Skip to content

chore(deps): update dependency @modelcontextprotocol/sdk to v1.27.1#1427

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/modelcontextprotocol-sdk-1.x
Open

chore(deps): update dependency @modelcontextprotocol/sdk to v1.27.1#1427
renovate[bot] wants to merge 1 commit intomainfrom
renovate/modelcontextprotocol-sdk-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 13, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
@modelcontextprotocol/sdk (source) dependencies minor 1.25.11.27.1 OpenSSF Scorecard

Release Notes

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.27.1

Compare Source

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

Compare Source

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

v1.26.0

Compare Source

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

Compare Source

What's Changed

  • [v1.x backport] Use correct schema for client sampling validation when tools are present by @​olaservo in #​1407
  • fix: prevent Hono from overriding global Response object (v1.x) by @​mattzcarey in #​1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

Compare Source

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Dependency updates label Nov 13, 2025
@renovate renovate bot enabled auto-merge (squash) November 13, 2025 23:16
@github-actions github-actions bot added qa:running QA workflow is currently running status:approved Pull request has been approved qa:failed QA workflow failed and removed qa:running QA workflow is currently running labels Nov 13, 2025
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 13, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from cc47e6a to 57b7ac5 Compare November 17, 2025 13:34
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 17, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch 2 times, most recently from e75ece1 to c38692b Compare November 17, 2025 13:40
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 17, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from c38692b to f21628a Compare November 17, 2025 14:24
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 17, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from f21628a to 1b83c1d Compare November 17, 2025 14:27
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 17, 2025
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 20, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from 5a59fa9 to a83199b Compare November 22, 2025 06:56
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 22, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from a83199b to e865e03 Compare November 24, 2025 02:31
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 24, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from e865e03 to 43989f6 Compare November 25, 2025 02:49
@github-actions github-actions bot added qa:running QA workflow is currently running qa:failed QA workflow failed and removed qa:failed QA workflow failed qa:running QA workflow is currently running labels Nov 25, 2025
@renovate renovate bot force-pushed the renovate/modelcontextprotocol-sdk-1.x branch from 43989f6 to 57286c9 Compare November 25, 2025 06:37
@github-actions github-actions bot added qa:running QA workflow is currently running and removed qa:failed QA workflow failed labels Nov 25, 2025
@socket-security
Copy link

socket-security bot commented Nov 26, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedkubo-rpc-client@​6.0.29610010087100
Updated@​modelcontextprotocol/​sdk@​1.21.1 ⏵ 1.25.199100 +1610098 -1100

View full report

sentry[bot]
sentry bot reviewed Dec 11, 2025
View reviewed changes
sdk/mcp/package.json
"@modelcontextprotocol/sdk": "1.21.1",
"@modelcontextprotocol/sdk": "1.24.3",
"@settlemint/sdk-js": "workspace:*",
"@settlemint/sdk-utils": "workspace:*",

This comment was marked as outdated.

Sign in to view

sentry[bot]
sentry bot reviewed Dec 13, 2025
View reviewed changes
sdk/mcp/package.json Outdated
"@graphql-tools/load": "8.1.7",
"@graphql-tools/url-loader": "9.0.5",
"@modelcontextprotocol/sdk": "1.21.1",
"@modelcontextprotocol/sdk": "1.24.3",

This comment was marked as outdated.

Sign in to view

sentry[bot]
sentry bot reviewed Dec 14, 2025
View reviewed changes
sdk/mcp/package.json Outdated
"@graphql-tools/load": "8.1.7",
"@graphql-tools/url-loader": "9.0.5",
"@modelcontextprotocol/sdk": "1.21.1",
"@modelcontextprotocol/sdk": "1.24.3",

This comment was marked as outdated.

Sign in to view

sentry[bot]
sentry bot reviewed Dec 16, 2025
View reviewed changes
sdk/mcp/package.json Outdated
"@graphql-tools/load": "8.1.7",
"@graphql-tools/url-loader": "9.0.5",
"@modelcontextprotocol/sdk": "1.21.1",
"@modelcontextprotocol/sdk": "1.25.0",

This comment was marked as outdated.

Sign in to view

sentry[bot]
sentry bot reviewed Dec 20, 2025
View reviewed changes
sdk/mcp/package.json Outdated
"@graphql-tools/load": "8.1.7",
"@graphql-tools/url-loader": "9.0.5",
"@modelcontextprotocol/sdk": "1.21.1",
"@modelcontextprotocol/sdk": "1.25.1",

This comment was marked as outdated.

Sign in to view

Copy link

@baz-reviewer baz-reviewer bot Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commit 727db84 addressed this comment by upgrading @modelcontextprotocol/sdk (to 1.27.1) and updating the lockfile so the resolved SDK dependency now pulls zod-to-json-schema at a compatible version (^3.25.1, per bun.lock). This removes the previously flagged mismatch risk between the MCP SDK and zod@^4 during server startup initialization.

sentry[bot]
sentry bot reviewed Dec 27, 2025
View reviewed changes
sdk/mcp/package.json Outdated
"@graphql-tools/load": "8.1.7",
"@graphql-tools/url-loader": "9.0.5",
"@modelcontextprotocol/sdk": "1.21.1",
"@modelcontextprotocol/sdk": "1.25.1",

This comment was marked as outdated.

Sign in to view

@renovate
chore(deps): update dependency @modelcontextprotocol/sdk to v1.27.1
727db84 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

+3 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@baz-reviewer baz-reviewer[bot] baz-reviewer[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Dependency updates qa:running QA workflow is currently running status:approved Pull request has been approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants