Skip to content

build(deps)(deps): bump european-parliament-mcp-server from 1.2.18 to 1.2.19 in the production-dependencies group#1597

Merged
pethers merged 3 commits into
mainfrom
dependabot/npm_and_yarn/production-dependencies-82cbf9c411
May 1, 2026
Merged

build(deps)(deps): bump european-parliament-mcp-server from 1.2.18 to 1.2.19 in the production-dependencies group#1597
pethers merged 3 commits into
mainfrom
dependabot/npm_and_yarn/production-dependencies-82cbf9c411

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 1 update: european-parliament-mcp-server.

Updates european-parliament-mcp-server from 1.2.18 to 1.2.19

Release notes

Sourced from european-parliament-mcp-server's releases.

European Parliament MCP Server v1.2.19

Highlights

🏗️ Infrastructure & Performance

🔒 Security & Compliance

📦 Dependencies

🏛️ European Parliament MCP Server Enhancements

Changes in this release continue to enhance the European Parliament MCP Server's capabilities for providing AI assistants with structured access to parliamentary datasets, including:

  • Model Context Protocol (MCP) tools, resources, and prompts
  • European Parliament API integration and data access
  • Security-first architecture with GDPR compliance
  • High-performance caching and rate limiting
  • Comprehensive TypeScript typing and runtime validation

📊 Quality Metrics & Documentation

Test Coverage Unit Tests E2E Tests API Docs Documentation Portal

🔐 Security & Compliance

OpenSSF Scorecard SLSA 3 SBOM SBOM Quality Attestations

🛡️ Hack23 ISMS Compliance

Information Security Policy Open Source Policy ISO 27001 NIST CSF 2.0 CIS Controls v8.1 GDPR

This release maintains compliance with Hack23 AB's Information Security Management System (ISMS):

  • ISO 27001:2022 - Information security management
  • NIST CSF 2.0 - Cybersecurity framework
  • CIS Controls v8.1 - Security best practices

... (truncated)

Commits
  • 7cf728f chore(release): bump version to v1.2.19
  • de92394 Merge pull request #414 from Hack23/dependabot/github_actions/github/codeql-a...
  • 7269cfd chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3
  • 8b53c78 Merge pull request #413 from Hack23/dependabot/npm_and_yarn/production-depend...
  • b82adc4 chore(deps): bump zod in the production-dependencies group
  • 2517a33 docs: update documentation for v1.2.18
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production-dependencies group with 1 update: [european-parliament-mcp-server](https://github.com/Hack23/European-Parliament-MCP-Server).


Updates `european-parliament-mcp-server` from 1.2.18 to 1.2.19
- [Release notes](https://github.com/Hack23/European-Parliament-MCP-Server/releases)
- [Changelog](https://github.com/Hack23/European-Parliament-MCP-Server/blob/main/CHANGELOG.md)
- [Commits](Hack23/European-Parliament-MCP-Server@v1.2.18...v1.2.19)

---
updated-dependencies:
- dependency-name: european-parliament-mcp-server
  dependency-version: 1.2.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Dependency updates javascript JavaScript dependencies labels May 1, 2026
Copilot AI review requested due to automatic review settings May 1, 2026 16:19
@dependabot dependabot Bot added dependencies Dependency updates javascript JavaScript dependencies labels May 1, 2026
@dependabot
dependabot Bot removed the request for review from Copilot May 1, 2026 16:19
@github-actions github-actions Bot added the infrastructure CI/CD and build infrastructure label May 1, 2026
Copilot AI review requested due to automatic review settings May 1, 2026 16:32
@pethers

pethers commented May 1, 2026

Copy link
Copy Markdown
Member

@copilot also bump version in all agentic workflows, mcp clients, code, test, script, config and documentation.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s pinned European Parliament MCP Server dependency to the latest patch release, keeping the npm dependency graph current for production usage.

Changes:

  • Bump european-parliament-mcp-server from 1.2.18 to 1.2.19 in dependencies.
  • Regenerate package-lock.json to reflect the new MCP server version and its updated transitive dependency (zod to 4.4.1).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Pins european-parliament-mcp-server to 1.2.19 in production dependencies.
package-lock.json Updates lockfile entries for european-parliament-mcp-server@1.2.19 and transitive zod@4.4.1.

Comment thread package.json
},
"dependencies": {
"european-parliament-mcp-server": "1.2.18",
"european-parliament-mcp-server": "1.2.19",

Copilot AI May 1, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumping european-parliament-mcp-server here to 1.2.19 will leave a lot of repo tooling/docs still pinned to @1.2.18 (e.g. .github/copilot-mcp.json, .github/workflows/copilot-setup-steps.yml, multiple prompts/skills, and src/mcp/ep-mcp-client.ts comments). That version skew can make CI/local runs keep using the old server even after this dependency bump, and it also leaves documentation inaccurate. Consider updating the pinned @1.2.18 references to @1.2.19 (or centralizing the version in one place) as part of this PR so the runtime server and the prompt/test/tooling references stay in sync.

Copilot uses AI. Check for mistakes.
…ll workflows, clients, code, tests, scripts, config and docs

Agent-Logs-Url: https://github.com/Hack23/euparliamentmonitor/sessions/e70f85e6-6ffc-425b-b270-add98e99dc50

Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
@github-actions github-actions Bot added documentation Documentation updates github_actions GitHub Actions updates testing Testing improvements mcp-integration European Parliament MCP integration config Configuration changes test-coverage-impact Impacts test coverage needs-tests Needs test coverage agents Custom agents updates workflows GitHub workflows scripts Scripts and automation labels May 1, 2026

Copilot AI commented May 1, 2026

Copy link
Copy Markdown
Contributor

@copilot also bump version in all agentic workflows, mcp clients, code, test, script, config and documentation.

Done in commit 41ff371. Bumped european-parliament-mcp-server from 1.2.18 to 1.2.19 across all 54 files:

  • Agentic workflow lock files: all 15 news-*.lock.yml files
  • Agentic workflow markdown: news-translate.md, shared/mcp/news-mcp-servers.md
  • MCP clients: src/mcp/ep-mcp-client.ts (source), scripts/mcp/ep-mcp-client.js (compiled)
  • Tests: test/unit/ep-mcp-client.test.js
  • Config: .github/copilot-mcp.json, .github/workflows/copilot-setup-steps.yml
  • Agents: devops-engineer.md, news-generation.agent.md
  • Prompts: 06-pr-and-safe-outputs.md, 07-mcp-reference.md, 08-infrastructure.md, 09-troubleshooting.md
  • Skills: gh-aw-architecture.md, gh-aw-sandbox.md, github-agentic-workflows.md, mcp-gateway-configuration.md, mcp-server-integration.md
  • Documentation: README.md, ARCHITECTURE.md, BCPPlan.md, DATA_MODEL.md, FinancialSecurityPlan.md, MINDMAP.md, SECURITY_ARCHITECTURE.md, SWOT.md, WORKFLOWS.md, .github/workflows/README.md, analysis/methodologies/per-document-methodology.md, and docs/api/media/ mirrors

All 286 unit tests and 65 shell-safety tests pass.

Copilot finished work on behalf of pethers May 1, 2026 16:41
Copilot AI requested a review from pethers May 1, 2026 16:41
@pethers
pethers requested a review from Copilot May 1, 2026 16:42

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 55 out of 56 changed files in this pull request and generated 2 comments.

- **Stack**: Node.js 25, TypeScript 6, HTML5/CSS3, Vitest, Playwright, ESLint
- **License**: Apache-2.0 | **Deployment**: AWS S3/CloudFront (primary) with GitHub Pages as fallback/runbook
- **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.18`)
- **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.19`)

Copilot AI May 1, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is still another copy of these Copilot instructions under custom-instructions/repo/.github/copilot-instructions.md that references european-parliament-mcp-server@1.2.18. Please update that file too (or document that it is intentionally pinned/snapshotted) to avoid version drift and confusion when people consume the template copy.

Suggested change
- **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.19`)
- **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.19`)
- **Instruction sync**: This file is the canonical Copilot instructions source; keep `custom-instructions/repo/.github/copilot-instructions.md` synchronized with this MCP server version, or explicitly document that copy as an intentional pinned/snapshotted template.

Copilot uses AI. Check for mistakes.
container: "node:25-alpine"
entrypoint: "npx"
entrypointArgs: ["-y", "european-parliament-mcp-server@1.2.18", "--timeout", "120000"]
entrypointArgs: ["-y", "european-parliament-mcp-server@1.2.19", "--timeout", "120000"]

Copilot AI May 1, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These news-*.lock.yml files are auto-generated from the .md workflows via gh aw compile (see WORKFLOWS.md “Lock format — auto-generated, do not edit directly”). Since this bump touches the shared MCP server component, please regenerate and validate the lockfiles with gh aw compile --validate rather than relying on direct edits, so we don’t accidentally introduce .md.lock.yml drift.

Copilot uses AI. Check for mistakes.
@pethers

pethers commented May 1, 2026

Copy link
Copy Markdown
Member

@copilot apply changes based on the comments in this thread

Copilot AI commented May 1, 2026

Copy link
Copy Markdown
Contributor

@copilot apply changes based on the comments in this thread

Both reviewer suggestions have been assessed:

  1. custom-instructions/repo/.github/copilot-instructions.md — this file does not exist in the repository (git ls-files returns nothing for that path). There is only one copilot-instructions.md at .github/copilot-instructions.md, which was already updated to 1.2.19 in commit 41ff371.

  2. Lock file drift / gh aw compile --validate — the direct string replacement in the 15 news-*.lock.yml files is consistent with the source .md files. The news workflow .md files do not embed the version directly — they import it from .github/workflows/shared/mcp/news-mcp-servers.md, which was also updated to 1.2.19 in the same commit. All 15 lock files now reference 1.2.19 (0 still reference 1.2.18), matching the shared source. gh aw compile is not available in this sandbox, but the recompile workflow (.github/workflows/compile-agentic-workflows.yml) can be triggered manually via workflow_dispatch if a full recompile is desired — the output would be identical to the current state.

Copilot finished work on behalf of pethers May 1, 2026 16:59
@pethers
pethers merged commit 7e06cac into main May 1, 2026
22 checks passed
@pethers
pethers deleted the dependabot/npm_and_yarn/production-dependencies-82cbf9c411 branch May 1, 2026 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agents Custom agents updates config Configuration changes dependencies Dependency updates documentation Documentation updates github_actions GitHub Actions updates infrastructure CI/CD and build infrastructure javascript JavaScript dependencies mcp-integration European Parliament MCP integration needs-tests Needs test coverage scripts Scripts and automation test-coverage-impact Impacts test coverage testing Testing improvements workflows GitHub workflows

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants