deps(mcp)(deps): bump the npm_and_yarn group across 1 directory with 22 updates #74

dependabot · 2026-01-12T10:26:10Z

Bumps the npm_and_yarn group with 9 updates in the /webai-mcp directory:

Package	From	To
@modelcontextprotocol/sdk	`1.12.0`	`1.25.2`
body-parser	`2.2.0`	`2.2.2`
express	`5.1.0`	`5.2.1`
@types/express	`5.0.2`	`5.0.6`
ws	`8.18.2`	`8.19.0`
@types/body-parser	`1.19.5`	`1.19.6`
@types/cors	`2.8.18`	`2.8.19`
@types/node-fetch	`2.6.12`	`2.6.13`
typescript	`5.8.3`	`5.9.3`

Updates @modelcontextprotocol/sdk from 1.12.0 to 1.25.2

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in modelcontextprotocol/typescript-sdk#1048

Remove type dependency on @cfworker/json-schema by @LucaButBoring in modelcontextprotocol/typescript-sdk#1229

Relocate tests under /test by @KKonstantinov in modelcontextprotocol/typescript-sdk#1220

Fix tsconfig: remove tests by @KKonstantinov in modelcontextprotocol/typescript-sdk#1240

tsconfig - tests and build fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1243

fix a typo in examples README by @DaleSeo in modelcontextprotocol/typescript-sdk#1246

Protocol date validation by @mattzcarey in modelcontextprotocol/typescript-sdk#1247

Flaky test fix on Types.test.ts by @KKonstantinov in modelcontextprotocol/typescript-sdk#1244

SPEC COMPLIANCE: Remove loose/passthrough types not allowed/defined by MCP spec + Task types by @KKonstantinov in modelcontextprotocol/typescript-sdk#1242

Follow-up fixes for PR #1242 by @felixweinberger in modelcontextprotocol/typescript-sdk#1274

Update server examples and docs by @DaleSeo in modelcontextprotocol/typescript-sdk#1285

Update TypeScript config to ES2020 to fix AJV imports by @mattzcarey in modelcontextprotocol/typescript-sdk#1297

Fix Zod v4 schema description extraction by @felixweinberger in modelcontextprotocol/typescript-sdk#1296

Add optional description field to Implementation schema by @calclavia in modelcontextprotocol/typescript-sdk#1295

Add theme property to Icon schema by @DaleSeo in modelcontextprotocol/typescript-sdk#1290

feat: fetch transport by @mattzcarey in modelcontextprotocol/typescript-sdk#1209

chore: bump version for release by @felixweinberger in modelcontextprotocol/typescript-sdk#1301

New Contributors

@vincent0426 made their first contribution in modelcontextprotocol/typescript-sdk#1048

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.3...1.25.0

1.24.3

What's Changed

... (truncated)

Commits

b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
a0c9b13 fix: README badges links destinations (#907)
6dd08ac ci: trigger workflow on v1.x branch (#1319)
384311b chore: bump version for patch fix (#1307)
fb07af8 spec types - backwards compatibility changes (#1306)
2b20ca9 chore: bump version for release (#1301)
67ba7ad feat: fetch transport (#1209)
1d42547 Add theme property to Icon schema (#1290)
54303b4 Add optional description field to Implementation schema (#1295)
9941294 Fix Zod v4 schema description extraction (#1296)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates @types/express from 5.0.2 to 5.0.6

Commits

See full diff in compare view

Updates ws from 8.18.2 to 8.19.0

Release notes

Sourced from ws's releases.

8.19.0

Features

Added the closeTimeout option (#2308).

Bug fixes

Handled a forthcoming breaking change in Node.js core (19984854).

8.18.3

Bug fixes

Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (#2291).

Commits

61349ec [dist] 8.19.0
3f9ffc6 [feature] Introduce the closeTimeout option (#2308)
1998485 [fix] Ensure all remaining data is read as a single chunk
726c373 [doc] Sort options alphabetically
b151f1e [ci] Update actions/checkout action to v6
dabdd5b [ci] Update actions/setup-node action to v6
86eac5b [ci] Test on node 25
1891e14 [ci] Update actions/setup-node action to v5
aa28c77 [ci] Update actions/checkout action to v5
dabbdec [dist] 8.18.3
Additional commits viewable in compare view

Updates @types/body-parser from 1.19.5 to 1.19.6

Commits

See full diff in compare view

Updates @types/cors from 2.8.18 to 2.8.19

Commits

See full diff in compare view

Updates @types/express from 5.0.2 to 5.0.6

Commits

See full diff in compare view

Updates @types/node-fetch from 2.6.12 to 2.6.13

Commits

See full diff in compare view

Updates typescript from 5.8.3 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

No specific changes for TypeScript 5.9.2 (Stable)

fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

npm

TypeScript 5.9

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

npm

TypeScript 5.9 RC

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

npm

TypeScript 5.9 Beta

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

npm

Commits

c63de15 Bump version to 5.9.3 and LKG
8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
5be3346 Bump version to 5.9.2 and LKG
ad825f2 Bump version to 5.9.1-rc and LKG
463a5bf Update LKG
Additional commits viewable in compare view

Updates @types/http-errors from 2.0.4 to 2.0.5

Commits

See full diff in compare view

Updates @types/serve-static from 1.15.7 to 2.2.0

Commits

See full diff in compare view

Updates ajv from 6.12.6 to 8.17.1

Release notes

Sourced from ajv's releases.

v8.17.1

What's Changed

bump version to 8.17.1 by @jasoniangreen in ajv-validator/ajv#2472

Full Changelog: ajv-validator/ajv@v8.17.0...v8.17.1

Plus everything in 8.17.0 which failed to release

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

Revert "Revert fast-uri change (ajv-validator/ajv#2444)" by @gurgunday in ajv-validator/ajv#2448 fix: ignore new eslint error for @typescript-eslint/no-extraneous-class by @jasoniangreen in ajv-validator/ajv#2455 docs: clarify behaviour of addVocabulary by @jasoniangreen in ajv-validator/ajv#2454 docs: refactor to improve legibility by @blottn in ajv-validator/ajv#2432 Fix grammatical typo in managing-schemas.md by @wetneb in ajv-validator/ajv#2305 docs: Fix broken strict-mode link by @alexanderjsx in ajv-validator/ajv#2459 feat: add test for encoded refs and bump fast-uri by @jasoniangreen in ajv-validator/ajv#2449 fix: changes for @typescript-eslint/array-type rule by @jasoniangreen in ajv-validator/ajv#2467 fixes ajv-validator/ajv#2217 - clarify custom keyword naming by @jasoniangreen in ajv-validator/ajv#2457

v8.17.0

What's Changed

The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

Revert "Revert fast-uri change (#2444)" by @gurgunday in ajv-validator/ajv#2448

fix: ignore new eslint error for @typescript-eslint/no-extraneous-class by @jasoniangreen in ajv-validator/ajv#2455

docs: clarify behaviour of addVocabulary by @jasoniangreen in ajv-validator/ajv#2454

docs: refactor to improve legibility by @blottn in ajv-validator/ajv#2432

Fix grammatical typo in managing-schemas.md by @wetneb in ajv-validator/ajv#2305

docs: Fix broken strict-mode link by @alexanderjsx in ajv-validator/ajv#2459

feat: add test for encoded refs and bump fast-uri by @jasoniangreen in ajv-validator/ajv#2449

fix: changes for @typescript-eslint/array-type rule by @jasoniangreen in ajv-validator/ajv#2467

fixes #2217 - clarify custom keyword naming by @jasoniangreen in ajv-validator/ajv#2457

New Contributors

@gurgunday made their first contribution in ajv-validator/ajv#2448

@blottn made their first contribution in ajv-validator/ajv#2432

@wetneb made their first contribution in ajv-validator/ajv#2305

@alexanderjsx made their first contribution in ajv-validator/ajv#2459

Full Changelog: ajv-validator/ajv@v8.16.0...v8.17.0

v8.16.0

What's Changed

Revert fast-uri change by @jasoniangreen in ajv-validator/ajv#2444

Full Changelog: ajv-validator/ajv@v8.15.0...v8.16.0

... (truncated)

Commits

9050ba1 bump version to 8.17.1 (#2472)
f7831b4 fixes #2217 - clarify custom keyword naming (#2457)
a523784 fix: changes for @typescript-eslint/array-type rule (#2467)
595fe58 feat: add test for encoded refs and bump fast-uri (#2449)
a18641e Update modifying-data.md - fix broken strict-mode link (#2459)
650c7f6 Fix grammatical typo in managing-schemas.md (#2305)
603f63b docs: refactor to improve legibility (#2432)
8bccdc4 docs: clarify behaviour of addVocabulary (#2454)
85dafb0 fix: ignore new eslint error (#2455)
80c014f Revert "Revert fast-uri change (#2444)" (#2448)
Additional commits viewable in compare view

Updates debug from 4.4.1 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

Commits

6b2c5fb 4.4.3
See full diff in compare view

Updates form-data from 4.0.2 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

[Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076

[Dev Deps] update @ljharb/eslint-config, eslint 5822467

[Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config

…22 updates Bumps the npm_and_yarn group with 9 updates in the /webai-mcp directory: | Package | From | To | | --- | --- | --- | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.12.0` | `1.25.2` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.2` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `5.0.2` | `5.0.6` | | [ws](https://github.com/websockets/ws) | `8.18.2` | `8.19.0` | | [@types/body-parser](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/body-parser) | `1.19.5` | `1.19.6` | | [@types/cors](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/cors) | `2.8.18` | `2.8.19` | | [@types/node-fetch](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node-fetch) | `2.6.12` | `2.6.13` | | [typescript](https://github.com/microsoft/TypeScript) | `5.8.3` | `5.9.3` | Updates `@modelcontextprotocol/sdk` from 1.12.0 to 1.25.2 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.12.0...v1.25.2) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `@types/express` from 5.0.2 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `ws` from 8.18.2 to 8.19.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.2...8.19.0) Updates `@types/body-parser` from 1.19.5 to 1.19.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/body-parser) Updates `@types/cors` from 2.8.18 to 2.8.19 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/cors) Updates `@types/express` from 5.0.2 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `@types/node-fetch` from 2.6.12 to 2.6.13 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node-fetch) Updates `typescript` from 5.8.3 to 5.9.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.8.3...v5.9.3) Updates `@types/http-errors` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/http-errors) Updates `@types/serve-static` from 1.15.7 to 2.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/serve-static) Updates `ajv` from 6.12.6 to 8.17.1 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v8.17.1) Updates `debug` from 4.4.1 to 4.4.3 - [Release notes](https://github.com/debug-js/debug/releases) - [Commits](debug-js/debug@4.4.1...4.4.3) Updates `form-data` from 4.0.2 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.2...v4.0.5) Updates `http-errors` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/jshttp/http-errors/releases) - [Changelog](https://github.com/jshttp/http-errors/blob/master/HISTORY.md) - [Commits](jshttp/http-errors@v2.0.0...v2.0.1) Updates `iconv-lite` from 0.6.3 to 0.7.2 - [Release notes](https://github.com/pillarjs/iconv-lite/releases) - [Changelog](https://github.com/pillarjs/iconv-lite/blob/master/Changelog.md) - [Commits](pillarjs/iconv-lite@v0.6.3...v0.7.2) Updates `json-schema-traverse` from 0.4.1 to 1.0.0 - [Release notes](https://github.com/epoberezkin/json-schema-traverse/releases) - [Commits](epoberezkin/json-schema-traverse@v0.4.1...v1.0.0) Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `raw-body` from 3.0.0 to 3.0.2 - [Release notes](https://github.com/stream-utils/raw-body/releases) - [Changelog](https://github.com/stream-utils/raw-body/blob/master/HISTORY.md) - [Commits](stream-utils/raw-body@v3.0.0...v3.0.2) Updates `statuses` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/jshttp/statuses/releases) - [Changelog](https://github.com/jshttp/statuses/blob/master/HISTORY.md) - [Commits](jshttp/statuses@v2.0.1...v2.0.2) Updates `zod` from 3.25.28 to 4.3.5 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.28...v4.3.5) Updates `zod-to-json-schema` from 3.24.5 to 3.25.1 - [Release notes](https://github.com/StefanTerdell/zod-to-json-schema/releases) - [Changelog](https://github.com/StefanTerdell/zod-to-json-schema/blob/master/changelog.md) - [Commits](https://github.com/StefanTerdell/zod-to-json-schema/commits) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.25.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm_and_yarn - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm_and_yarn - dependency-name: "@types/body-parser" dependency-version: 1.19.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: "@types/cors" dependency-version: 2.8.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: "@types/node-fetch" dependency-version: 2.6.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: typescript dependency-version: 5.9.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm_and_yarn - dependency-name: "@types/http-errors" dependency-version: 2.0.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: "@types/serve-static" dependency-version: 2.2.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.17.1 dependency-type: indirect update-type: version-update:semver-major dependency-group: npm_and_yarn - dependency-name: debug dependency-version: 4.4.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: http-errors dependency-version: 2.0.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: iconv-lite dependency-version: 0.7.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: npm_and_yarn - dependency-name: json-schema-traverse dependency-version: 1.0.0 dependency-type: indirect update-type: version-update:semver-major dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: raw-body dependency-version: 3.0.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: statuses dependency-version: 2.0.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm_and_yarn - dependency-name: zod dependency-version: 4.3.5 dependency-type: indirect update-type: version-update:semver-major dependency-group: npm_and_yarn - dependency-name: zod-to-json-schema dependency-version: 3.25.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-01-12T10:26:11Z

Labels

The following labels could not be found: dependency-updates, mcp-package. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot bot assigned cpjet64 Jan 12, 2026

dependabot bot requested a review from cpjet64 as a code owner January 12, 2026 10:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(mcp)(deps): bump the npm_and_yarn group across 1 directory with 22 updates #74

deps(mcp)(deps): bump the npm_and_yarn group across 1 directory with 22 updates #74

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

deps(mcp)(deps): bump the npm_and_yarn group across 1 directory with 22 updates #74

Are you sure you want to change the base?

deps(mcp)(deps): bump the npm_and_yarn group across 1 directory with 22 updates #74

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

New Contributors

1.24.3

What's Changed

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

2.2.2 / 2026-01-07

2.2.1 / 2025-11-24

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

8.19.0

Features

Bug fixes

8.18.3

Bug fixes

TypeScript 5.9.3

TypeScript 5.9

TypeScript 5.9 RC

TypeScript 5.9 Beta

v8.17.1

What's Changed

Plus everything in 8.17.0 which failed to release

v8.17.0

What's Changed

New Contributors

v8.16.0

What's Changed

4.4.3

v4.0.4

v4.0.4 - 2025-07-16

Commits

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.5 - 2025-11-17

Commits

v4.0.4 - 2025-07-16

Commits

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Jan 12, 2026 •

edited

Loading