Skip to content

chore(deps): Bump the production-dependencies group across 1 directory with 6 updates #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): Bump the production-dependencies group across 1 directory with 6 updates #134

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

Bumps the production-dependencies group with 5 updates in the / directory:

Package From To
@modelcontextprotocol/sdk 1.22.0 1.24.3
body-parser 2.2.0 2.2.1
express 5.1.0 5.2.1
finalhandler 2.1.0 2.1.1
zod 3.25.76 4.1.13

Updates @modelcontextprotocol/sdk from 1.22.0 to 1.24.3

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

1.24.3

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.2...1.24.3

1.24.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.1...1.24.2

1.24.1

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.0...1.24.1

1.24.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

... (truncated)

Commits
  • 724fe6e chore: bump version for patch release (#1235)
  • 2f76ac8 fix: skip priming events and closeSSEStream for old protocol versions (#1233)
  • 0a374fc fix: release HTTP connections after POST responses (#1214)
  • 2d2c8ff chore(deps): bump express from 5.0.1 to 5.2.1 in the npm_and_yarn group acros...
  • 545dbe1 chore: fix dev dependency security vulnerabilities (#1227)
  • d23674d chore: bump version to 1.24.2 (#1224)
  • 7c9257c refactor: make Server class framework-agnostic by moving express to separate ...
  • 401a189 chore: refresh CLAUDE.md (#1217)
  • 4b5c25d feat: add optional resource annotations (#954)
  • 6dd7cd4 chore: bump version for release (#1219)
  • Additional commits viewable in compare view

Updates body-parser from 2.2.0 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3
Commits
  • d96b63d 2.2.1 (#659)
  • b204886 sec: security patch for CVE-2025-13466
  • e20e351 feat: remove history.md from being packaged on publish (#660)
  • 0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
  • 168afff ci: also test on first supported node.js version (#646)
  • e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
  • 9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
  • 57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
  • a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
  • 10a114d test: add test for urlencoded invalid defaultCharset (#643)
  • Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.
Commits

Updates finalhandler from 2.1.0 to 2.1.1

Release notes

Sourced from finalhandler's releases.

v2.1.1

What's Changed

New Contributors

Full Changelog: pillarjs/finalhandler@v2.1.0...v2.1.1

Changelog

Sourced from finalhandler's changelog.

v2.1.1. / 2025-12-01

  • update engines field in the package.json to reflect the current compatibility (Node <18). See: 2.0.0
  • Minor changes (package metadata)
Commits
  • aa2851f 2.1.1 (#120)
  • e1ec820 fix: update engines reference in the pkg (#119)
  • 3fb91d2 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#123)
  • 7f35d34 build(deps): bump github/codeql-action from 4.31.2 to 4.31.5
  • 15c096f build(deps): bump actions/checkout from 5.0.0 to 6.0.0
  • 0919cb8 build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#114)
  • 6be5f9c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#115)
  • c33618a build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#116)
  • fbf0e17 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#117)
  • 27c3f30 build(deps): bump github/codeql-action from 3.29.11 to 3.30.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for finalhandler since your current version.


Updates iconv-lite from 0.6.3 to 0.7.0

Release notes

Sourced from iconv-lite's releases.

v0.7.0

🐞 Bug fixes

  • Handle split surrogate pairs when encoding utf8 - by @​yosion-p and @​ashtuchkin in #282:

    Handle a case where streaming utf8 encoder (converting js strings -> buffers) encounters surrogate pairs split between chunks (last character of one chunk is high surrogate and first character of the next chunk is a low surrogate).

  • Avoid false positives in encodingExists by using objects without a prototype - by @​bjohansebas in #328

    The encodingExists method could return incorrect results if the lookup matched properties inherited from the prototype of the object that stores the encodings, such as constructor and others. This change replaces that object with one that has no prototype, ensuring that only explicitly defined valid encodings in the library are considered. In addition, the fix is applied to the internal cache system to avoid the same kind of false positives

🚀 Improvements

  • Make explicit that decode() method supports Uint8Array input - by @​jardicc in #271
  • Remove compatibility check for StringDecoder.end method - by @​bjohansebas in #331

Other changes

New Contributors

Full Changelog: pillarjs/iconv-lite@v0.6.3...v0.7.0

Changelog

Sourced from iconv-lite's changelog.

0.7.0

🐞 Bug fixes

  • Handle split surrogate pairs when encoding utf8 - by @​yosion-p and @​ashtuchkin in #282:

    Handle a case where streaming utf8 encoder (converting js strings -> buffers) encounters surrogate pairs split between chunks (last character of one chunk is high surrogate and first character of the next chunk is a low surrogate).

  • Avoid false positives in encodingExists by using objects without a prototype - by @​bjohansebas in #328

    The encodingExists method could return incorrect results if the lookup matched properties inherited from the prototype of the object that stores the encodings, such as constructor and others. This change replaces that object with one that has no prototype, ensuring that only explicitly defined valid encodings in the library are considered. In addition, the fix is applied to the internal cache system to avoid the same kind of false positives

🚀 Improvements

  • Make explicit that decode() method supports Uint8Array input - by @​jardicc in #271
  • Remove compatibility check for StringDecoder.end method - by @​bjohansebas in #331
Commits
  • 165af71 release: 0.7.0 (#334)
  • ec88aea chore: remove object-assign (#338)
  • d8647ea docs(package.json): update repo name and add funding field (#337)
  • fc5925a Revert "chore: support node.js >=6, remove safe-buffer (#335)" (#336)
  • 4c2842a chore: support node.js >=6, remove safe-buffer (#335)
  • 1c2250f fix: add .git-blame-ignore-revs file for lint change
  • 2a31790 feat: adopt linter (#333)
  • 503f435 chore: update performance tests to use bench-node for benchmarking (#332)
  • 3aed296 docs: reorganize README
  • 0a2f8c5 fix: remove compatibility check for StringDecoder.end method (#331)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bsebas, a new releaser for iconv-lite since your current version.


Updates zod from 3.25.76 to 4.1.13

Release notes

Sourced from zod's releases.

v4.1.13

Commits:

  • 5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)
  • d3da530deb713c853e79405adddf770e156d50ac reflect the specified regex correctly in error (#5338)
  • 39f8c45b8a29de2330b485862b83cb35849f4238 faster initialization (#5352)
  • e9e27905cc0f37cb079ea473af8359d5e17a57a1 Clean up comment
  • 8e4739fadbd7de710eb67d34ba7e06a1029a68ab Update inferred z.promise() type
  • 2849df8907b011ab056d67ae8e3d27577ac4ed3e fix(locales): improve Dutch (nl) localization (#5367)
  • b0d3c9f628b60d358b66acf8f0ef7937fc9e8950 Run tests on windows
  • 6fd61b71b85e4fef4c168a46c3ebcc574f26255f feat unitest (#5358)
  • a4e4bc80e204577c698cf1369dd63c2b986d35f3 Lock to node 24
  • 8de8bad0fa84194b81efd32474462d7a236a1ee4 Fix windows build
  • b2c186bbae3a74a12acd385c1ced3ed978235cf8 Use Node LTS
  • b73b1f61c798efdf497852872b4c19cd4111c1f3 Consolidate isTransforming logic
  • d85f3ea4da53a1b232017dd4e4a2874eca4d8d76 Fix #5353
  • 1bac0f37b529eb9a0d833a01200f5a898e8e6220 Fix test.yml
  • 86d4dad5bc27b4b35df533c9170a552ad8c6c3bc Fix partial record
  • 5e6c0fd7471636feffe5763c9b7637879da459fe Fix attw on windows
  • 27fc616b8edb93cc27a4d25b37479d6e418bbccf Extend test timeout
  • 8d336c4d15e1917d78b67b890f7182f26633b56f Remove windows runner
  • 5be72e0ef4dceb1387febb7981079ecdeb5e2817 chore(doc): update metadata.tsx (#5331)
  • cb0272a0ad9962df95832a78587f54afec685351 docs: add 'cd zod' step to development setup instructions (#5394)
  • 24e3325dc63010e4f74e23caf91199652e8b12a9 docs: replace 'Refinement' with 'Transform' in transforms section (#5397)
  • 644a08203ebb00e23484b3f9a986ae783ce26a9a chore: add resource for validating environment variables with Zod (#5403)
  • 5e1cfcf578a47527044e85455e79c907fd913adc Change doc for email validation method in Zod schema (#5392)
  • 88cf9441448608d9de24b47b8a4a4ba879fc2433 Fix: Iterate over keys in catchall object using "in" operator. (#5376)
  • aa437325c5957c0cf57667cd7b8568603ee7ecd3 Emphasise that enum validates against values, for object literal & enums (#5386)
  • 3a4bd00aaa16276ffeb2708cc083a633bd4dd756 Improve Hebrew localization for Zod error messages (#5409)
  • c10f9d109874aeca6855383616c086b077d39f89 Fix typos (#5420)
  • 86f0ef918bb24f4ab9f1ce2afc5cf2d1a4a99473 Documentation Improvements (#5417)
  • e120a4877f4d8d076abf2db5c5cceab91a046be9 Fix opt tuple
  • f9bbb50c48f9c07ca869d28d6a7086d7290b97a3 Improve tuple
  • 0ba0f348f677688b69ed78473e022f5d225b41fc Optimize docs caching/ISR (#5433)
  • c3ec66c74b3fbc2616e880a90751c2cad7270bb3 Improve docs caching
  • c8cce4b607a7c0ca99cfb454571a3948ee9e85fb docs: fix typos and links (#5428)
  • 84ec04708525d6e83e3408d5d3a21edde742bdc5 docs(ecosystem): Add react-f3 (

@dependabot
chore(deps): Bump the production-dependencies group across 1 director…
fb967c3 
…y with 6 updates

Bumps the production-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.22.0` | `1.24.3` |
| [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.1` |
| [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` |
| [finalhandler](https://github.com/pillarjs/finalhandler) | `2.1.0` | `2.1.1` |
| [zod](https://github.com/colinhacks/zod) | `3.25.76` | `4.1.13` |



Updates `@modelcontextprotocol/sdk` from 1.22.0 to 1.24.3
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.22.0...1.24.3)

Updates `body-parser` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@v2.2.0...v2.2.1)

Updates `express` from 5.1.0 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v5.1.0...v5.2.1)

Updates `finalhandler` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/pillarjs/finalhandler/releases)
- [Changelog](https://github.com/pillarjs/finalhandler/blob/master/HISTORY.md)
- [Commits](pillarjs/finalhandler@v2.1.0...v2.1.1)

Updates `iconv-lite` from 0.6.3 to 0.7.0
- [Release notes](https://github.com/pillarjs/iconv-lite/releases)
- [Changelog](https://github.com/pillarjs/iconv-lite/blob/master/Changelog.md)
- [Commits](pillarjs/iconv-lite@v0.6.3...v0.7.0)

Updates `zod` from 3.25.76 to 4.1.13
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.76...v4.1.13)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.24.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: body-parser
  dependency-version: 2.2.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: finalhandler
  dependency-version: 2.1.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: iconv-lite
  dependency-version: 0.7.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zod
  dependency-version: 4.1.13
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2025

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 22, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 22, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/production-dependencies-717d3deee6 branch December 22, 2025 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant