklok/toolhive (github.com/stacklok/toolhive)

v0.7.1

Compare Source

What's Changed

• Use background context for all async APIs by @​dmjb in #​3302
• Update toolhive images to v0.7.0 by @​renovate[bot] in #​3303
• Fix skill names to comply with Agent Skills specification by @​JAORMX in #​3304

Full Changelog: stacklok/toolhive@v0.7.0...v0.7.1

v0.7.0

Compare Source

What's Changed

• Vmcp: Migrate telemetry config by @​jerm-dro in #​3207
• vmcp: migrate audit config by @​jerm-dro in #​3208
• Update registry from toolhive-registry release v2026.01.09 by @​github-actions[bot] in #​3233
• Update anthropics/claude-code-action digest to 1b8ee3b by @​renovate[bot] in #​3231
• Update module github.com/onsi/gomega to v1.39.0 by @​renovate[bot] in #​3228
• Implement BackendReconciler for vMCP dynamic backend discovery by @​yrobla in #​3212
• Update swagger documentation to fix CI verification by @​yrobla in #​3237
• Fix race condition in testing by @​dmjb in #​3239
• Add Recovery Middleware to Prevent Server Crashes from Panics by @​jerm-dro in #​3219
• Manually update swaggo/swag library by @​dmjb in #​3238
• Update module github.com/onsi/ginkgo/v2 to v2.27.4 by @​renovate[bot] in #​3227
• Update toolhive images to v0.6.17 by @​renovate[bot] in #​3186
• Update module golang.org/x/term to v0.39.0 by @​renovate[bot] in #​3241
• Update module golang.org/x/mod to v0.32.0 by @​renovate[bot] in #​3240
• Improve CRD API documentation with opt-in type discovery and package disambiguation by @​jerm-dro in #​3232
• Update registry from toolhive-registry release v2026.01.10 by @​github-actions[bot] in #​3243
• [#​3109] Implement authorization abstraction by @​ghaskins in #​3110
• Update module github.com/lestrrat-go/jwx/v3 to v3.0.13 by @​renovate[bot] in #​3249
• Update registry from toolhive-registry release v2026.01.12 by @​github-actions[bot] in #​3244
• Handle async methods in workload manager in a more idiomatic way by @​dmjb in #​3254
• Manually bump k8s.io/utils by @​dmjb in #​3255
• Add missing flag shorthands and use shared helpers by @​dmjb in #​3256
• Add OAuth authorization server storage interfaces and types by @​jhrozek in #​3245
• authserver: Add OAuth session management for JWT claims and IDP linking by @​jhrozek in #​3246
• resolve bearer token secrets before authentication by @​amirejaz in #​3259
• Add shared flag helpers by @​dmjb in #​3258
• authserver: Add RFC 7591 Dynamic Client Registration validation by @​jhrozek in #​3252
• Update module golang.org/x/net to v0.49.0 by @​renovate[bot] in #​3262
• Update actions/setup-go digest to 7a3fe6c by @​renovate[bot] in #​3271
• Update module github.com/onsi/ginkgo/v2 to v2.27.5 by @​renovate[bot] in #​3266
• Update golang.org/x/exp/jsonrpc2 digest to 716be56 by @​renovate[bot] in #​3264
• Add Virtual MCP Server architecture documentation by @​JAORMX in #​3272
• Update registry from toolhive-registry release v2026.01.13 by @​github-actions[bot] in #​3269
• Fix vMCP architecture documentation accuracy by @​jhrozek in #​3274
• Add CRD overview diagram to operator architecture docs by @​JAORMX in #​3273
• Improve error messages with actionable recovery hints by @​majiayu000 in #​3165
• Add cryptographic utilities for OAuth authorization server by @​jhrozek in #​3265
• Add upstream Identity Provider types and interfaces by @​jhrozek in #​3260
• Mark fields in the runconfig as deprecated by @​dmjb in #​2212
• Add request body size limit middleware function by @​muzman123 in #​3114
• Fix: Migrate telemetry config samplingRate from float64 to string by @​jerm-dro in #​3268
• Change PR sizer to remove feedback if PR is downsized by @​dmjb in #​3275
• Update ghcr.io/stacklok/thv-registry-api Docker tag to v0.4.8 by @​renovate[bot] in #​3276
• Run helm chart generation as part of task docs by @​dmjb in #​3277
• Add OAuth client factory with RFC 8252 loopback support to authserver by @​jhrozek in #​3263
• Migrate Remaining VirtualMCPServer Fields to spec.config by @​jerm-dro in #​3242
• Add comprehensive test coverage for remote MCP server health check failures by @​amirejaz in #​3084
• Disable healthchecks for remote workloads for now by @​dmjb in #​3284
• Remove unnecessary uses of context.Background() by @​dmjb in #​3285
• Add shared HTTPClient interface to networking package by @​jhrozek in #​3287
• Update registry from toolhive-registry release v2026.01.14 by @​github-actions[bot] in #​3281
• Move HTTPError type to networking package by @​jhrozek in #​3289
• Standardize API error handling by @​jerm-dro in #​3218
• Add generic FetchJSON HTTP utility by @​jhrozek in #​3290
• Add assignee to the docs update workflows by @​danbarr in #​3292
• Chore: remove unnecessary TODOs from vMCP spec by @​jerm-dro in #​3293
• Fix broken anchor links in CRD reference documentation by @​danbarr in #​3295
• Update module github.com/go-chi/chi/v5 to v5.2.4 by @​renovate[bot] in #​3291
• Update registry from toolhive-registry release v2026.01.15 by @​github-actions[bot] in #​3299

New Contributors

• @​muzman123 made their first contribution in #​3114

Full Changelog: stacklok/toolhive@v0.6.17...v0.7.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 12 additional dependencies were updated

Details:

Package	Change
github.com/go-openapi/jsonpointer	v0.22.1 -> v0.22.4
github.com/go-openapi/jsonreference	v0.21.3 -> v0.21.4
github.com/go-openapi/spec	v0.22.1 -> v0.22.3
github.com/lestrrat-go/jwx/v3	v3.0.12 -> v3.0.13
golang.org/x/crypto	v0.46.0 -> v0.47.0
golang.org/x/exp/event	v0.0.0-20251125195548-87e1e737ad39 -> v0.0.0-20251219203646-944ab1f22d93
golang.org/x/exp/jsonrpc2	v0.0.0-20251219203646-944ab1f22d93 -> v0.0.0-20260112195511-716be5621a96
golang.org/x/mod	v0.31.0 -> v0.32.0
golang.org/x/net	v0.48.0 -> v0.49.0
golang.org/x/term	v0.38.0 -> v0.39.0
golang.org/x/text	v0.32.0 -> v0.33.0
k8s.io/utils	v0.0.0-20260106112306-0fe9cd71b2f8 -> v0.0.0-20260108192941-914a6e750570

[github-actions]

🔒 MCP Security Scan Results

✅ adb-mysql-mcp-server

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ agentql-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ arxiv-mcp-server

• Status: Passed
• Tools scanned: 4
• Result: No security issues detected

✅ astra-db-mcp

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ aws-diagram

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ aws-documentation

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ blender-mcp

• Status: Passed
• Tools scanned: 22
• Result: No security issues detected

✅ brightdata-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ browserbase-mcp-server

• Status: Passed
• Tools scanned: 9
• Result: No security issues detected

✅ chroma-mcp

• Status: Passed
• Tools scanned: 13
• Result: No security issues detected

✅ chrome-devtools-mcp

• Status: Passed
• Tools scanned: 26
• Result: No security issues detected

✅ context7

• Status: Passed
• Tools scanned: 2
• Result: No security issues detected

✅ graphlit-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ heroku-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ ida-pro-mcp

• Status: Passed
• Tools scanned: 48
• Result: No security issues detected

✅ launchdarkly-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ magic-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-clickhouse

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ mcp-jetbrains

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-aura-manager

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-cypher

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ mcp-neo4j-memory

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-box

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-circleci

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ mcp-server-neon

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ netbird

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ notion

• Status: Passed
• Tools scanned: 21
• Result: No security issues detected

✅ onchain-mcp

• Status: Passed
• Tools scanned: 10
• Result: No security issues detected

✅ pagerduty-mcp

• Status: Passed
• Tools scanned: 38
• Result: No security issues detected

✅ phoenix-mcp

• Status: Passed
• Tools scanned: 19
• Result: No security issues detected

✅ playwright-mcp

• Status: Passed
• Tools scanned: 22
• Result: No security issues detected

✅ sentry-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ supabase-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ tavily-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

---

Summary: Scanned 34 MCP server(s), all passed security checks. ✅