chore(deps): bump @modelcontextprotocol/sdk from 1.27.1 to 1.29.0#334
chore(deps): bump @modelcontextprotocol/sdk from 1.27.1 to 1.29.0#334dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) from 1.27.1 to 1.29.0. - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.29.0) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.29.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits. |
✔️ Bundle Size Analysis
Bundle breakdown |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM — routine Dependabot lock file update with no source changes.
Extended reasoning...
Overview
This PR updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0 in pnpm-lock.yaml. The only file changed is the lock file; no application source code is modified. Several transitive dependencies are also bumped as a result (hono, jose, express-rate-limit, qs, path-to-regexp, etc.), all minor or patch-level updates.
Security risks
No security concerns. The upstream 1.29.0 release includes a npm audit fix, a TTL null-disallow fix, and minor correctness improvements. None of the transitive bumps are major version changes, and none introduce new attack surface to this repo.
Level of scrutiny
Low. This is a fully automated Dependabot PR touching only the lock file. All version changes are minor/patch. No logic, auth, or critical path code is affected.
Other factors
No bugs were reported by the bug hunting system. The PR timeline shows no outstanding reviewer comments. This matches the pattern of other dependency bump PRs in this repo.
Bumps @modelcontextprotocol/sdk from 1.27.1 to 1.29.0.
Release notes
Sourced from
@modelcontextprotocol/sdk's releases.Commits
e12cbd7chore: bump version to 1.29.0 (#1820)3913fd4fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)5608e78[v1.x backport] Allow servers / clients to advertise extensions in the capabi...7213816v1.x #1623 follow up -add missing types to package.json (#1773)364f38cv1.x npm audit fix (#1780)c95cc09Add typings exports (#1623)ddadaa6[v1.x] fix: add missing size field to ResourceSchema (#1575)2a15851[v1.x] fix: disallow null (infinite) requested TTL (#1339)13e30f1fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)a056569chore: bump version to 1.28.0 (#1746)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)