chore(deps)(deps): bump the production-dependencies group across 1 directory with 56 updates by dependabot[bot] · Pull Request #66 · LLM-Dev-Ops/forge

dependabot · 2026-05-04T10:46:16Z

Bumps the production-dependencies group with 47 updates in the / directory:

Package	From	To
ajv	`8.18.0`	`8.20.0`
cosmiconfig	`9.0.0`	`9.0.1`
handlebars	`4.7.8`	`4.7.9`
@anthropic-ai/claude-code	`2.1.50`	`2.1.126`
@babel/runtime	`7.28.6`	`7.29.2`
@borewit/text-codec	`0.2.1`	`0.2.2`
@google/genai	`1.42.0`	`1.51.0`
@hono/node-server	`1.19.9`	`1.19.14`
@modelcontextprotocol/sdk	`1.26.0`	`1.29.0`
@protobufjs/codegen	`2.0.4`	`2.0.5`
@protobufjs/inquire	`1.1.0`	`1.1.1`
@protobufjs/utf8	`1.1.0`	`1.1.1`
@supabase/supabase-js	`2.97.0`	`2.105.1`
fastmcp	`3.33.0`	`3.35.0`
axios	`1.13.5`	`1.16.0`
b4a	`1.8.0`	`1.8.1`
bare-fs	`4.5.4`	`4.7.1`
bare-os	`3.6.2`	`3.9.1`
bare-stream	`2.8.0`	`2.13.1`
bare-url	`2.3.2`	`2.4.2`
eventsource-parser	`3.0.6`	`3.0.8`
express-rate-limit	`8.2.1`	`8.4.1`
figlet	`1.10.0`	`1.11.0`
file-type	`21.3.0`	`21.3.4`
fs-extra	`11.3.3`	`11.3.4`
fuse.js	`7.1.0`	`7.3.0`
gaxios	`7.1.3`	`7.1.4`
google-auth-library	`10.5.0`	`10.6.2`
hasown	`2.0.2`	`2.0.3`
hono	`4.12.1`	`4.12.16`
jsonfile	`6.2.0`	`6.2.1`
koa	`3.1.1`	`3.2.0`
mcp-proxy	`6.4.0`	`6.4.6`
nan	`2.25.0`	`2.26.2`
node-abi	`3.87.0`	`3.90.0`
protobufjs	`6.11.4`	`6.11.6`
path-to-regexp	`8.3.0`	`8.4.2`
pump	`3.0.3`	`3.0.4`
qs	`6.15.0`	`6.15.1`
side-channel-list	`1.0.0`	`1.0.1`
sql.js	`1.14.0`	`1.14.1`
strtok3	`10.3.4`	`10.3.5`
undici	`7.22.0`	`7.25.0`
validator	`13.15.26`	`13.15.35`
ws	`8.19.0`	`8.20.0`
yaml	`2.8.2`	`2.8.4`
zod-to-json-schema	`3.25.1`	`3.25.2`

Updates ajv from 8.18.0 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

fix: add support for node 22/24, drop node 16/21 by @jasoniangreen in ajv-validator/ajv#2580

fix: add ES2022.RegExp for RegExpIndicesArray by @SignpostMarv in ajv-validator/ajv#2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

fix prototype pollution via format keyword using $data ref by @epoberezkin in ajv-validator/ajv#2607

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

0fba0b8 8.20.0
9caf8d6 fix: add ES2022.RegExp for RegExpIndicesArray; fixes ajv-validator/ajv#2603 (...
2065350 fix: add support for node 22/24, drop node 16/21 (#2580)
154b58d 8.19.0
e8d2bdc test/fix prototype pollution via $data ref with format keyword (#2607)
See full diff in compare view

Updates cosmiconfig from 9.0.0 to 9.0.1

Changelog

Sourced from cosmiconfig's changelog.

9.0.1

Fixed a race condition where multiple instances existing simultaneously could cause cosmiconfig to fail to load TypeScript config files.

Fixed an issue on Windows where CWD being a short path (e.g. C:\Users\USERNA~1) would cause cosmiconfig to fail to load ESM config files.

Commits

9a5cda3 9.0.1
2174017 update changelog
536d4a0 Prevent race conditions when running multiple instances of cosmiconfig and ...
4b48611 remove debug log
53d1745 remove more EOL node versions
7c1a1e3 replace resolve with realpath
fcc9084 add additional path.resolve for windows short paths
7e995c8 debug
52b6b1c drop node 14 build as it seems to fail for unreachable reasons
db45e38 fix tests on windows (3)
Additional commits viewable in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2

fix type "RuntimeOptions" also accepting string partials - eab1d14

feat(types): set hash to be a Record<string, any> - de4414d

fix non-contiguous program indices - 4512766

refactor: rename i to startPartIndex - e497a35

security: fix security issues - 68d8df5

GHSA-2w6w-674q-4c4q

GHSA-3mfm-83xf-c92r

GHSA-xhpv-hc6g-r9c6

GHSA-xjpj-3mr7-gcpf

GHSA-9cx6-37pm-9jff

GHSA-2qvq-rjwj-gvw9

GHSA-7rx3-28cr-v5wh

GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2

fix type "RuntimeOptions" also accepting string partials - eab1d14

feat(types): set hash to be a Record<string, any> - de4414d

fix non-contiguous program indices - 4512766

refactor: rename i to startPartIndex - e497a35

security: fix security issues - 68d8df5

Commits

Commits

dce542c v4.7.9
8a41389 Update release notes
68d8df5 Fix security issues
b2a0831 Fix browser tests
9f98c16 Fix release script
45443b4 Revert "Improve partial indenting performance"
8841a5f Fix CI errors with linting
e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
e914d60 Improve rendering performance
7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
Additional commits viewable in compare view

Updates @anthropic-ai/claude-code from 2.1.50 to 2.1.126

Release notes

Sourced from @anthropic-ai/claude-code's releases.

v2.1.126

What's changed

The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway

Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports --dry-run, -y/--yes, -i/--interactive, and --all

--dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)

claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)

claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")

Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running

Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry

Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected

Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash

Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models

Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block

Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried

Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin

Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost

Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token

Fixed API retry countdown sticking at "0s" instead of counting down between attempts

Fixed "Stream idle timeout" error after waking Mac from sleep mid-request

Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses

Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns

Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals

Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state

Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode

Fixed Ctrl+L clearing the prompt input — it now only forces a screen redraw, matching readline behavior

Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn

Fixed plan-mode tools being unavailable in interactive sessions launched with --channels

Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"

Bounded total size of file-modified reminders when a linter touches many files at once

Fixed /remote-control retries appearing stuck on "connecting…" — each retry now shows its result

Fixed Remote Control failure notification not showing the error reason for initial connection failures

Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard

PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token

Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch

v2.1.123

What's changed

Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set

v2.1.122

What's changed

Added ANTHROPIC_BEDROCK_SERVICE_TIER environment variable to select a Bedrock service tier (default, flex, or priority), sent as the X-Amzn-Bedrock-Service-Tier header

Pasting a PR URL into the /resume search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)

/mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate

Clarified the /mcp message shown when an MCP server is still unauthorized after the browser sign-in flow

OpenTelemetry: numeric attributes on api_request/api_error log events are now emitted as numbers, not strings

OpenTelemetry: added claude_code.at_mention log event for @-mention resolution

... (truncated)

Changelog

Sourced from @anthropic-ai/claude-code's changelog.

2.1.126

The /model picker now lists models from your gateway's /v1/models endpoint when ANTHROPIC_BASE_URL points at an Anthropic-compatible gateway

Added claude project purge [path] to delete all Claude Code state for a project (transcripts, tasks, file history, config entry) — supports --dry-run, -y/--yes, -i/--interactive, and --all

--dangerously-skip-permissions now bypasses prompts for writes to .claude/, .git/, .vscode/, shell config files, and other previously-protected paths (catastrophic removal commands still prompt as a safety net)

claude auth login now accepts the OAuth code pasted into the terminal when the browser callback can't reach localhost (WSL2, SSH, containers)

claude_code.skill_activated OpenTelemetry event now fires for user-typed slash commands and carries a new invocation_trigger attribute ("user-slash", "claude-proactive", or "nested-skill")

Auto mode: the spinner now turns red when a permission check stalls, instead of looking like the tool is running

Host-managed deployments (CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST) no longer auto-disable analytics on Bedrock/Vertex/Foundry

Windows: PowerShell 7 installed via the Microsoft Store, MSI without PATH, or .NET global tool is now detected

Windows: when the PowerShell tool is enabled, Claude now treats PowerShell as the primary shell instead of defaulting to Bash

Read tool: removed the per-file malware-assessment reminder that could cause spurious refusals and "this is not malware" commentary on legacy models

Security: Fixed allowManagedDomainsOnly / allowManagedReadPathsOnly being ignored when a higher-priority managed-settings source lacked a sandbox block

Fixed pasting an image larger than 2000px breaking the session — images are now downscaled on paste, and oversized images in history are automatically removed and the request retried

Fixed showing the login screen for "OAuth not allowed for organization" errors — now shows guidance to contact your admin

Fixed OAuth login failing with timeout on slow or proxied connections, in IPv6-only devcontainers, and when the browser callback can't reach localhost

Fixed a rare race where a concurrent credential write could clear a valid OAuth refresh token

Fixed API retry countdown sticking at "0s" instead of counting down between attempts

Fixed "Stream idle timeout" error after waking Mac from sleep mid-request

Fixed background and remote sessions falsely aborting with "Stream idle timeout" during long model thinking pauses

Fixed a hang where the assistant could finish thinking but show no output after a run of empty turns

Fixed overly fast trackpad scrolling in Cursor and VS Code 1.92–1.104 integrated terminals

Fixed claude.ai MCP connectors being suppressed by manual servers stuck in needs-auth state

Fixed Japanese/Korean/Chinese text rendering as garbled characters on Windows in no-flicker mode

Fixed Ctrl+L clearing the prompt input — it now only forces a screen redraw, matching readline behavior

Fixed deferred tools (WebSearch, WebFetch, etc.) not being available to skills with context: fork and other subagents on their first turn

Fixed plan-mode tools being unavailable in interactive sessions launched with --channels

Fixed /plugin Uninstall reporting "Enabled" instead of "Uninstalled"

Bounded total size of file-modified reminders when a linter touches many files at once

Fixed /remote-control retries appearing stuck on "connecting…" — each retry now shows its result

Fixed Remote Control failure notification not showing the error reason for initial connection failures

Windows: clipboard writes no longer expose copied content in process command-line arguments visible to EDR/SIEM telemetry; also fixes >22KB selections not reaching the clipboard

PowerShell tool: bare -- (e.g. git diff -- file) is no longer mis-flagged as the --% stop-parsing token

Fixed Agent SDK hang when the model emits a malformed tool name in a parallel tool call batch

2.1.123

Fixed OAuth authentication failing with a 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set

2.1.122

Added ANTHROPIC_BEDROCK_SERVICE_TIER environment variable to select a Bedrock service tier (default, flex, or priority), sent as the X-Amzn-Bedrock-Service-Tier header

Pasting a PR URL into the /resume search box now finds the session that created that PR (GitHub, GitHub Enterprise, GitLab, and Bitbucket)

/mcp now shows claude.ai connectors hidden by a manually-added server with the same URL, with a hint to remove the duplicate

Clarified the /mcp message shown when an MCP server is still unauthorized after the browser sign-in flow

OpenTelemetry: numeric attributes on api_request/api_error log events are now emitted as numbers, not strings

OpenTelemetry: added claude_code.at_mention log event for @-mention resolution

Fixed /branch producing forks that fail with "tool_use ids were found without tool_result blocks" when the source session contained entries from rewound timelines

Fixed /model not showing the Effort option for Bedrock application inference profile ARNs, and those ARNs not receiving output_config.effort

Fixed Vertex AI / Bedrock returning invalid_request_error: output_config: Extra inputs are not permitted on session-title generation and other structured-output queries

... (truncated)

Commits

a243cad chore: Update CHANGELOG.md
e512ec9 chore: Update CHANGELOG.md
a609cfb chore: Update CHANGELOG.md
1586204 chore: Update CHANGELOG.md
c128568 fix: yaml.github-actions.security.run-shell-injection.run-shell-injection sec...
7e93645 chore: Update CHANGELOG.md
c393344 chore: Update CHANGELOG.md
ab3ce06 chore: Update CHANGELOG.md
a5fa36c fix: point $schema at schemastore.org (URL was 404) (#52239)
925200d chore: Update CHANGELOG.md
Additional commits viewable in compare view

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Updates @babel/runtime from 7.28.6 to 7.29.2

Release notes

Sourced from @babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

babel-standalone

#17771 [7.x backport] fix: ensure targets.esmodules is validated (@JLHwung)

babel-generator

#17776 [7.x backport] Fix undefined when 64 indents (@liuxingbaoyu)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

... (truncated)

Commits

37d5595 v7.29.2
See full diff in compare view

Updates @borewit/text-codec from 0.2.1 to 0.2.2

Release notes

Sourced from @borewit/text-codec's releases.

v0.2.2

Changes

🐛 Bug Fixes

fix: improve encoding correctness and update README @Borewit (#36)

NPM release

NPM release: @borewit/text-codec@0.2.2

Commits

c2ce9c5 0.2.2
e2f0705 Merge pull request #23 from Borewit/dependabot/npm_and_yarn/master/chai-6.2.2
5e58cb8 Bump chai from 5.2.1 to 6.2.2
bc315b8 Merge pull request #37 from Borewit/update-biome
f32adfc Update biome to 2.4.6
7776373 Merge pull request #36 from Borewit/fix-most-issue-exodus
068d7d4 fix: improve encoding correctness and update README
See full diff in compare view

Updates @google/genai from 1.42.0 to 1.51.0

Release notes

Sourced from @google/genai's releases.

v1.51.0

1.51.0 (2026-04-29)

Features

[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (9e08ba9)

Add output_info to BatchJob (5327c60)

Add gemini-3.1-flash-tts-preview model to options (35c941b)

Add ImageResizeMode for GenerateVideos (faa1088)

Add new Gemini Deep Research agent models (6f83a05)

Add Vertex Dataset input and output options for batch jobs (6aa848e)

interaction-api: Add grounding tool usage breakdown to Interaction Usage. (e1c31ad)

introduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (cf7ad52)

Replace the more ambiguous rate field with sample_rate. (6c80464)

v1.50.1

1.50.1 (2026-04-14)

Bug Fixes

Refactor Webhook types in GenAI SDKs for easier useage (5100abc)

Rename webhooks.retrieve to webhooks.get. (db6e771)

v1.50.0

1.50.0 (2026-04-13)

[!CAUTION] CRITICAL WARNING: Do not use this version if you are implementing or relying on webhooks. This release contains known issues regarding webhook sdk. Please use v1.50.1 or later.

Features

Add "eu" as a supported service location for Vertex AI platform. (2493f9c)

Add DeepResearchAgentConfig fields (3615ca2)

Add Live Avatar new fields (6a0ff96)

Add support for new audio MIME types: opus, alaw, and mulaw (7137f13)

add webhook and webhookConfig for js and python sdk (0f89605)

Add webhook_config to batches.create() and models.generate_videos() (894bc93)

Wire the webhook into python and js client. (b6c5d18)

v1.49.0

1.49.0 (2026-04-08)

Features

Introduce TYPE_L16 audio content and optional fields. (c62cb9a)

v1.48.0

... (truncated)

Changelog

Sourced from @google/genai's changelog.

1.51.0 (2026-04-29)

Features

[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (9e08ba9)

Add output_info to BatchJob (5327c60)

Add gemini-3.1-flash-tts-preview model to options (35c941b)

Add ImageResizeMode for GenerateVideos (faa1088)

Add new Gemini Deep Research agent models (6f83a05)

Add Vertex Dataset input and output options for batch jobs (6aa848e)

interaction-api: Add grounding tool usage breakdown to Interaction Usage. (e1c31ad)

introduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (cf7ad52)

Replace the more ambiguous rate field with sample_rate. (6c80464)

1.50.1 (2026-04-14)

Bug Fixes

Refactor Webhook types in GenAI SDKs for easier useage (5100abc)

Rename webhooks.retrieve to webhooks.get. (db6e771)

1.50.0 (2026-04-13)

Features

Add "eu" as a supported service location for Vertex AI platform. (2493f9c)

Add DeepResearchAgentConfig fields (3615ca2)

Add Live Avatar new fields (6a0ff96)

Add support for new audio MIME types: opus, alaw, and mulaw (7137f13)

add webhook and webhookConfig for js and python sdk (0f89605)

Add webhook_config to batches.create() and models.generate_videos() (894bc93)

Wire the webhook into python and js client. (b6c5d18)

1.49.0 (2026-04-08)

Features

Introduce TYPE_L16 audio content and optional fields. (c62cb9a)

1.48.0 (2026-03-31)

Features

Support dedicated TextAnnotationDelta for streaming tool responses (89552ba)

... (truncated)

Commits

61013d6 chore(main): release 1.51.0 (#1503)
8137d23 chore: add the deprecation marker back
734dab0 chore: no-op
006286b chore: Add page number
986bbed chore: Adjust Webhook update to better reflect modifiable fields
e1c31ad feat(interaction-api): Add grounding tool usage breakdown to Interaction Usage.
26975d0 No public description
faa1088 feat: Add ImageResizeMode for GenerateVideos
6c80464 feat: Replace the more ambiguous rate field with sample_rate.
5327c60 feat: Add output_info to BatchJob
Additional commits viewable in compare view

Install script changes

This version adds preinstall script that runs during installation. Review the package contents before updating.

Updates @hono/node-server from 1.19.9 to 1.19.14

Release notes

Sourced from @hono/node-server's releases.

v1.19.14

What's Changed

fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

chore: ignore claude setting by @yusukebe in honojs/node-server#314

fix: request draining for early 413 responses by @usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

b5e63a3 1.19.14
c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
fd64e65 1.19.13
025c30f Merge commit from fork
6cdb5a7 1.19.12
70250f7 fix: request draining for early 413 responses (#329)
cfc08b3 chore: ignore claude setting (#314)
ecd4d6b 1.19.11
c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
2f8ca36 1.19.10
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.29.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @felixweinberger in modelcontextprotocol/typescript-sdk#1749

[v1.x] fix: disallow null (infinite) requested TTL by @LucaButBoring in modelcontextprotocol/typescript-sdk#1339

[v1.x] fix: add missing size field to ResourceSchema by @olaservo in modelcontextprotocol/typescript-sdk#1575

Add typings exports by @tdraier in modelcontextprotocol/typescript-sdk#1623

v1.x npm audit fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1780

v1.x #1623 follow up -add missing types to package.json by @KKonstantinov in modelcontextprotocol/typescript-sdk#1773

[v1.x backport] Allow servers / clients to advertise extensions in the capability object by @localden in modelcontextprotocol/typescript-sdk#1811

fix(stdio): always set windowsHide on Windows, not just in Electron by @jnMetaCode in modelcontextprotocol/typescript-sdk#1640

chore: bump version to 1.29.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

@tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623

@jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

feat: use scopes_supported from resource metadata by default (fixes #580) by @antogyn in modelcontextprotocol/typescript-sdk#757

[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @pcarleton in modelcontextprotocol/typescript-sdk#1611

fix: reject plain JSON Schema objects passed as inputSchema by @tiluckdave in modelcontextprotocol/typescript-sdk#1596

fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @pcarleton in modelcontextprotocol/typescript-sdk#1462

fix(server/auth): RFC 8252 loopback port relaxation by @poteat in modelcontextprotocol/typescript-sdk#1738

chore: bump version to 1.28.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

@antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757

@tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596

@poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

v1.27.1

What's Changed

feat: implement auth/pre-registration conformance scenario by @felixweinberger in modelcontextprotocol/typescript-sdk#1545

docs: add governance documentation for SEP-1730 by @felixweinberger in modelcontextprotocol/typescript-sdk#1547

docs: comprehensive feature documentation for SEP-1730 Tier 1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1548

fix: prevent command injection in example URL opening (v1.x backport) by @maxisbey in modelcontextprotocol/typescript-sdk#1579

fix: call onerror for silently swallowed transport errors by @qing-ant in modelcontextprotocol/typescript-sdk#1580

chore: bump version to 1.27.1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

@qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

... (truncated)

Commits

e12cbd7 chore: bump version to 1.29.0 (#1820)
3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
364f38c v1.x npm audit fix (#1780)
c95cc09 Add typings exports (#1623)
ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
a056569 chore: bump version to 1.28.0 (#1746)
Additional commits viewable in compare view

Updates @protobufjs/codegen from 2.0.4 to 2.0.5

Commits

See full diff in compare view

Updates @protobufjs/inquire from 1.1.0 to 1.1.1

Release notes

Sourced from @protobufjs/inquire's releases.

protobufjs-cli: v1.1.1

1.1.1 (2023-02-02)

Bug Fixes

cli: fix relative path to Google pb files (#1859) (e42eea4)

Commits

…rectory with 56 updates Bumps the production-dependencies group with 47 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.18.0` | `8.20.0` | | [cosmiconfig](https://github.com/cosmiconfig/cosmiconfig) | `9.0.0` | `9.0.1` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` | | [@anthropic-ai/claude-code](https://github.com/anthropics/claude-code) | `2.1.50` | `2.1.126` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.28.6` | `7.29.2` | | [@borewit/text-codec](https://github.com/Borewit/text-codec) | `0.2.1` | `0.2.2` | | [@google/genai](https://github.com/googleapis/js-genai) | `1.42.0` | `1.51.0` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.26.0` | `1.29.0` | | [@protobufjs/codegen](https://github.com/dcodeIO/protobuf.js) | `2.0.4` | `2.0.5` | | [@protobufjs/inquire](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` | | [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.97.0` | `2.105.1` | | [fastmcp](https://github.com/punkpeye/fastmcp) | `3.33.0` | `3.35.0` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.0` | | [b4a](https://github.com/holepunchto/b4a) | `1.8.0` | `1.8.1` | | [bare-fs](https://github.com/holepunchto/bare-fs) | `4.5.4` | `4.7.1` | | [bare-os](https://github.com/holepunchto/bare-os) | `3.6.2` | `3.9.1` | | [bare-stream](https://github.com/holepunchto/bare-stream) | `2.8.0` | `2.13.1` | | [bare-url](https://github.com/holepunchto/bare-url) | `2.3.2` | `2.4.2` | | [eventsource-parser](https://github.com/rexxars/eventsource-parser) | `3.0.6` | `3.0.8` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.4.1` | | [figlet](https://github.com/patorjk/figlet.js) | `1.10.0` | `1.11.0` | | [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.4` | | [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.4` | | [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.3.0` | | [gaxios](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/gaxios) | `7.1.3` | `7.1.4` | | [google-auth-library](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/google-auth-library-nodejs) | `10.5.0` | `10.6.2` | | [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.3` | | [hono](https://github.com/honojs/hono) | `4.12.1` | `4.12.16` | | [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` | | [koa](https://github.com/koajs/koa) | `3.1.1` | `3.2.0` | | [mcp-proxy](https://github.com/punkpeye/mcp-proxy) | `6.4.0` | `6.4.6` | | [nan](https://github.com/nodejs/nan) | `2.25.0` | `2.26.2` | | [node-abi](https://github.com/electron/node-abi) | `3.87.0` | `3.90.0` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.11.4` | `6.11.6` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` | | [pump](https://github.com/mafintosh/pump) | `3.0.3` | `3.0.4` | | [qs](https://github.com/ljharb/qs) | `6.15.0` | `6.15.1` | | [side-channel-list](https://github.com/ljharb/side-channel-list) | `1.0.0` | `1.0.1` | | [sql.js](https://github.com/sql-js/sql.js) | `1.14.0` | `1.14.1` | | [strtok3](https://github.com/Borewit/strtok3) | `10.3.4` | `10.3.5` | | [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.25.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` | | [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.0` | | [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.4` | | [zod-to-json-schema](https://github.com/StefanTerdell/zod-to-json-schema) | `3.25.1` | `3.25.2` | Updates `ajv` from 8.18.0 to 8.20.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.18.0...v8.20.0) Updates `cosmiconfig` from 9.0.0 to 9.0.1 - [Release notes](https://github.com/cosmiconfig/cosmiconfig/releases) - [Changelog](https://github.com/cosmiconfig/cosmiconfig/blob/main/CHANGELOG.md) - [Commits](cosmiconfig/cosmiconfig@v9.0.0...v9.0.1) Updates `handlebars` from 4.7.8 to 4.7.9 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9) Updates `@anthropic-ai/claude-code` from 2.1.50 to 2.1.126 - [Release notes](https://github.com/anthropics/claude-code/releases) - [Changelog](https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md) - [Commits](anthropics/claude-code@v2.1.50...v2.1.126) Updates `@babel/runtime` from 7.28.6 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime) Updates `@borewit/text-codec` from 0.2.1 to 0.2.2 - [Release notes](https://github.com/Borewit/text-codec/releases) - [Commits](Borewit/text-codec@v0.2.1...v0.2.2) Updates `@google/genai` from 1.42.0 to 1.51.0 - [Release notes](https://github.com/googleapis/js-genai/releases) - [Changelog](https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md) - [Commits](googleapis/js-genai@v1.42.0...v1.51.0) Updates `@hono/node-server` from 1.19.9 to 1.19.14 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.14) Updates `@modelcontextprotocol/sdk` from 1.26.0 to 1.29.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.26.0...v1.29.0) Updates `@protobufjs/codegen` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/dcodeIO/protobuf.js/commits/2.0.5) Updates `@protobufjs/inquire` from 1.1.0 to 1.1.1 - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1) Updates `@protobufjs/utf8` from 1.1.0 to 1.1.1 - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1) Updates `@supabase/supabase-js` from 2.97.0 to 2.105.1 - [Release notes](https://github.com/supabase/supabase-js/releases) - [Changelog](https://github.com/supabase/supabase-js/blob/develop/packages/core/supabase-js/CHANGELOG.md) - [Commits](https://github.com/supabase/supabase-js/commits/v2.105.1/packages/core/supabase-js) Updates `fastmcp` from 3.33.0 to 3.35.0 - [Release notes](https://github.com/punkpeye/fastmcp/releases) - [Commits](punkpeye/fastmcp@v3.33.0...v3.35.0) Updates `xsschema` from 0.4.0-beta.5 to 0.4.4 - [Release notes](https://github.com/moeru-ai/xsai/releases) - [Commits](https://github.com/moeru-ai/xsai/commits/v0.4.4/packages-top/xsschema) Updates `jose` from 5.10.0 to 6.1.3 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](panva/jose@v5.10.0...v6.1.3) Updates `axios` from 1.13.5 to 1.16.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.16.0) Updates `b4a` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/holepunchto/b4a/releases) - [Commits](holepunchto/b4a@v1.8.0...v1.8.1) Updates `bare-fs` from 4.5.4 to 4.7.1 - [Release notes](https://github.com/holepunchto/bare-fs/releases) - [Commits](holepunchto/bare-fs@v4.5.4...v4.7.1) Updates `bare-os` from 3.6.2 to 3.9.1 - [Release notes](https://github.com/holepunchto/bare-os/releases) - [Commits](holepunchto/bare-os@v3.6.2...v3.9.1) Updates `bare-stream` from 2.8.0 to 2.13.1 - [Release notes](https://github.com/holepunchto/bare-stream/releases) - [Commits](holepunchto/bare-stream@v2.8.0...v2.13.1) Updates `bare-url` from 2.3.2 to 2.4.2 - [Release notes](https://github.com/holepunchto/bare-url/releases) - [Commits](holepunchto/bare-url@v2.3.2...v2.4.2) Updates `eventsource-parser` from 3.0.6 to 3.0.8 - [Release notes](https://github.com/rexxars/eventsource-parser/releases) - [Changelog](https://github.com/rexxars/eventsource-parser/blob/main/CHANGELOG.md) - [Commits](rexxars/eventsource-parser@v3.0.6...v3.0.8) Updates `express-rate-limit` from 8.2.1 to 8.4.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.4.1) Updates `figlet` from 1.10.0 to 1.11.0 - [Release notes](https://github.com/patorjk/figlet.js/releases) - [Commits](patorjk/figlet.js@v1.10.0...v1.11.0) Updates `file-type` from 21.3.0 to 21.3.4 - [Release notes](https://github.com/sindresorhus/file-type/releases) - [Commits](sindresorhus/file-type@v21.3.0...v21.3.4) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `fs-extra` from 11.3.3 to 11.3.4 - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-fs-extra@11.3.3...11.3.4) Updates `fuse.js` from 7.1.0 to 7.3.0 - [Release notes](https://github.com/krisk/Fuse/releases) - [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md) - [Commits](krisk/Fuse@v7.1.0...v7.3.0) Updates `gaxios` from 7.1.3 to 7.1.4 - [Release notes](https://github.com/googleapis/google-cloud-node-core/releases) - [Changelog](https://github.com/googleapis/google-cloud-node-core/blob/main/packages/gaxios/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node-core/commits/gaxios-v7.1.4/packages/gaxios) Updates `jackspeak` from 3.4.3 to 4.2.3 - [Changelog](https://github.com/isaacs/jackspeak/blob/main/changelog.md) - [Commits](isaacs/jackspeak@v3.4.3...v4.2.3) Updates `lru-cache` from 10.4.3 to 11.2.6 - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v10.4.3...v11.2.6) Updates `path-scurry` from 1.11.1 to 2.0.2 - [Changelog](https://github.com/isaacs/path-scurry/blob/main/CHANGELOG.md) - [Commits](isaacs/path-scurry@v1.11.1...v2.0.2) Updates `google-auth-library` from 10.5.0 to 10.6.2 - [Release notes](https://github.com/googleapis/google-cloud-node-core/releases) - [Changelog](https://github.com/googleapis/google-cloud-node-core/blob/main/packages/google-auth-library-nodejs/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node-core/commits/google-auth-library-v10.6.2/packages/google-auth-library-nodejs) Updates `hasown` from 2.0.2 to 2.0.3 - [Changelog](https://github.com/inspect-js/hasOwn/blob/main/CHANGELOG.md) - [Commits](inspect-js/hasOwn@v2.0.2...v2.0.3) Updates `hono` from 4.12.1 to 4.12.16 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.1...v4.12.16) Updates `ip-address` from 10.0.1 to 10.1.0 - [Commits](https://github.com/beaugunderson/ip-address/commits) Updates `jsonfile` from 6.2.0 to 6.2.1 - [Changelog](https://github.com/jprichardson/node-jsonfile/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-jsonfile@6.2.0...6.2.1) Updates `koa` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@v3.1.1...v3.2.0) Updates `mcp-proxy` from 6.4.0 to 6.4.6 - [Release notes](https://github.com/punkpeye/mcp-proxy/releases) - [Commits](punkpeye/mcp-proxy@v6.4.0...v6.4.6) Updates `nan` from 2.25.0 to 2.26.2 - [Changelog](https://github.com/nodejs/nan/blob/main/CHANGELOG.md) - [Commits](nodejs/nan@v2.25.0...v2.26.2) Updates `node-abi` from 3.87.0 to 3.90.0 - [Release notes](https://github.com/electron/node-abi/releases) - [Commits](electron/node-abi@v3.87.0...v3.90.0) Updates `protobufjs` from 6.11.4 to 6.11.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@v6.11.4...v6.11.6) Updates `path-to-regexp` from 8.3.0 to 8.4.2 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.2) Updates `proxy-from-env` from 1.1.0 to 2.1.0 - [Release notes](https://github.com/Rob--W/proxy-from-env/releases) - [Commits](Rob--W/proxy-from-env@v1.1.0...v2.1.0) Updates `pump` from 3.0.3 to 3.0.4 - [Commits](mafintosh/pump@v3.0.3...v3.0.4) Updates `qs` from 6.15.0 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.15.0...v6.15.1) Updates `side-channel-list` from 1.0.0 to 1.0.1 - [Changelog](https://github.com/ljharb/side-channel-list/blob/main/CHANGELOG.md) - [Commits](ljharb/side-channel-list@v1.0.0...v1.0.1) Updates `sql.js` from 1.14.0 to 1.14.1 - [Release notes](https://github.com/sql-js/sql.js/releases) - [Commits](sql-js/sql.js@v1.14.0...v1.14.1) Updates `streamx` from 2.23.0 to 2.25.0 - [Commits](mafintosh/streamx@v2.23.0...v2.25.0) Updates `strtok3` from 10.3.4 to 10.3.5 - [Release notes](https://github.com/Borewit/strtok3/releases) - [Commits](Borewit/strtok3@v10.3.4...v10.3.5) Updates `undici` from 7.22.0 to 7.25.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.25.0) Updates `validator` from 13.15.26 to 13.15.35 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.26...13.15.35) Updates `ws` from 8.19.0 to 8.20.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.20.0) Updates `yaml` from 2.8.2 to 2.8.4 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.8.4) Updates `zod-to-json-schema` from 3.25.1 to 3.25.2 - [Release notes](https://github.com/StefanTerdell/zod-to-json-schema/releases) - [Changelog](https://github.com/StefanTerdell/zod-to-json-schema/blob/master/changelog.md) - [Commits](https://github.com/StefanTerdell/zod-to-json-schema/commits) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cosmiconfig dependency-version: 9.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@anthropic-ai/claude-code" dependency-version: 2.1.126 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@babel/runtime" dependency-version: 7.29.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@borewit/text-codec" dependency-version: 0.2.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@google/genai" dependency-version: 1.51.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@hono/node-server" dependency-version: 1.19.14 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.29.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@protobufjs/codegen" dependency-version: 2.0.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@protobufjs/inquire" dependency-version: 1.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@protobufjs/utf8" dependency-version: 1.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@supabase/supabase-js" dependency-version: 2.105.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fastmcp dependency-version: 3.35.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: xsschema dependency-version: 0.4.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: jose dependency-version: 6.1.3 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: axios dependency-version: 1.16.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: b4a dependency-version: 1.8.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: bare-fs dependency-version: 4.7.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bare-os dependency-version: 3.9.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bare-stream dependency-version: 2.13.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bare-url dependency-version: 2.4.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: eventsource-parser dependency-version: 3.0.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: express-rate-limit dependency-version: 8.4.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: figlet dependency-version: 1.11.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: file-type dependency-version: 21.3.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fs-extra dependency-version: 11.3.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: fuse.js dependency-version: 7.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: gaxios dependency-version: 7.1.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: jackspeak dependency-version: 4.2.3 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: lru-cache dependency-version: 11.2.6 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: path-scurry dependency-version: 2.0.2 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: google-auth-library dependency-version: 10.6.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: hasown dependency-version: 2.0.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: hono dependency-version: 4.12.16 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: ip-address dependency-version: 10.1.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: jsonfile dependency-version: 6.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: koa dependency-version: 3.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: mcp-proxy dependency-version: 6.4.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: nan dependency-version: 2.26.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: node-abi dependency-version: 3.90.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: protobufjs dependency-version: 6.11.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: path-to-regexp dependency-version: 8.4.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: proxy-from-env dependency-version: 2.1.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: pump dependency-version: 3.0.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: side-channel-list dependency-version: 1.0.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: sql.js dependency-version: 1.14.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: streamx dependency-version: 2.25.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: strtok3 dependency-version: 10.3.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: undici dependency-version: 7.25.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: validator dependency-version: 13.15.35 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: ws dependency-version: 8.20.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: yaml dependency-version: 2.8.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: zod-to-json-schema dependency-version: 3.25.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-04T10:46:17Z

Assignees

The following users could not be added as assignees: llm-dev-ops/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-05-04T10:48:04Z

🔒 Security Scan Results

Scan Type	Status
Dependency Scan	⚠️ failure
CodeQL Analysis	✅ success
Secret Scan	✅ success
License Check	⚠️ failure
SAST	⚠️ failure

⚠️ Some security scans have warnings or failed. Please review the details.

Automated security scanning by GitHub Actions

dependabot · 2026-05-11T12:38:35Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot closed this May 11, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/production-dependencies-48e5c83236 branch May 11, 2026 12:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps): bump the production-dependencies group across 1 directory with 56 updates#66

chore(deps)(deps): bump the production-dependencies group across 1 directory with 56 updates#66
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-48e5c83236

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

github-actions Bot commented May 4, 2026

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.20.0

What's Changed

v8.19.0

What's Changed

9.0.1

v4.7.9

v4.7.9 - March 26th, 2026

v2.1.126

What's changed

v2.1.123

What's changed

v2.1.122

What's changed

2.1.126

2.1.123

2.1.122

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

v0.2.2

Changes

🐛 Bug Fixes

NPM release

v1.51.0

1.51.0 (2026-04-29)

Features

v1.50.1

1.50.1 (2026-04-14)

Bug Fixes

v1.50.0

1.50.0 (2026-04-13)

Features

v1.49.0

1.49.0 (2026-04-08)

Features

v1.48.0

1.51.0 (2026-04-29)

Features

1.50.1 (2026-04-14)

Bug Fixes

1.50.0 (2026-04-13)

Features

1.49.0 (2026-04-08)

Features

1.48.0 (2026-03-31)

Features

v1.19.14

What's Changed

v1.19.13

Security Fix

v1.19.12

What's Changed

v1.19.11

What's Changed

v1.19.10

Security Fix

v1.29.0

What's Changed

New Contributors

v1.28.0

What's Changed

New Contributors

v1.27.1

What's Changed

New Contributors

v1.27.0

What's Changed

protobufjs-cli: v1.1.1

1.1.1 (2023-02-02)

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading