chore(deps)(deps): bump the production-dependencies group across 1 directory with 58 updates by dependabot[bot] · Pull Request #68 · LLM-Dev-Ops/forge

dependabot · 2026-05-11T12:41:12Z

Bumps the production-dependencies group with 49 updates in the / directory:

Package	From	To
ajv	`8.18.0`	`8.20.0`
cosmiconfig	`9.0.0`	`9.0.1`
handlebars	`4.7.8`	`4.7.9`
@anthropic-ai/claude-code	`2.1.50`	`2.1.138`
@babel/runtime	`7.28.6`	`7.29.2`
@borewit/text-codec	`0.2.1`	`0.2.2`
@google/genai	`1.42.0`	`1.52.0`
@hono/node-server	`1.19.9`	`1.19.14`
@modelcontextprotocol/sdk	`1.26.0`	`1.29.0`
@protobufjs/codegen	`2.0.4`	`2.0.5`
@protobufjs/inquire	`1.1.0`	`1.1.1`
@protobufjs/utf8	`1.1.0`	`1.1.1`
@supabase/supabase-js	`2.97.0`	`2.105.4`
fastmcp	`3.33.0`	`3.35.0`
axios	`1.13.5`	`1.16.0`
b4a	`1.8.0`	`1.8.1`
bare-fs	`4.5.4`	`4.7.1`
bare-os	`3.6.2`	`3.9.1`
bare-stream	`2.8.0`	`2.13.1`
bare-url	`2.3.2`	`2.4.3`
eventsource-parser	`3.0.6`	`3.0.8`
express-rate-limit	`8.2.1`	`8.5.1`
fast-uri	`3.1.0`	`3.1.2`
figlet	`1.10.0`	`1.11.0`
file-type	`21.3.0`	`21.3.4`
fs-extra	`11.3.3`	`11.3.5`
fuse.js	`7.1.0`	`7.3.0`
gaxios	`7.1.3`	`7.1.4`
get-east-asian-width	`1.5.0`	`1.6.0`
google-auth-library	`10.5.0`	`10.6.2`
hasown	`2.0.2`	`2.0.3`
hono	`4.12.1`	`4.12.18`
jsonfile	`6.2.0`	`6.2.1`
koa	`3.1.1`	`3.2.0`
mcp-proxy	`6.4.0`	`6.4.6`
nan	`2.25.0`	`2.26.2`
node-abi	`3.87.0`	`3.92.0`
protobufjs	`6.11.4`	`6.11.6`
path-to-regexp	`8.3.0`	`8.4.2`
pump	`3.0.3`	`3.0.4`
qs	`6.15.0`	`6.15.1`
side-channel-list	`1.0.0`	`1.0.1`
sql.js	`1.14.0`	`1.14.1`
strtok3	`10.3.4`	`10.3.5`
undici	`7.22.0`	`7.25.0`
validator	`13.15.26`	`13.15.35`
ws	`8.19.0`	`8.20.0`
yaml	`2.8.2`	`2.9.0`
zod-to-json-schema	`3.25.1`	`3.25.2`

Updates ajv from 8.18.0 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

fix: add support for node 22/24, drop node 16/21 by @jasoniangreen in ajv-validator/ajv#2580

fix: add ES2022.RegExp for RegExpIndicesArray by @SignpostMarv in ajv-validator/ajv#2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

fix prototype pollution via format keyword using $data ref by @epoberezkin in ajv-validator/ajv#2607

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

0fba0b8 8.20.0
9caf8d6 fix: add ES2022.RegExp for RegExpIndicesArray; fixes ajv-validator/ajv#2603 (...
2065350 fix: add support for node 22/24, drop node 16/21 (#2580)
154b58d 8.19.0
e8d2bdc test/fix prototype pollution via $data ref with format keyword (#2607)
See full diff in compare view

Updates cosmiconfig from 9.0.0 to 9.0.1

Changelog

Sourced from cosmiconfig's changelog.

9.0.1

Fixed a race condition where multiple instances existing simultaneously could cause cosmiconfig to fail to load TypeScript config files.

Fixed an issue on Windows where CWD being a short path (e.g. C:\Users\USERNA~1) would cause cosmiconfig to fail to load ESM config files.

Commits

9a5cda3 9.0.1
2174017 update changelog
536d4a0 Prevent race conditions when running multiple instances of cosmiconfig and ...
4b48611 remove debug log
53d1745 remove more EOL node versions
7c1a1e3 replace resolve with realpath
fcc9084 add additional path.resolve for windows short paths
7e995c8 debug
52b6b1c drop node 14 build as it seems to fail for unreachable reasons
db45e38 fix tests on windows (3)
Additional commits viewable in compare view

Updates handlebars from 4.7.8 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2

fix type "RuntimeOptions" also accepting string partials - eab1d14

feat(types): set hash to be a Record<string, any> - de4414d

fix non-contiguous program indices - 4512766

refactor: rename i to startPartIndex - e497a35

security: fix security issues - 68d8df5

GHSA-2w6w-674q-4c4q

GHSA-3mfm-83xf-c92r

GHSA-xhpv-hc6g-r9c6

GHSA-xjpj-3mr7-gcpf

GHSA-9cx6-37pm-9jff

GHSA-2qvq-rjwj-gvw9

GHSA-7rx3-28cr-v5wh

GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2

fix type "RuntimeOptions" also accepting string partials - eab1d14

feat(types): set hash to be a Record<string, any> - de4414d

fix non-contiguous program indices - 4512766

refactor: rename i to startPartIndex - e497a35

security: fix security issues - 68d8df5

Commits

Commits

dce542c v4.7.9
8a41389 Update release notes
68d8df5 Fix security issues
b2a0831 Fix browser tests
9f98c16 Fix release script
45443b4 Revert "Improve partial indenting performance"
8841a5f Fix CI errors with linting
e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
e914d60 Improve rendering performance
7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
Additional commits viewable in compare view

Updates @anthropic-ai/claude-code from 2.1.50 to 2.1.138

Release notes

Sourced from @anthropic-ai/claude-code's releases.

v2.1.138

What's changed

Internal fixes

v2.1.137

What's changed

[VSCode] Fixed extension failing to activate on Windows

v2.1.136

What's changed

Added CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL to re-enable the session quality survey for enterprises capturing responses through OpenTelemetry

Added settings.autoMode.hard_deny for auto mode classifier rules that block unconditionally regardless of user intent or allow exceptions

Fixed MCP servers configured in .mcp.json, plugins, and claude.ai connectors silently disappearing after /clear in the VS Code extension, JetBrains plugin, and Agent SDK

Fixed a rare login loop where a concurrent credential write could overwrite a freshly-rotated OAuth token and force re-login

Fixed MCP OAuth refresh tokens being lost when multiple servers refresh concurrently — users with several remote MCP servers should no longer need daily re-authentication

Fixed an API error (400) when extended thinking emitted a redacted thinking block after a tool call

Fixed --resume / --continue not finding sessions when the project path contains underscores

Fixed plan mode not blocking file writes when a matching Edit(...) allow rule exists

WSL2: image paste from Windows clipboard now works via a PowerShell fallback when xclip/wl-paste cannot read image data

Fixed plugin Stop/UserPromptSubmit hooks failing when cache cleanup deletes a version still in use by a running session

Improved visual consistency across slash command dialogs: standardized footer hints, dialog spacing, and arrow-key styling, and the dialog frame now appears immediately during loading instead of popping in after

Fixed colors appearing at wrong positions in bash command output and markdown code blocks

Fixed ReasonML diffs rendering corrupted "undefined" text artifacts at word-diff boundaries

Fixed worktree exit dialog warning about uncommitted files in the wrong directory after worktree removal

Fixed @ file picker not matching files created mid-session in small non-git directories

Fixed @-mention file picker not finding files in directories with more than 100 entries

Fixed failed tool calls not being click-to-expand in fullscreen mode when their output was truncated

Fixed Backspace and Ctrl+Backspace getting swapped after using Ctrl+G to open an external editor on terminals with persistent extended-key modes

Fixed /usage weekly reset showing time of day instead of the calendar date

Fixed welcome banner ellipsis causing column overflow on CJK terminals

Fixed /insights crash when session history contains tool calls with malformed input fields

Fixed a renderer crash when a tool's collapsibility classification changes mid-session

Fixed a skills entry in plugin.json hiding the plugin's default skills/ directory, and listing a file path now shows an error instead of failing silently

Fixed IDE shell-integration lock files not respecting CLAUDE_CONFIG_DIR

Fixed trailing whitespace in copied terminal output during streaming

Fixed plugin uninstall and enable/disable not matching slugs case-insensitively

Fixed tool error truncation marker showing a negative count for surrogate-pair strings

Fixed env vars from CLAUDE_ENV_FILE SessionStart hooks going stale after /resume or /clear

Fixed /branch saving a multi-line session title when given a pasted multi-line name

Fixed a stray leading space on the second line of wrapped text at the column boundary

Fixed Esc not dismissing dialogs in /install-github-app, /desktop, /resume, and /web-setup

Fixed /doctor MCP schema errors not naming the missing field or showing the source file path

Fixed Bash permission prompts showing an internal parser diagnostic instead of a user-readable explanation

Fixed plugin slash commands with spaces (e.g. /myplugin review) not resolving to their namespaced form

Fixed AskUserQuestion discarding multi-select answers when supplied as an array

Fixed /clear <name> not labeling the cleared session for /resume

Fixed CronList output missing qualifiers and the scheduled prompt

... (truncated)

Changelog

Sourced from @anthropic-ai/claude-code's changelog.

2.1.138

Internal fixes

2.1.137

[VSCode] Fixed extension failing to activate on Windows

2.1.136

Added CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL to re-enable the session quality survey for enterprises capturing responses through OpenTelemetry

Added settings.autoMode.hard_deny for auto mode classifier rules that block unconditionally regardless of user intent or allow exceptions

Fixed MCP servers configured in .mcp.json, plugins, and claude.ai connectors silently disappearing after /clear in the VS Code extension, JetBrains plugin, and Agent SDK

Fixed a rare login loop where a concurrent credential write could overwrite a freshly-rotated OAuth token and force re-login

Fixed MCP OAuth refresh tokens being lost when multiple servers refresh concurrently — users with several remote MCP servers should no longer need daily re-authentication

Fixed an API error (400) when extended thinking emitted a redacted thinking block after a tool call

Fixed --resume / --continue not finding sessions when the project path contains underscores

Fixed plan mode not blocking file writes when a matching Edit(...) allow rule exists

WSL2: image paste from Windows clipboard now works via a PowerShell fallback when xclip/wl-paste cannot read image data

Fixed plugin Stop/UserPromptSubmit hooks failing when cache cleanup deletes a version still in use by a running session

Improved visual consistency across slash command dialogs: standardized footer hints, dialog spacing, and arrow-key styling, and the dialog frame now appears immediately during loading instead of popping in after

Fixed colors appearing at wrong positions in bash command output and markdown code blocks

Fixed ReasonML diffs rendering corrupted "undefined" text artifacts at word-diff boundaries

Fixed worktree exit dialog warning about uncommitted files in the wrong directory after worktree removal

Fixed @ file picker not matching files created mid-session in small non-git directories

Fixed @-mention file picker not finding files in directories with more than 100 entries

Fixed failed tool calls not being click-to-expand in fullscreen mode when their output was truncated

Fixed Backspace and Ctrl+Backspace getting swapped after using Ctrl+G to open an external editor on terminals with persistent extended-key modes

Fixed /usage weekly reset showing time of day instead of the calendar date

Fixed welcome banner ellipsis causing column overflow on CJK terminals

Fixed /insights crash when session history contains tool calls with malformed input fields

Fixed a renderer crash when a tool's collapsibility classification changes mid-session

Fixed a skills entry in plugin.json hiding the plugin's default skills/ directory, and listing a file path now shows an error instead of failing silently

Fixed IDE shell-integration lock files not respecting CLAUDE_CONFIG_DIR

Fixed trailing whitespace in copied terminal output during streaming

Fixed plugin uninstall and enable/disable not matching slugs case-insensitively

Fixed tool error truncation marker showing a negative count for surrogate-pair strings

Fixed env vars from CLAUDE_ENV_FILE SessionStart hooks going stale after /resume or /clear

Fixed /branch saving a multi-line session title when given a pasted multi-line name

Fixed a stray leading space on the second line of wrapped text at the column boundary

Fixed Esc not dismissing dialogs in /install-github-app, /desktop, /resume, and /web-setup

Fixed /doctor MCP schema errors not naming the missing field or showing the source file path

Fixed Bash permission prompts showing an internal parser diagnostic instead of a user-readable explanation

Fixed plugin slash commands with spaces (e.g. /myplugin review) not resolving to their namespaced form

Fixed AskUserQuestion discarding multi-select answers when supplied as an array

Fixed /clear <name> not labeling the cleared session for /resume

Fixed CronList output missing qualifiers and the scheduled prompt

Fixed "Jump to bottom" overlay leaving color artifacts on CJK characters in fullscreen mode

Fixed wide markdown tables leaving a stale bordered render in terminal scrollback while streaming

Fixed pasted text being silently dropped when a long prompt with a pasted-text placeholder was auto-truncated

... (truncated)

Commits

831608a chore: Update CHANGELOG.md
33a87ad chore: Update CHANGELOG.md
f7ef09f Merge pull request #56784 from anthropics/devsec/pin-actions
2bd8547 chore: Update CHANGELOG.md
6cd790c chore: Update CHANGELOG.md
fb063cd Update HackerOne links in SECURITY.md (#53949)
60348c9 chore: Update CHANGELOG.md
52b9f24 Pin GitHub Actions to commit SHAs
71135e4 chore: Update CHANGELOG.md
5c0e4f9 chore: Update CHANGELOG.md
Additional commits viewable in compare view

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Updates @babel/runtime from 7.28.6 to 7.29.2

Release notes

Sourced from @babel/runtime's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

#17840 [7.x backport] async x => {} must be in leading pos (@JLHwung)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3

#17805 [7.x backport] fix: Properly handle await in finally (@liuxingbaoyu)

babel-preset-env

#17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@JLHwung)

🏠 Internal

#17813 chore: update eslint peer deps (@JLHwung)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

babel-standalone

#17771 [7.x backport] fix: ensure targets.esmodules is validated (@JLHwung)

babel-generator

#17776 [7.x backport] Fix undefined when 64 indents (@liuxingbaoyu)

Committers: 2

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

... (truncated)

Commits

37d5595 v7.29.2
See full diff in compare view

Updates @borewit/text-codec from 0.2.1 to 0.2.2

Release notes

Sourced from @borewit/text-codec's releases.

v0.2.2

Changes

🐛 Bug Fixes

fix: improve encoding correctness and update README @Borewit (#36)

NPM release

NPM release: @borewit/text-codec@0.2.2

Commits

c2ce9c5 0.2.2
e2f0705 Merge pull request #23 from Borewit/dependabot/npm_and_yarn/master/chai-6.2.2
5e58cb8 Bump chai from 5.2.1 to 6.2.2
bc315b8 Merge pull request #37 from Borewit/update-biome
f32adfc Update biome to 2.4.6
7776373 Merge pull request #36 from Borewit/fix-most-issue-exodus
068d7d4 fix: improve encoding correctness and update README
See full diff in compare view

Updates @google/genai from 1.42.0 to 1.52.0

Release notes

Sourced from @google/genai's releases.

v1.52.0

1.52.0 (2026-05-04)

Features

[Python] Multimodal file search (e626bef)

Multimodal file search (54caf6b)

v1.51.0

1.51.0 (2026-04-29)

Features

[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (9e08ba9)

Add output_info to BatchJob (5327c60)

Add gemini-3.1-flash-tts-preview model to options (35c941b)

Add ImageResizeMode for GenerateVideos (faa1088)

Add new Gemini Deep Research agent models (6f83a05)

Add Vertex Dataset input and output options for batch jobs (6aa848e)

interaction-api: Add grounding tool usage breakdown to Interaction Usage. (e1c31ad)

introduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (cf7ad52)

Replace the more ambiguous rate field with sample_rate. (6c80464)

v1.50.1

1.50.1 (2026-04-14)

Bug Fixes

Refactor Webhook types in GenAI SDKs for easier useage (5100abc)

Rename webhooks.retrieve to webhooks.get. (db6e771)

v1.50.0

1.50.0 (2026-04-13)

[!CAUTION] CRITICAL WARNING: Do not use this version if you are implementing or relying on webhooks. This release contains known issues regarding webhook sdk. Please use v1.51.0 or later.

Features

Add "eu" as a supported service location for Vertex AI platform. (2493f9c)

Add DeepResearchAgentConfig fields (3615ca2)

Add Live Avatar new fields (6a0ff96)

Add support for new audio MIME types: opus, alaw, and mulaw (7137f13)

add webhook and webhookConfig for js and python sdk (0f89605)

Add webhook_config to batches.create() and models.generate_videos() (894bc93)

Wire the webhook into python and js client. (b6c5d18)

... (truncated)

Changelog

Sourced from @google/genai's changelog.

1.52.0 (2026-05-04)

Features

[Python] Multimodal file search (e626bef)

Multimodal file search (54caf6b)

1.51.0 (2026-04-29)

Features

[Interactions] Add FileCitation.{custom_metadata,media_id,page_number} (9e08ba9)

Add output_info to BatchJob (5327c60)

Add gemini-3.1-flash-tts-preview model to options (35c941b)

Add ImageResizeMode for GenerateVideos (faa1088)

Add new Gemini Deep Research agent models (6f83a05)

Add Vertex Dataset input and output options for batch jobs (6aa848e)

interaction-api: Add grounding tool usage breakdown to Interaction Usage. (e1c31ad)

introduce enterprise flag and GOOGLE_GENAI_USE_ENTERPRISE env var (cf7ad52)

Replace the more ambiguous rate field with sample_rate. (6c80464)

1.50.1 (2026-04-14)

Bug Fixes

Refactor Webhook types in GenAI SDKs for easier useage (5100abc)

Rename webhooks.retrieve to webhooks.get. (db6e771)

1.50.0 (2026-04-13)

Features

Add "eu" as a supported service location for Vertex AI platform. (2493f9c)

Add DeepResearchAgentConfig fields (3615ca2)

Add Live Avatar new fields (6a0ff96)

Add support for new audio MIME types: opus, alaw, and mulaw (7137f13)

add webhook and webhookConfig for js and python sdk (0f89605)

Add webhook_config to batches.create() and models.generate_videos() (894bc93)

Wire the webhook into python and js client. (b6c5d18)

1.49.0 (2026-04-08)

Features

Introduce TYPE_L16 audio content and optional fields. (c62cb9a)

... (truncated)

Commits

e8c8c44 chore(main): release 1.52.0 (#1546)
50d81ca chore: [Multimodal FileSearch] Move embedding_model to body
54caf6b feat: Multimodal file search
e626bef feat: [Python] Multimodal file search
61013d6 chore(main): release 1.51.0 (#1503)
8137d23 chore: add the deprecation marker back
734dab0 chore: no-op
006286b chore: Add page number
986bbed chore: Adjust Webhook update to better reflect modifiable fields
e1c31ad feat(interaction-api): Add grounding tool usage breakdown to Interaction Usage.
Additional commits viewable in compare view

Install script changes

This version adds preinstall script that runs during installation. Review the package contents before updating.

Updates @hono/node-server from 1.19.9 to 1.19.14

Release notes

Sourced from @hono/node-server's releases.

v1.19.14

What's Changed

fix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by @usualoma in honojs/node-server#340

Full Changelog: honojs/node-server@v1.19.13...v1.19.14

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

chore: ignore claude setting by @yusukebe in honojs/node-server#314

fix: request draining for early 413 responses by @usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

b5e63a3 1.19.14
c02d777 fix: add custom inspect to lightweight Request/Response to prevent TypeError ...
fd64e65 1.19.13
025c30f Merge commit from fork
6cdb5a7 1.19.12
70250f7 fix: request draining for early 413 responses (#329)
cfc08b3 chore: ignore claude setting (#314)
ecd4d6b 1.19.11
c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
2f8ca36 1.19.10
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.26.0 to 1.29.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @felixweinberger in modelcontextprotocol/typescript-sdk#1749

[v1.x] fix: disallow null (infinite) requested TTL by @LucaButBoring in modelcontextprotocol/typescript-sdk#1339

[v1.x] fix: add missing size field to ResourceSchema by @olaservo in modelcontextprotocol/typescript-sdk#1575

Add typings exports by @tdraier in modelcontextprotocol/typescript-sdk#1623

v1.x npm audit fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1780

v1.x #1623 follow up -add missing types to package.json by @KKonstantinov in modelcontextprotocol/typescript-sdk#1773

[v1.x backport] Allow servers / clients to advertise extensions in the capability object by @localden in modelcontextprotocol/typescript-sdk#1811

fix(stdio): always set windowsHide on Windows, not just in Electron by @jnMetaCode in modelcontextprotocol/typescript-sdk#1640

chore: bump version to 1.29.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

@tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623

@jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

feat: use scopes_supported from resource metadata by default (fixes #580) by @antogyn in modelcontextprotocol/typescript-sdk#757

[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @pcarleton in modelcontextprotocol/typescript-sdk#1611

fix: reject plain JSON Schema objects passed as inputSchema by @tiluckdave in modelcontextprotocol/typescript-sdk#1596

fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @pcarleton in modelcontextprotocol/typescript-sdk#1462

fix(server/auth): RFC 8252 loopback port relaxation by @poteat in modelcontextprotocol/typescript-sdk#1738

chore: bump version to 1.28.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

@antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757

@tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596

@poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

v1.27.1

What's Changed

feat: implement auth/pre-registration conformance scenario by @felixweinberger in modelcontextprotocol/typescript-sdk#1545

docs: add governance documentation for SEP-1730 by @felixweinberger in modelcontextprotocol/typescript-sdk#1547

docs: comprehensive feature documentation for SEP-1730 Tier 1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1548

fix: prevent command injection in example URL opening (v1.x backport) by @maxisbey in modelcontextprotocol/typescript-sdk#1579

fix: call onerror for silently swallowed transport errors by @qing-ant in modelcontextprotocol/typescript-sdk#1580

chore: bump version to 1.27.1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

@qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

... (truncated)

Commits

e12cbd7 chore: bump version to 1.29.0 (#1820)
3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
364f38c v1.x npm audit fix (#1780)
c95cc09 Add typings exports (#1623)
ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
a056569 chore: bump version to 1.28.0 (#1746)
Additional commits viewable in compare view

Updates @protobufjs/codegen from 2.0.4 to 2.0.5

Commits

See full diff in compare view

Updates @protobufjs/inquire from 1.1.0 to 1.1.1

Release notes

Sourced from @protobufjs/inquire's releases.

protobufjs-cli: v1.1.1

1.1.1 (2023-02-02)

Bug Fixes

cli: fix relative path to Google pb files (#1859) (e42eea4)

Commits

644d588 chore: release master (#1865)
e42eea4 fix(cli): fix relative path to Google pb files (#1859)
dce9a2e fix: use bundled filename to fix common pb includes (#1860)
64e8936 fix: use ES5 style function syntax (#1830)
4489fa7 Revert "fix: error should be thrown (#1817)" (#1864)
See full diff in compare view

Updates @protobufjs/utf8 from 1.1.0 to 1.1.1

Release notes

Sourced from @protobufjs/utf8's releases.

protobufjs-cli: v1.1.1

1.1.1 (2023-02-02)

Bug Fixes

cli: fix relative path to Google pb files (#1859) (

…rectory with 58 updates Bumps the production-dependencies group with 49 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.18.0` | `8.20.0` | | [cosmiconfig](https://github.com/cosmiconfig/cosmiconfig) | `9.0.0` | `9.0.1` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` | | [@anthropic-ai/claude-code](https://github.com/anthropics/claude-code) | `2.1.50` | `2.1.138` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.28.6` | `7.29.2` | | [@borewit/text-codec](https://github.com/Borewit/text-codec) | `0.2.1` | `0.2.2` | | [@google/genai](https://github.com/googleapis/js-genai) | `1.42.0` | `1.52.0` | | [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.26.0` | `1.29.0` | | [@protobufjs/codegen](https://github.com/dcodeIO/protobuf.js) | `2.0.4` | `2.0.5` | | [@protobufjs/inquire](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` | | [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.97.0` | `2.105.4` | | [fastmcp](https://github.com/punkpeye/fastmcp) | `3.33.0` | `3.35.0` | | [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.0` | | [b4a](https://github.com/holepunchto/b4a) | `1.8.0` | `1.8.1` | | [bare-fs](https://github.com/holepunchto/bare-fs) | `4.5.4` | `4.7.1` | | [bare-os](https://github.com/holepunchto/bare-os) | `3.6.2` | `3.9.1` | | [bare-stream](https://github.com/holepunchto/bare-stream) | `2.8.0` | `2.13.1` | | [bare-url](https://github.com/holepunchto/bare-url) | `2.3.2` | `2.4.3` | | [eventsource-parser](https://github.com/rexxars/eventsource-parser) | `3.0.6` | `3.0.8` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.5.1` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` | | [figlet](https://github.com/patorjk/figlet.js) | `1.10.0` | `1.11.0` | | [file-type](https://github.com/sindresorhus/file-type) | `21.3.0` | `21.3.4` | | [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.5` | | [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.3.0` | | [gaxios](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/gaxios) | `7.1.3` | `7.1.4` | | [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` | | [google-auth-library](https://github.com/googleapis/google-cloud-node-core/tree/HEAD/packages/google-auth-library-nodejs) | `10.5.0` | `10.6.2` | | [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.3` | | [hono](https://github.com/honojs/hono) | `4.12.1` | `4.12.18` | | [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` | | [koa](https://github.com/koajs/koa) | `3.1.1` | `3.2.0` | | [mcp-proxy](https://github.com/punkpeye/mcp-proxy) | `6.4.0` | `6.4.6` | | [nan](https://github.com/nodejs/nan) | `2.25.0` | `2.26.2` | | [node-abi](https://github.com/electron/node-abi) | `3.87.0` | `3.92.0` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `6.11.4` | `6.11.6` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` | | [pump](https://github.com/mafintosh/pump) | `3.0.3` | `3.0.4` | | [qs](https://github.com/ljharb/qs) | `6.15.0` | `6.15.1` | | [side-channel-list](https://github.com/ljharb/side-channel-list) | `1.0.0` | `1.0.1` | | [sql.js](https://github.com/sql-js/sql.js) | `1.14.0` | `1.14.1` | | [strtok3](https://github.com/Borewit/strtok3) | `10.3.4` | `10.3.5` | | [undici](https://github.com/nodejs/undici) | `7.22.0` | `7.25.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` | | [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.0` | | [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.9.0` | | [zod-to-json-schema](https://github.com/StefanTerdell/zod-to-json-schema) | `3.25.1` | `3.25.2` | Updates `ajv` from 8.18.0 to 8.20.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.18.0...v8.20.0) Updates `cosmiconfig` from 9.0.0 to 9.0.1 - [Release notes](https://github.com/cosmiconfig/cosmiconfig/releases) - [Changelog](https://github.com/cosmiconfig/cosmiconfig/blob/main/CHANGELOG.md) - [Commits](cosmiconfig/cosmiconfig@v9.0.0...v9.0.1) Updates `handlebars` from 4.7.8 to 4.7.9 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9) Updates `@anthropic-ai/claude-code` from 2.1.50 to 2.1.138 - [Release notes](https://github.com/anthropics/claude-code/releases) - [Changelog](https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md) - [Commits](anthropics/claude-code@v2.1.50...v2.1.138) Updates `@babel/runtime` from 7.28.6 to 7.29.2 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime) Updates `@borewit/text-codec` from 0.2.1 to 0.2.2 - [Release notes](https://github.com/Borewit/text-codec/releases) - [Commits](Borewit/text-codec@v0.2.1...v0.2.2) Updates `@google/genai` from 1.42.0 to 1.52.0 - [Release notes](https://github.com/googleapis/js-genai/releases) - [Changelog](https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md) - [Commits](googleapis/js-genai@v1.42.0...v1.52.0) Updates `@hono/node-server` from 1.19.9 to 1.19.14 - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.14) Updates `@modelcontextprotocol/sdk` from 1.26.0 to 1.29.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.26.0...v1.29.0) Updates `@protobufjs/codegen` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/dcodeIO/protobuf.js/commits/2.0.5) Updates `@protobufjs/inquire` from 1.1.0 to 1.1.1 - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1) Updates `@protobufjs/utf8` from 1.1.0 to 1.1.1 - [Release notes](https://github.com/dcodeIO/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1) Updates `@supabase/supabase-js` from 2.97.0 to 2.105.4 - [Release notes](https://github.com/supabase/supabase-js/releases) - [Changelog](https://github.com/supabase/supabase-js/blob/develop/packages/core/supabase-js/CHANGELOG.md) - [Commits](https://github.com/supabase/supabase-js/commits/v2.105.4/packages/core/supabase-js) Updates `fastmcp` from 3.33.0 to 3.35.0 - [Release notes](https://github.com/punkpeye/fastmcp/releases) - [Commits](punkpeye/fastmcp@v3.33.0...v3.35.0) Updates `xsschema` from 0.4.0-beta.5 to 0.4.4 - [Release notes](https://github.com/moeru-ai/xsai/releases) - [Commits](https://github.com/moeru-ai/xsai/commits/v0.4.4/packages-top/xsschema) Updates `jose` from 5.10.0 to 6.1.3 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](panva/jose@v5.10.0...v6.1.3) Updates `axios` from 1.13.5 to 1.16.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.16.0) Updates `b4a` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/holepunchto/b4a/releases) - [Commits](holepunchto/b4a@v1.8.0...v1.8.1) Updates `bare-fs` from 4.5.4 to 4.7.1 - [Release notes](https://github.com/holepunchto/bare-fs/releases) - [Commits](holepunchto/bare-fs@v4.5.4...v4.7.1) Updates `bare-os` from 3.6.2 to 3.9.1 - [Release notes](https://github.com/holepunchto/bare-os/releases) - [Commits](holepunchto/bare-os@v3.6.2...v3.9.1) Updates `bare-stream` from 2.8.0 to 2.13.1 - [Release notes](https://github.com/holepunchto/bare-stream/releases) - [Commits](holepunchto/bare-stream@v2.8.0...v2.13.1) Updates `bare-url` from 2.3.2 to 2.4.3 - [Release notes](https://github.com/holepunchto/bare-url/releases) - [Commits](holepunchto/bare-url@v2.3.2...v2.4.3) Updates `eventsource-parser` from 3.0.6 to 3.0.8 - [Release notes](https://github.com/rexxars/eventsource-parser/releases) - [Changelog](https://github.com/rexxars/eventsource-parser/blob/main/CHANGELOG.md) - [Commits](rexxars/eventsource-parser@v3.0.6...v3.0.8) Updates `express-rate-limit` from 8.2.1 to 8.5.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.5.1) Updates `fast-uri` from 3.1.0 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) Updates `figlet` from 1.10.0 to 1.11.0 - [Release notes](https://github.com/patorjk/figlet.js/releases) - [Commits](patorjk/figlet.js@v1.10.0...v1.11.0) Updates `file-type` from 21.3.0 to 21.3.4 - [Release notes](https://github.com/sindresorhus/file-type/releases) - [Commits](sindresorhus/file-type@v21.3.0...v21.3.4) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `fs-extra` from 11.3.3 to 11.3.5 - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-fs-extra@11.3.3...11.3.5) Updates `fuse.js` from 7.1.0 to 7.3.0 - [Release notes](https://github.com/krisk/Fuse/releases) - [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md) - [Commits](krisk/Fuse@v7.1.0...v7.3.0) Updates `gaxios` from 7.1.3 to 7.1.4 - [Release notes](https://github.com/googleapis/google-cloud-node-core/releases) - [Changelog](https://github.com/googleapis/google-cloud-node-core/blob/main/packages/gaxios/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node-core/commits/gaxios-v7.1.4/packages/gaxios) Updates `jackspeak` from 3.4.3 to 4.2.3 - [Changelog](https://github.com/isaacs/jackspeak/blob/main/changelog.md) - [Commits](isaacs/jackspeak@v3.4.3...v4.2.3) Updates `lru-cache` from 10.4.3 to 11.2.6 - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v10.4.3...v11.2.6) Updates `path-scurry` from 1.11.1 to 2.0.2 - [Changelog](https://github.com/isaacs/path-scurry/blob/main/CHANGELOG.md) - [Commits](isaacs/path-scurry@v1.11.1...v2.0.2) Updates `get-east-asian-width` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/sindresorhus/get-east-asian-width/releases) - [Commits](sindresorhus/get-east-asian-width@v1.5.0...v1.6.0) Updates `google-auth-library` from 10.5.0 to 10.6.2 - [Release notes](https://github.com/googleapis/google-cloud-node-core/releases) - [Changelog](https://github.com/googleapis/google-cloud-node-core/blob/main/packages/google-auth-library-nodejs/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node-core/commits/google-auth-library-v10.6.2/packages/google-auth-library-nodejs) Updates `hasown` from 2.0.2 to 2.0.3 - [Changelog](https://github.com/inspect-js/hasOwn/blob/main/CHANGELOG.md) - [Commits](inspect-js/hasOwn@v2.0.2...v2.0.3) Updates `hono` from 4.12.1 to 4.12.18 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.1...v4.12.18) Updates `ip-address` from 10.0.1 to 10.2.0 - [Commits](https://github.com/beaugunderson/ip-address/commits) Updates `jsonfile` from 6.2.0 to 6.2.1 - [Changelog](https://github.com/jprichardson/node-jsonfile/blob/master/CHANGELOG.md) - [Commits](jprichardson/node-jsonfile@6.2.0...6.2.1) Updates `koa` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@v3.1.1...v3.2.0) Updates `mcp-proxy` from 6.4.0 to 6.4.6 - [Release notes](https://github.com/punkpeye/mcp-proxy/releases) - [Commits](punkpeye/mcp-proxy@v6.4.0...v6.4.6) Updates `nan` from 2.25.0 to 2.26.2 - [Changelog](https://github.com/nodejs/nan/blob/main/CHANGELOG.md) - [Commits](nodejs/nan@v2.25.0...v2.26.2) Updates `node-abi` from 3.87.0 to 3.92.0 - [Release notes](https://github.com/electron/node-abi/releases) - [Commits](electron/node-abi@v3.87.0...v3.92.0) Updates `protobufjs` from 6.11.4 to 6.11.6 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@v6.11.4...v6.11.6) Updates `path-to-regexp` from 8.3.0 to 8.4.2 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.2) Updates `proxy-from-env` from 1.1.0 to 2.1.0 - [Release notes](https://github.com/Rob--W/proxy-from-env/releases) - [Commits](Rob--W/proxy-from-env@v1.1.0...v2.1.0) Updates `pump` from 3.0.3 to 3.0.4 - [Commits](mafintosh/pump@v3.0.3...v3.0.4) Updates `qs` from 6.15.0 to 6.15.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.15.0...v6.15.1) Updates `side-channel-list` from 1.0.0 to 1.0.1 - [Changelog](https://github.com/ljharb/side-channel-list/blob/main/CHANGELOG.md) - [Commits](ljharb/side-channel-list@v1.0.0...v1.0.1) Updates `sql.js` from 1.14.0 to 1.14.1 - [Release notes](https://github.com/sql-js/sql.js/releases) - [Commits](sql-js/sql.js@v1.14.0...v1.14.1) Updates `streamx` from 2.23.0 to 2.25.0 - [Commits](mafintosh/streamx@v2.23.0...v2.25.0) Updates `strtok3` from 10.3.4 to 10.3.5 - [Release notes](https://github.com/Borewit/strtok3/releases) - [Commits](Borewit/strtok3@v10.3.4...v10.3.5) Updates `undici` from 7.22.0 to 7.25.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.22.0...v7.25.0) Updates `validator` from 13.15.26 to 13.15.35 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.26...13.15.35) Updates `ws` from 8.19.0 to 8.20.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.19.0...8.20.0) Updates `yaml` from 2.8.2 to 2.9.0 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.8.2...v2.9.0) Updates `zod-to-json-schema` from 3.25.1 to 3.25.2 - [Release notes](https://github.com/StefanTerdell/zod-to-json-schema/releases) - [Changelog](https://github.com/StefanTerdell/zod-to-json-schema/blob/master/changelog.md) - [Commits](https://github.com/StefanTerdell/zod-to-json-schema/commits) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: cosmiconfig dependency-version: 9.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@anthropic-ai/claude-code" dependency-version: 2.1.138 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@babel/runtime" dependency-version: 7.29.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@borewit/text-codec" dependency-version: 0.2.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@google/genai" dependency-version: 1.52.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@hono/node-server" dependency-version: 1.19.14 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.29.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: "@protobufjs/codegen" dependency-version: 2.0.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@protobufjs/inquire" dependency-version: 1.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@protobufjs/utf8" dependency-version: 1.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: "@supabase/supabase-js" dependency-version: 2.105.4 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fastmcp dependency-version: 3.35.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: xsschema dependency-version: 0.4.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: jose dependency-version: 6.1.3 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: axios dependency-version: 1.16.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: b4a dependency-version: 1.8.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: bare-fs dependency-version: 4.7.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bare-os dependency-version: 3.9.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bare-stream dependency-version: 2.13.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: bare-url dependency-version: 2.4.3 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: eventsource-parser dependency-version: 3.0.8 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: express-rate-limit dependency-version: 8.5.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: figlet dependency-version: 1.11.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: file-type dependency-version: 21.3.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: fs-extra dependency-version: 11.3.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: fuse.js dependency-version: 7.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: gaxios dependency-version: 7.1.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: jackspeak dependency-version: 4.2.3 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: lru-cache dependency-version: 11.2.6 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: path-scurry dependency-version: 2.0.2 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: get-east-asian-width dependency-version: 1.6.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: google-auth-library dependency-version: 10.6.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: hasown dependency-version: 2.0.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: hono dependency-version: 4.12.18 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: ip-address dependency-version: 10.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: jsonfile dependency-version: 6.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: koa dependency-version: 3.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: mcp-proxy dependency-version: 6.4.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: nan dependency-version: 2.26.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: node-abi dependency-version: 3.92.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: protobufjs dependency-version: 6.11.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: path-to-regexp dependency-version: 8.4.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: proxy-from-env dependency-version: 2.1.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: pump dependency-version: 3.0.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: qs dependency-version: 6.15.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: side-channel-list dependency-version: 1.0.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: sql.js dependency-version: 1.14.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: streamx dependency-version: 2.25.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: strtok3 dependency-version: 10.3.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: undici dependency-version: 7.25.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: validator dependency-version: 13.15.35 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: ws dependency-version: 8.20.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: yaml dependency-version: 2.9.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: zod-to-json-schema dependency-version: 3.25.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-11T12:41:13Z

Assignees

The following users could not be added as assignees: llm-dev-ops/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-05-11T12:42:58Z

🔒 Security Scan Results

Scan Type	Status
Dependency Scan	⚠️ failure
CodeQL Analysis	✅ success
Secret Scan	✅ success
License Check	⚠️ failure
SAST	⚠️ failure

⚠️ Some security scans have warnings or failed. Please review the details.

Automated security scanning by GitHub Actions

dependabot · 2026-05-18T16:31:17Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot closed this May 18, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/production-dependencies-4813412202 branch May 18, 2026 16:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps)(deps): bump the production-dependencies group across 1 directory with 58 updates#68

chore(deps)(deps): bump the production-dependencies group across 1 directory with 58 updates#68
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-4813412202

dependabot Bot commented on behalf of github May 11, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

github-actions Bot commented May 11, 2026

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.20.0

What's Changed

v8.19.0

What's Changed

9.0.1

v4.7.9

v4.7.9 - March 26th, 2026

v2.1.138

What's changed

v2.1.137

What's changed

v2.1.136

What's changed

2.1.138

2.1.137

2.1.136

v7.29.2 (2026-03-16)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.29.1 (2026-02-04)

🐛 Bug Fix

Committers: 2

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

v0.2.2

Changes

🐛 Bug Fixes

NPM release

v1.52.0

1.52.0 (2026-05-04)

Features

v1.51.0

1.51.0 (2026-04-29)

Features

v1.50.1

1.50.1 (2026-04-14)

Bug Fixes

v1.50.0

1.50.0 (2026-04-13)

Features

1.52.0 (2026-05-04)

Features

1.51.0 (2026-04-29)

Features

1.50.1 (2026-04-14)

Bug Fixes

1.50.0 (2026-04-13)

Features

1.49.0 (2026-04-08)

Features

v1.19.14

What's Changed

v1.19.13

Security Fix

v1.19.12

What's Changed

v1.19.11

What's Changed

v1.19.10

Security Fix

v1.29.0

What's Changed

New Contributors

v1.28.0

What's Changed

New Contributors

v1.27.1

What's Changed

New Contributors

v1.27.0

What's Changed

protobufjs-cli: v1.1.1

1.1.1 (2023-02-02)

Bug Fixes

dependabot Bot commented on behalf of github May 11, 2026 •

edited

Loading