chore(deps): bump github.com/zeromicro/go-zero from 1.10.1 to 1.10.2

[dependabot]

Bumps github.com/zeromicro/go-zero from 1.10.1 to 1.10.2.

Release notes

Sourced from github.com/zeromicro/go-zero's releases.

v1.10.2

New Features

mcp — Opt-in HTTP request metadata bridge for tool handlers (#5550)

Added WithRequestMetadataExtractor option to the MCP server. When set, HTTP request metadata (headers, query parameters, path variables) is captured and injected into each handler's context.Context. Handlers retrieve it via the provided context helpers:

server := mcp.NewMcpServer(conf, mcp.WithRequestMetadataExtractor(mcp.DefaultRequestMetadataExtractor))
server.AddTool(tool, func(ctx context.Context, req *mcp.ServerRequest) (*mcp.ToolResult, error) {
tenantID, _ := mcp.HeaderFromContext(ctx, "X-Tenant-ID")
userID, _   := mcp.QueryFromContext(ctx, "user_id")
// ...
})

Available helpers: RequestMetadataFromContext, HeaderFromContext, QueryFromContext, PathFromContext. Fully backward-compatible — existing NewMcpServer(c) calls are unaffected.

Bug Fixes

discov — Go 1.26 etcd URI compatibility (#5548)

Go 1.26 enforces strict RFC 3986 URI parsing and rejects comma-separated hosts in the URI authority component. BuildDiscovTarget was producing URIs in the form etcd://host1:2379,host2:2379/key, which broke all gRPC services using etcd service discovery with multiple endpoints on Go 1.26+.

The etcd target URL format has been updated to place hosts in the path and the etcd key in a query parameter:

# Before (breaks Go 1.26):
etcd://host1:2379,host2:2379/my-service-key
After (RFC 3986 compliant, works on all Go versions):
etcd:///host1:2379,host2:2379?key=my-service-key

discov — Unbounded memory growth on duplicate etcd PUT events (#5580)

Fixed two related bugs in discov that caused memory to grow without bound in long-running zRPC services:

• Redundant OnAdd calls: handleWatchEvents called OnAdd on every etcd PUT event regardless of whether the value changed (e.g. lease refreshes, watch reconnects). Duplicate PUTs are now skipped; value changes fire OnDelete(old) followed by OnAdd(new) to keep listeners consistent.
• Unbounded slice growth in addKv: Keys were appended to the internal container.values slice unconditionally, causing a single etcd key to accumulate thousands of duplicates over time. addKv now returns early for exact duplicates, and cleans up stale entries when a key moves to a new server address.

New Contributors

• @​caltechustc made their first contribution in #5596

Full Changelog: zeromicro/go-zero@v1.10.1...v1.10.2

Commits

• 0c79f55 chore(deps): bump github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1 (#5589)
• eb33a8b chore(deps): bump github.com/go-sql-driver/mysql from 1.9.3 to 1.10.0 (#5590)
• 34f16a8 chore(deps): bump github.com/alicebob/miniredis/v2 from 2.37.0 to 2.38.0 (#5592)
• 6f45879 chore: fix some function names in comment (#5596)
• 7b5e7b1 fix(discov): prevent unbounded memory growth on duplicate etcd PUT events (#5...
• 4ad4fd4 chore(deps): bump github.com/redis/go-redis/v9 from 9.18.0 to 9.19.0 (#5585)
• 3f3dca6 chore(deps): bump github.com/grafana/pyroscope-go from 1.2.8 to 1.3.0 (#5586)
• 4ea0d9e chore(deps): bump github.com/gookit/color from 1.6.0 to 1.6.1 in /tools/goctl...
• 52d2bda chore(deps): bump github.com/go-sql-driver/mysql from 1.9.3 to 1.10.0 in /too...
• 3738be1 chore(deps): bump go.mongodb.org/mongo-driver/v2 from 2.5.0 to 2.6.0 (#5558)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
jzero	Ready	Preview, Comment	Jun 2, 2026 5:43am

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.