chore(deps): bump the dependencies group with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates: github.com/github/copilot-sdk/go, github.com/pb33f/libopenapi and github.com/pb33f/libopenapi-validator.

Updates github.com/github/copilot-sdk/go from 1.0.1 to 1.0.2

Release notes

Sourced from github.com/github/copilot-sdk/go's releases.

rust/v1.0.2

What's Changed

• Bump the java-maven-deps group in /java with 3 updates by @​dependabot[bot] in github/copilot-sdk#1613
• Bump the java-codegen-deps group in /java/scripts/codegen with 2 updates by @​dependabot[bot] in github/copilot-sdk#1614
• Add open-canvases snapshot tracking to the Java SDK by @​jmoseley in github/copilot-sdk#1606
• Add docs style instructions for copilot agents by @​sunbrye in github/copilot-sdk#1236
• docs: rename index.md to README.md in docs directories by @​andyfeller in github/copilot-sdk#1631
• Make exit_plan_mode E2E snapshot tolerant of reworded CLI tool result by @​stephentoub in github/copilot-sdk#1639
• Add defer parameter to tool definition by @​almaleksia in github/copilot-sdk#1632
• Make Go JSON-RPC requests context-aware by @​qmuntal in github/copilot-sdk#1643
• Bump esbuild from 0.27.3 to 0.28.1 in /scripts/codegen in the npm_and_yarn group across 1 directory by @​dependabot[bot] in github/copilot-sdk#1647
• Add API docs column to Available SDKs table in README by @​Copilot in github/copilot-sdk#1662
• Update @​github/copilot to 1.0.62 by @​github-actions[bot] in github/copilot-sdk#1672
• Add E2E test for session.providerEndpoint.get by @​SteveSandersonMS in github/copilot-sdk#1621
• SDK: add optional memory configuration to session create and resume by @​Morabbin in github/copilot-sdk#1617
• [E2E] session.todos_changed event + readSqlTodosWithDependencies (6 languages) by @​SteveSandersonMS in github/copilot-sdk#1622
• Add graceful runtime shutdown to SDK clients by @​stephentoub in github/copilot-sdk#1667
• fix(python): round sub-millisecond durations in to_timedelta_int by @​idryzhov in github/copilot-sdk#1668
• Add ADR-005: Ergonomic tool definition via annotation processor by @​edburns in github/copilot-sdk#1684
• Add OTLP protocol telemetry options by @​loganrosen in github/copilot-sdk#1648
• Bump esbuild from 0.28.0 to 0.28.1 in /java/scripts/codegen by @​dependabot[bot] in github/copilot-sdk#1649
• Bump the npm_and_yarn group across 2 directories with 2 updates by @​dependabot[bot] in github/copilot-sdk#1681
• Standardize README prerequisites across all SDK languages by @​scottaddie in github/copilot-sdk#1636
• Update .NET SDK contribution prerequisite by @​scottaddie in github/copilot-sdk#1678
• Update @​github/copilot to 1.0.63 by @​github-actions[bot] in github/copilot-sdk#1686
• Fix Dependabot security alerts: bump esbuild, tsx, js-yaml by @​Copilot in github/copilot-sdk#1685
• Rename SystemPromptSections → SystemMessageSections for cross-SDK consistency by @​edburns in github/copilot-sdk#1683
• Surface ModelBilling.tokenPrices on public SDK types by @​MackinnonBuck in github/copilot-sdk#1633
• Port shouldUseReplacedIdentitySectionInResponse E2E test to dotnet, go, nodejs, python, and rust by @​Copilot in github/copilot-sdk#1691
• Generate package-info.java for generated packages by @​edburns in github/copilot-sdk#1695
• Update @​github/copilot to 1.0.64-0 by @​github-actions[bot] in github/copilot-sdk#1697
• fix: skip CLI download in build.rs when DOCS_RS env var is set by @​Copilot in github/copilot-sdk#1660
• Update Azure managed identity setup docs by @​scottaddie in github/copilot-sdk#1712

New Contributors

• @​andyfeller made their first contribution in github/copilot-sdk#1631
• @​almaleksia made their first contribution in github/copilot-sdk#1632
• @​idryzhov made their first contribution in github/copilot-sdk#1668
• @​scottaddie made their first contribution in github/copilot-sdk#1636

Full Changelog: github/copilot-sdk@rust/v1.0.1...rust/v1.0.2

v1.0.2

Feature: opt-in memory for sessions

Sessions can now be configured with persistent memory, allowing the agent to recall information across turns. Set memory: { enabled: true } when creating or resuming a session; when omitted the runtime default applies. (#1617)

const session = await client.createSession({
    memory: { enabled: true },
</tr></table> 

... (truncated)

Changelog

Sourced from github.com/github/copilot-sdk/go's changelog.

v1.0.2 (2026-06-18)

Feature: opt-in memory for sessions

Sessions can now be configured with persistent memory, allowing the agent to recall information across turns. Set memory: { enabled: true } when creating or resuming a session; when omitted the runtime default applies. (#1617)

const session = await client.createSession({
    memory: { enabled: true },
});

var session = await client.CreateSessionAsync(new SessionConfig
{
    Memory = new MemoryConfiguration { Enabled = true }
});

Feature: defer parameter for tool definitions

Tools now support a defer option controlling whether they are pre-loaded eagerly or surfaced lazily through tool search. Use "auto" (the default) to allow lazy loading, or "never" to force pre-loading. (#1632)

defineTool("lookup_issue", {
    description: "Fetch issue details",
    parameters: z.object({ id: z.string() }),
    defer: "auto",
    handler: async ({ id }) => { /* ... */ },
});

var tool = CopilotTool.DefineTool(
    async ([Description("Issue ID")] string id) => { /* ... */ },
    toolOptions: new CopilotToolOptions { Defer = CopilotToolDefer.Auto });

Other changes

• feature: [All SDKs] add otlpProtocol telemetry option ("http/json" or "http/protobuf") for configuring OTLP export transport (#1648)
• feature: [All SDKs] surface ModelBilling.tokenPrices on public SDK types, exposing per-tier input/output/cache pricing and context window limits (#1633)
• improvement: [All SDKs] call runtime.shutdown during normal client stop for deterministic OTEL telemetry flush before process cleanup (#1667)
• improvement: [Go] thread context.Context through the JSON-RPC request path for proper cancellation support (#1643)
• improvement: [Java] add getOpenCanvases() to CopilotSession to track currently open canvas instances, matching the other SDKs (#1606)
• improvement: [Java] rename SystemPromptSections to SystemMessageSections for cross-SDK consistency; old class deprecated with forRemoval=true (#1683)
• bugfix: [Python] round sub-millisecond durations in to_timedelta_int to avoid serialization errors (#1668)
• bugfix: [Rust] skip CLI binary download in build.rs when DOCS_RS env var is set (#1660)

New contributors

... (truncated)

Commits

• 8789b28 Update Azure managed identity docs (#1712)
• 9b3dadf fix: skip CLI download in build.rs when DOCS_RS env var is set (#1660)
• ff49ed2 Update @​github/copilot to 1.0.64-0 (#1697)
• 5a80afe Generate package-info.java for generated packages (#1695)
• 931bc4c Port shouldUseReplacedIdentitySectionInResponse E2E test to dotnet, go, nod...
• 30db42f Surface ModelBilling.tokenPrices on public SDK types (#1633)
• 2320ea8 Rename SystemPromptSections → SystemMessageSections for cross-SDK consistency...
• 1d61f7a Fix Dependabot security alerts: bump esbuild, tsx, js-yaml (#1685)
• 0d6f2e5 Update @​github/copilot to 1.0.63 (#1686)
• 4bc7e05 Update .NET SDK contribution prerequisite (#1678)
• Additional commits viewable in compare view

Updates github.com/pb33f/libopenapi from 0.37.3 to 0.38.1

Release notes

Sourced from github.com/pb33f/libopenapi's releases.

v0.38.1

Fixes #590 and moved to our own fork of testify

v0.38.0

Improves parse/index performance and memory use with lazy SpecInfo JSON generation, lower-allocation node indexing, faster component-path conversion, and reduced goroutine overhead in small translation/schema paths.

Adds SkipMetadataCollection for consumers that do not need diagnostic index metadata, allowing faster/lighter parsing for large documents.

Tightens YAML handling around duplicate keys, merge/root errors, empty overlays, and YAML v4 rc.5 rendering behavior.

Fixes OpenAPI 3.0 webhooks extraction so same-named scalar values no longer create empty webhook maps.

Improves change detection and generator metadata fidelity, including anchor-insensitive YAML comparisons and preserved/inferred

YAML tags for generated enum/const metadata.

@​asadtariq96

Commits

• 8bbb3fa address issue #590
• 73ef933 coverage bump
• bac2b0e upgrade YAML APIs
• dfe2eb2 update deps
• 6c72b83 bump coverage on arazzo
• 68a6d17 fix: hold exclusive lock while building legacy node map
• 6019ccc fix borked windows test
• 4a22282 perf: lazy SpecInfo JSON, SkipMetadataCollection, and hot-path allocation cuts
• ee5ec7c fix(v3): don't inject empty webhooks for OpenAPI 3.0 docs with same-named scalar
• 29d9ea8 Bump golang.org/x/sync from 0.20.0 to 0.21.0
• See full diff in compare view

Updates github.com/pb33f/libopenapi-validator from 0.13.8 to 0.13.10

Release notes

Sourced from github.com/pb33f/libopenapi-validator's releases.

v0.13.10

Fixes #281, fixes tests in from libopenapi bump and moves to our own fork of testify.

Commits

• 13aa668 deps
• 8fb6938 move to our own fork of testify
• f90632c fixed pipeline
• da9df73 coverage bumps
• 6199810 honor readOnly/writeOnly in required validation by direction
• e37ceb6 bump deps!
• 14f2269 Bump github.com/pb33f/libopenapi from 0.36.6 to 0.37.2
• 54cf7b7 remove the custom coverage tools and use proper toolchain.
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions