Bump the all group with 1 update

[dependabot]

Updated ModelContextProtocol from 1.3.0 to 1.4.0.

Release notes

Sourced from ModelContextProtocol's releases.

1.4.0

v1.4.0 introduces support for the Identity Assertion Authorization Grant (ID-JAG) flow via the new IdentityAssertionGrantProvider, enabling enterprise SSO scenarios where users authenticate once via their enterprise Identity Provider and access MCP servers without per-server authorization prompts. The release also adds a new InheritEnvironmentVariables option on StdioClientTransportOptions for controlling the child server's environment, alongside two security hardening fixes: the stdio client transport no longer enumerates child-process environment variables in Trace logs, and DELETE on a Streamable HTTP session now requires the same authenticated user that initiated the session.

What's Changed

• Stop logging stdio transport environment variables #​1538 by @​halter73 (co-authored by @​Copilot)
• Add InheritEnvironmentVariables to StdioClientTransportOptions #​1563 by @​halter73 (co-authored by @​Copilot)
• Validate user on Streamable HTTP session DELETE #​1604 by @​halter73 (co-authored by @​Copilot)
  • HandleDeleteRequestAsync now mirrors the HasSameUserId check already enforced on GET and POST. A DELETE with a valid Mcp-Session-Id but a different authenticated user now returns 403 Forbidden instead of terminating the session — defense-in-depth against a leaked session ID being used to DoS the original owner.
• Add Enterprise Managed Authorization (SEP-990) support #​1305 by @​aniket-okta (backported in #​1625)
  • Adds IdentityAssertionGrantProvider and supporting option/response types in ModelContextProtocol.Authentication implementing the Identity Assertion Authorization Grant flow: RFC 8693 token exchange at the enterprise IdP (ID Token → JWT Authorization Grant) followed by RFC 7523 JWT bearer grant at the MCP authorization server (JAG → access token). See the new Cross-Application Access section in the transport docs for full usage details.

Documentation Updates

• Fix broken links to MCP Tasks specification #​1594 by @​tarekgh

Repository Infrastructure Updates

• Update release processes to support release servicing branches #​1620 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

• @​aniket-okta made their first contribution in #​1305
• @​felixweinberger submitted issue #​949 (resolved by #​1305)
• @​eiriktsarpalis @​ericstj @​PranavSenthilnathan reviewed pull requests

Full Changelog: modelcontextprotocol/csharp-sdk@v1.3.0...v1.4.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions