chore: update dependencies (#97)

### Chores
- Update dependencies
- Let dependabot update docker, github-actions and uv
- Replace update uv.lock workflow with dependabot CI

Author: reneleonhardt

.dockerignore

@@ -5,4 +5,4 @@
 !/src/
 !pyproject.toml
 !uv.lock
-!LICENSE
+!LICENSE

.github/dependabot.yml

@@ -1,6 +1,19 @@
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates
+
 version: 2
 updates:
-  - package-ecosystem: "pip"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups: # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups--
+      actions:
+        patterns: ["*"] # Combine all images of last week
+  - package-ecosystem: "uv"
     directory: "/"
     schedule:
       interval: "daily"

.github/workflows/ci.yaml

@@ -11,6 +11,7 @@ on:
 env:
   CI: true
   COLUMNS: 120
+  PYTHON_VERSION: "3.13"
 
 permissions:
   contents: read
@@ -23,7 +24,7 @@ jobs:
 
       - uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
 
       - name: Install dependencies
         run: uv sync --frozen --all-extras --all-packages
@@ -44,7 +45,7 @@ jobs:
 
       - uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
 
       - name: Install dependencies
         run: uv sync --frozen --all-extras --all-packages
@@ -94,7 +95,7 @@ jobs:
 
       - uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
 
       - run: uv sync --frozen
       - run: uv run --frozen coverage combine coverage
@@ -134,7 +135,7 @@ jobs:
 
       - uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1
         with:
-          python-version: "3.12"
+          python-version: ${{ env.PYTHON_VERSION }}
 
       - name: check GITHUB_REF matches package version
         uses: samuelcolvin/check-python-version@758a13b52c26833cffda0f2ed4f3c9e54d9186d9 # v4.1

.github/workflows/dependabot.yml

@@ -0,0 +1,23 @@
+name: Dependabot Automation
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'sparfenyuk/mcp-proxy'
+    steps:
+      - name: Fetch metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Auto-merge Patch PRs
+        if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/update-uv-lock.yml

@@ -1,5 +1,5 @@
 # Build stage with explicit platform specification
-FROM ghcr.io/astral-sh/uv:python3.12-alpine AS uv
+FROM ghcr.io/astral-sh/uv:python3.13-alpine AS uv
 
 # Install the project into /app
 WORKDIR /app
@@ -25,7 +25,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 RUN apk add --update --no-cache catatonit
 
 # Final stage with explicit platform specification
-FROM python:3.12-alpine
+FROM python:3.13-alpine
 
 COPY --from=uv --chown=app:app /app/.venv /app/.venv
 COPY --from=uv /usr/bin/catatonit /usr/bin/

Dockerfile

@@ -27,7 +27,7 @@ classifiers = [
 ]
 version = "0.8.2"
 requires-python = ">=3.10"
-dependencies = ["mcp>=1.8.0,<2.0.0", "uvicorn>=0.34.0"]
+dependencies = ["mcp==1.9.4", "uvicorn>=0.34.0"]
 
 [build-system]
 requires = ["setuptools"]