build(deps)(deps): bump european-parliament-mcp-server from 1.2.18 to 1.2.19 in the production-dependencies group#1597
Conversation
Bumps the production-dependencies group with 1 update: [european-parliament-mcp-server](https://github.com/Hack23/European-Parliament-MCP-Server). Updates `european-parliament-mcp-server` from 1.2.18 to 1.2.19 - [Release notes](https://github.com/Hack23/European-Parliament-MCP-Server/releases) - [Changelog](https://github.com/Hack23/European-Parliament-MCP-Server/blob/main/CHANGELOG.md) - [Commits](Hack23/European-Parliament-MCP-Server@v1.2.18...v1.2.19) --- updated-dependencies: - dependency-name: european-parliament-mcp-server dependency-version: 1.2.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
|
@copilot also bump version in all agentic workflows, mcp clients, code, test, script, config and documentation. |
There was a problem hiding this comment.
Pull request overview
Updates the project’s pinned European Parliament MCP Server dependency to the latest patch release, keeping the npm dependency graph current for production usage.
Changes:
- Bump
european-parliament-mcp-serverfrom1.2.18to1.2.19independencies. - Regenerate
package-lock.jsonto reflect the new MCP server version and its updated transitive dependency (zodto4.4.1).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Pins european-parliament-mcp-server to 1.2.19 in production dependencies. |
| package-lock.json | Updates lockfile entries for european-parliament-mcp-server@1.2.19 and transitive zod@4.4.1. |
| }, | ||
| "dependencies": { | ||
| "european-parliament-mcp-server": "1.2.18", | ||
| "european-parliament-mcp-server": "1.2.19", |
There was a problem hiding this comment.
Bumping european-parliament-mcp-server here to 1.2.19 will leave a lot of repo tooling/docs still pinned to @1.2.18 (e.g. .github/copilot-mcp.json, .github/workflows/copilot-setup-steps.yml, multiple prompts/skills, and src/mcp/ep-mcp-client.ts comments). That version skew can make CI/local runs keep using the old server even after this dependency bump, and it also leaves documentation inaccurate. Consider updating the pinned @1.2.18 references to @1.2.19 (or centralizing the version in one place) as part of this PR so the runtime server and the prompt/test/tooling references stay in sync.
…ll workflows, clients, code, tests, scripts, config and docs Agent-Logs-Url: https://github.com/Hack23/euparliamentmonitor/sessions/e70f85e6-6ffc-425b-b270-add98e99dc50 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
Done in commit
All 286 unit tests and 65 shell-safety tests pass. |
| - **Stack**: Node.js 25, TypeScript 6, HTML5/CSS3, Vitest, Playwright, ESLint | ||
| - **License**: Apache-2.0 | **Deployment**: AWS S3/CloudFront (primary) with GitHub Pages as fallback/runbook | ||
| - **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.18`) | ||
| - **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.19`) |
There was a problem hiding this comment.
There is still another copy of these Copilot instructions under custom-instructions/repo/.github/copilot-instructions.md that references european-parliament-mcp-server@1.2.18. Please update that file too (or document that it is intentionally pinned/snapshotted) to avoid version drift and confusion when people consume the template copy.
| - **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.19`) | |
| - **Data**: European Parliament MCP Server (`european-parliament-mcp-server@1.2.19`) | |
| - **Instruction sync**: This file is the canonical Copilot instructions source; keep `custom-instructions/repo/.github/copilot-instructions.md` synchronized with this MCP server version, or explicitly document that copy as an intentional pinned/snapshotted template. |
| container: "node:25-alpine" | ||
| entrypoint: "npx" | ||
| entrypointArgs: ["-y", "european-parliament-mcp-server@1.2.18", "--timeout", "120000"] | ||
| entrypointArgs: ["-y", "european-parliament-mcp-server@1.2.19", "--timeout", "120000"] |
There was a problem hiding this comment.
These news-*.lock.yml files are auto-generated from the .md workflows via gh aw compile (see WORKFLOWS.md “Lock format — auto-generated, do not edit directly”). Since this bump touches the shared MCP server component, please regenerate and validate the lockfiles with gh aw compile --validate rather than relying on direct edits, so we don’t accidentally introduce .md↔.lock.yml drift.
|
@copilot apply changes based on the comments in this thread |
Both reviewer suggestions have been assessed:
|
Bumps the production-dependencies group with 1 update: european-parliament-mcp-server.
Updates
european-parliament-mcp-serverfrom 1.2.18 to 1.2.19Release notes
Sourced from european-parliament-mcp-server's releases.
... (truncated)
Commits
7cf728fchore(release): bump version to v1.2.19de92394Merge pull request #414 from Hack23/dependabot/github_actions/github/codeql-a...7269cfdchore(deps): bump github/codeql-action from 4.35.2 to 4.35.38b53c78Merge pull request #413 from Hack23/dependabot/npm_and_yarn/production-depend...b82adc4chore(deps): bump zod in the production-dependencies group2517a33docs: update documentation for v1.2.18Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions