Skip to content

deps: bump mcporter from 0.7.3 to 0.8.1#7

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mcporter-0.8.1
Open

deps: bump mcporter from 0.7.3 to 0.8.1#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mcporter-0.8.1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps mcporter from 0.7.3 to 0.8.1.

Release notes

Sourced from mcporter's releases.

mcporter v0.8.1

[0.8.1] - 2026-03-29

CLI

  • Bun-compiled/Homebrew binaries now embed the package version before boot, so mcporter --version reports the real release (for example 0.8.1) instead of falling back to 0.0.0-dev.

Tests

  • Added regression coverage for the Bun compile wrapper so future release builds keep the embedded runtime version intact.

Tooling / Dependencies

  • npm publishes now use an explicit package allowlist, so local release tarballs/checksum files do not get bundled into the published package.

SHA256 (mcporter-macos-arm64-v0.8.1.tar.gz): 7f726f70801bdded163699b53fade8b602c18f0dbc07851ce5ddad8e0e8bcb3b SHA256 (mcporter-0.8.1.tgz): 07abbbc8e3ffbaf1fd2a8030a90b56a5c895f52cfa301b42ff79cbaa0644242e

mcporter v0.8.0

[0.8.0] - 2026-03-29

CLI

  • Preserve OAuth flow vs post-auth transport failures so invalid OAuth/provider errors surface directly, while real legacy 404/405 transport mismatches still fall back to SSE correctly. (PR #97, thanks @​mavam)
  • Ignore static Authorization headers once OAuth is active so imported editor configs cannot override fresh OAuth tokens. (PR #123, thanks @​ahonn)
  • Keep mcporter call --output json parseable by emitting valid JSON even when the command falls back to raw output. (PR #128, thanks @​armanddp)
  • Render resource content blocks in call output helpers instead of dropping them, including markdown resources and JSON text payloads. (PR #124, thanks @​mvanhorn)
  • Preserve full JSON/error payloads when data is just one field instead of collapsing the response to data alone. (PR #106, thanks @​AielloChan)
  • Generated CLIs now parse object-valued flags as JSON and render object placeholders/examples with JSON-shaped help text, so tools like Jira fields no longer receive raw strings. (PR #114, thanks @​v2nic)
  • Deduplicate concurrent keep-alive daemon restarts per server so repeated fatal errors only force-close the cached daemon transport once before retrying. (PR #125, thanks @​zm2231)
  • mcporter config add now accepts plural --args as an alias for repeated stdio arguments, matching common CLI muscle memory. (PR #93, thanks @​Jah-yee)
  • Preserve default imports when mcporter config add writes a config file, instead of forcing "imports": [].
  • OAuth: avoid crashing on headless Linux when xdg-open is unavailable; clear stale dynamic-port client registrations; close callback server if stale-client persistence reads fail. (PR #72, thanks @​mgonto)
  • Added optional oauthScope/oauth_scope config override as an escape hatch for providers that require explicit scopes.
  • OAuth wait/redirect now share one deferred to eliminate authorization race windows and preserve stable close-path errors, including wait-before-redirect and repeated-redirect flows. (PR #70, thanks @​monotykamary)
  • createCallResult().json() now collects all parseable JSON entries from MCP content arrays (single item stays backward-compatible), and raw inspect depth now stays readable without unbounded traversal. (PR #91, thanks @​Blankdlh)
  • Added --raw-strings (numeric coercion off) and --no-coerce (all coercion off) for mcporter call argument parsing so IDs/codes can stay literal strings. (PR #59, thanks @​nobrainer-tech)
  • Added CallResult.images() plus opt-in mcporter call --save-images <dir> so image content blocks can be persisted without changing existing stdout output contracts. (PR #61, thanks @​daniella-11ways)
  • OAuth transport retries now classify HTTP 405 as HTTP (not auth) and OAuth promotion applies to configured HTTP servers too, so post-auth fallback flows no longer drop credentials on 405-only endpoints. (PR #48, thanks @​caseyg)
  • Config loading now parses project and explicit config files as JSONC, so mcporter.json / mcporter.jsonc can include comments and trailing commas. (PR #42, thanks @​aryasaatvik)
  • Added generated mcporter.schema.json plus pnpm generate:schema for IDE autocomplete/validation, including $schema and oauthScope/oauth_scope coverage. (PR #43, thanks @​aryasaatvik)

Tooling / Dependencies

  • Updated dependencies to latest releases (including MCP SDK, Rolldown RC, Zod, Biome, Oxlint, Vitest, Bun types).
  • Synced biome.json schema URL to Biome 2.4.5.

SHA256 (mcporter-macos-arm64-v0.8.0.tar.gz): 81c093704e1f0f247f14f2fa7ff0e8206227f9d44d6b8ff4bbd839941d083475 SHA256 (mcporter-0.8.0.tgz): 1de6cbbaf1295ceaa66a5ff5896987681021003d00d176d021b44dc5dc7daa80

Changelog

Sourced from mcporter's changelog.

[0.8.1] - 2026-03-29

CLI

  • Bun-compiled/Homebrew binaries now embed the package version before boot, so mcporter --version reports the real release (for example 0.8.1) instead of falling back to 0.0.0-dev.

Tests

  • Added regression coverage for the Bun compile wrapper so future release builds keep the embedded runtime version intact.

Tooling / Dependencies

  • npm publishes now use an explicit package allowlist, so local release tarballs/checksum files do not get bundled into the published package.

[0.8.0] - 2026-03-29

CLI

  • Preserve OAuth flow vs post-auth transport failures so invalid OAuth/provider errors surface directly, while real legacy 404/405 transport mismatches still fall back to SSE correctly. (PR #97, thanks @​mavam)
  • Ignore static Authorization headers once OAuth is active so imported editor configs cannot override fresh OAuth tokens. (PR #123, thanks @​ahonn)
  • Keep mcporter call --output json parseable by emitting valid JSON even when the command falls back to raw output. (PR #128, thanks @​armanddp)
  • Render resource content blocks in call output helpers instead of dropping them, including markdown resources and JSON text payloads. (PR #124, thanks @​mvanhorn)
  • Preserve full JSON/error payloads when data is just one field instead of collapsing the response to data alone. (PR #106, thanks @​AielloChan)
  • Generated CLIs now parse object-valued flags as JSON and render object placeholders/examples with JSON-shaped help text, so tools like Jira fields no longer receive raw strings. (PR #114, thanks @​v2nic)
  • Deduplicate concurrent keep-alive daemon restarts per server so repeated fatal errors only force-close the cached daemon transport once before retrying. (PR #125, thanks @​zm2231)
  • mcporter config add now accepts plural --args as an alias for repeated stdio arguments, matching common CLI muscle memory. (PR #93, thanks @​Jah-yee)
  • Preserve default imports when mcporter config add writes a config file, instead of forcing "imports": [].
  • OAuth: avoid crashing on headless Linux when xdg-open is unavailable; clear stale dynamic-port client registrations; close callback server if stale-client persistence reads fail. (PR #72, thanks @​mgonto)
  • Added optional oauthScope/oauth_scope config override as an escape hatch for providers that require explicit scopes.
  • OAuth wait/redirect now share one deferred to eliminate authorization race windows and preserve stable close-path errors, including wait-before-redirect and repeated-redirect flows. (PR #70, thanks @​monotykamary)
  • createCallResult().json() now collects all parseable JSON entries from MCP content arrays (single item stays backward-compatible), and raw inspect depth now stays readable without unbounded traversal. (PR #91, thanks @​Blankdlh)
  • Added --raw-strings (numeric coercion off) and --no-coerce (all coercion off) for mcporter call argument parsing so IDs/codes can stay literal strings. (PR #59, thanks @​nobrainer-tech)
  • Added CallResult.images() plus opt-in mcporter call --save-images <dir> so image content blocks can be persisted without changing existing stdout output contracts. (PR #61, thanks @​daniella-11ways)
  • OAuth transport retries now classify HTTP 405 as HTTP (not auth) and OAuth promotion applies to configured HTTP servers too, so post-auth fallback flows no longer drop credentials on 405-only endpoints. (PR #48, thanks @​caseyg)
  • Config loading now parses project and explicit config files as JSONC, so mcporter.json / mcporter.jsonc can include comments and trailing commas. (PR #42, thanks @​aryasaatvik)
  • Added generated mcporter.schema.json plus pnpm generate:schema for IDE autocomplete/validation, including $schema and oauthScope/oauth_scope coverage. (PR #43, thanks @​aryasaatvik)

Tooling / Dependencies

  • Updated dependencies to latest releases (including MCP SDK, Rolldown RC, Zod, Biome, Oxlint, Vitest, Bun types).
  • Synced biome.json schema URL to Biome 2.4.5.
Commits
  • 5216891 build: tighten npm package contents
  • d601aa5 docs: finalize 0.8.1 changelog
  • c679967 fix: embed bun binary version
  • 25f12f4 chore: bump version to 0.8.1
  • 84c5967 docs: finalize 0.8.0 changelog
  • 71f5bd5 ci: activate pnpm with corepack
  • 9bf5c0f ci: replace deprecated pnpm setup action
  • 9181992 fix: harden oauth vault persistence
  • b69dd07 test: refresh live deepwiki smoke
  • 83cc3b9 refactor: split call and runtime helpers
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
deps: bump mcporter from 0.7.3 to 0.8.1
5bcf881 
Bumps [mcporter](https://github.com/steipete/mcporter) from 0.7.3 to 0.8.1.
- [Release notes](https://github.com/steipete/mcporter/releases)
- [Changelog](https://github.com/steipete/mcporter/blob/main/CHANGELOG.md)
- [Commits](steipete/mcporter@v0.7.3...v0.8.1)

---
updated-dependencies:
- dependency-name: mcporter
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Mar 30, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants