This document tracks major dependencies and their versions for the Slack MCP Client.
Current Version: v0.1.14 (Upgraded: 2025-10-29)
Purpose: LLM integration, agent framework, and tool orchestration
Key Features Used:
- Agent framework (ConversationalAgent, Executor)
- LLM providers (OpenAI, Anthropic, Ollama)
- Tool abstraction and callback handlers
- RAG components (document loaders, text splitters)
Recent Updates:
- v0.1.14 (2025-10-29): Major stability and performance improvements
- Fixed memory and goroutine leaks in streaming for OpenAI, Anthropic, Ollama
- Enhanced agent parsing for multi-line tool calls
- Improved error handling and API key sanitization
- Panic prevention in streaming edge cases
- See v0.1.14 Upgrade Report for details
Documentation: github.com/tmc/langchaingo
Package: github.com/slack-go/slack
Purpose: Slack API integration and Socket Mode communication
Key Features Used:
- Socket Mode for real-time messaging
- Block Kit message formatting
- User context and thread management
- Rich message formatting
Documentation: github.com/slack-go/slack
Current Version: v0.42.0 (Upgraded: 2025-10-29)
Purpose: Standardized protocol for AI model-tool communication
Transports Supported:
- HTTP with JSON-RPC 2.0 and improved sampling
- Server-Sent Events (SSE) with automatic retry and session management
- stdio for local development
Specification: MCP 2025-06-18
Recent Updates:
- v0.42.0 (2025-10-29): HTTP sampling improvements, session-specific resources, enhanced streaming control, bug fixes for transport initialization and session reuse
Documentation: github.com/mark3labs/mcp-go
Package: github.com/prometheus/client_golang
Purpose: Metrics collection and monitoring
Metrics Provided:
- Tool invocation counters with error tracking
- LLM token usage histograms by model and type
- Endpoint:
/metricson configurable port (default: 8080)
Packages:
go.opentelemetry.io/otelgo.opentelemetry.io/otel/exporters/otlp/otlptrace
Purpose: Distributed tracing for LLM operations and tool calls
Providers Supported:
- Simple OTLP for basic tracing
- Langfuse for advanced LLM observability
github.com/stretchr/testify- Testing utilities and assertions
- GoReleaser - Automated release management
- GitHub Actions - CI/CD pipeline
- Trivy - Security scanning
- golangci-lint - Code quality checks
- Security fixes: Upgrade immediately
- Bug fixes: Upgrade within 1 week if affecting us
- New features: Upgrade when needed
- Major versions: Plan carefully, expect breaking changes
- Subscribe to release notifications for critical dependencies
- Quarterly review of outdated dependencies:
go list -u -m all - Security scanning in CI/CD pipeline
Follow the Upgrade Template for consistent upgrade documentation:
- Research release notes and breaking changes
- Test in development environment
- Document changes in upgrade report
- Update this dependencies file
- Deploy to staging, then production
| Version | Date | Changes | Report |
|---|---|---|---|
| v0.1.14 | 2025-10-29 | Streaming fixes, agent improvements, security enhancements | Report |
| v0.1.13 | Previous | Initial version in use | - |
| Version | Date | Changes | Notes |
|---|---|---|---|
| v0.42.0 | 2025-10-29 | HTTP sampling improvements, session-specific resources, streaming control, transport bug fixes | No breaking changes |
| v0.37.0 | Previous | Previous version in use | - |
Major transitive dependencies automatically managed by go.mod:
golang.org/x/net- Network primitivesgolang.org/x/sys- System callsgolang.org/x/crypto- Cryptographygoogle.golang.org/grpc- gRPC for some MCP transportsgoogle.golang.org/api- Google Cloud APIs (for Vertex AI)
Run go mod graph to see the complete dependency tree.
Automated security scanning in CI/CD:
- govulncheck: Checks for known vulnerabilities in Go dependencies
- Trivy: Comprehensive dependency and container scanning
- SBOM Generation: Software Bill of Materials for tracking
To report security vulnerabilities, see SECURITY.md.
All dependencies are vetted for license compatibility:
- Primary dependencies use permissive licenses (MIT, Apache 2.0, BSD)
- Full license information available in
go.modand vendored dependencies
Run go-licenses csv . to generate a complete license report.
- Upgrade Template - Template for documenting dependency upgrades
- v0.1.14 Upgrade Report - Recent langchaingo upgrade
- Implementation Notes - Technical architecture details
- Configuration Guide - Dependency configuration