Skip to content

fix: upgrade MCP SDK to 1.27.1 and modernize tool registration#282

Merged
GLips merged 1 commit intomainfrom
fix/upgrade-mcp-sdk-security
Mar 4, 2026
Merged

fix: upgrade MCP SDK to 1.27.1 and modernize tool registration#282
GLips merged 1 commit intomainfrom
fix/upgrade-mcp-sdk-security

Conversation

@GLips
Copy link
Owner

@GLips GLips commented Mar 4, 2026

Upgrade @modelcontextprotocol/sdk from 1.10.2 to 1.27.1 to resolve three CVEs (cross-client data leak, ReDoS, DNS rebinding). Migrate from deprecated server.tool() to server.registerTool() with tool annotations and titles. Add pnpm overrides for transitive vulnerabilities in glob, minimatch, rollup, and qs.

Also bumps js-yaml to 4.1.1 (prototype pollution fix), zod to 3.25 (SDK peer dep), and dev deps (tsup, tsx, eslint, typescript-eslint, @types/node).

@GLips
fix: upgrade MCP SDK to 1.27.1 and modernize tool registration
92882cc 
Upgrade @modelcontextprotocol/sdk from 1.10.2 to 1.27.1 to resolve
three CVEs (cross-client data leak, ReDoS, DNS rebinding). Migrate
from deprecated server.tool() to server.registerTool() with tool
annotations and titles. Add pnpm overrides for transitive
vulnerabilities in glob, minimatch, rollup, and qs.

Also bumps js-yaml to 4.1.1 (prototype pollution fix), zod to 3.25
(SDK peer dep), and dev deps (tsup, tsx, eslint, typescript-eslint,
@types/node).
@GLips GLips merged commit 4153e5f into main Mar 4, 2026
1 check passed
@github-actions github-actions bot mentioned this pull request Mar 4, 2026
Merged
@GLips GLips mentioned this pull request Mar 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GLips