v5.6.1: security update
Security Updates
This release addresses all 14 Dependabot security alerts by updating vulnerable dependencies.
Security Fixes
| Package | Previous | Updated | Vulnerabilities Fixed |
|---|---|---|---|
| mcp | 1.9.2 | 1.26.0 | DNS rebinding (high), DoS vulnerabilities (high) |
| filelock | 3.18.0 | 3.20.3 | TOCTOU symlink vulnerabilities (medium) |
| starlette | 0.46.2 | 0.50.0 | Range header DoS (high), multipart DoS (medium) |
| python-multipart | 0.0.20 | 0.0.22 | Arbitrary file write (high) |
| urllib3 | 2.4.0 | removed | Decompression bomb bypass (high), redirect issues (medium) |
| requests | 2.32.3 | removed | .netrc credentials leak (medium) |
Changes
- Updated
pyproject.tomlto requiremcp>=1.23.0 - Fixed mypy strict errors from upgraded dependency types
- All 63 tests pass