chore(deps): Bump the production-dependencies group across 1 directory with 11 updates #144

dependabot · 2026-01-26T11:13:34Z

Bumps the production-dependencies group with 9 updates in the / directory:

Package	From	To
@modelcontextprotocol/sdk	`1.22.0`	`1.25.3`
body-parser	`2.2.0`	`2.2.2`
cors	`2.8.5`	`2.8.6`
express	`5.1.0`	`5.2.1`
finalhandler	`2.1.0`	`2.1.1`
send	`1.2.0`	`1.2.1`
serve-static	`2.2.0`	`2.2.1`
zod	`3.25.76`	`4.3.6`
zod-to-json-schema	`3.25.0`	`3.25.1`

Updates @modelcontextprotocol/sdk from 1.22.0 to 1.25.3

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in modelcontextprotocol/typescript-sdk#1048

Remove type dependency on @cfworker/json-schema by @LucaButBoring in modelcontextprotocol/typescript-sdk#1229

Relocate tests under /test by @KKonstantinov in modelcontextprotocol/typescript-sdk#1220

Fix tsconfig: remove tests by @KKonstantinov in modelcontextprotocol/typescript-sdk#1240

tsconfig - tests and build fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1243

fix a typo in examples README by @DaleSeo in modelcontextprotocol/typescript-sdk#1246

Protocol date validation by @mattzcarey in modelcontextprotocol/typescript-sdk#1247

Flaky test fix on Types.test.ts by @KKonstantinov in modelcontextprotocol/typescript-sdk#1244

SPEC COMPLIANCE: Remove loose/passthrough types not allowed/defined by MCP spec + Task types by @KKonstantinov in modelcontextprotocol/typescript-sdk#1242

Follow-up fixes for PR #1242 by @felixweinberger in modelcontextprotocol/typescript-sdk#1274

Update server examples and docs by @DaleSeo in modelcontextprotocol/typescript-sdk#1285

Update TypeScript config to ES2020 to fix AJV imports by @mattzcarey in modelcontextprotocol/typescript-sdk#1297

Fix Zod v4 schema description extraction by @felixweinberger in modelcontextprotocol/typescript-sdk#1296

Add optional description field to Implementation schema by @calclavia in modelcontextprotocol/typescript-sdk#1295

Add theme property to Icon schema by @DaleSeo in modelcontextprotocol/typescript-sdk#1290

feat: fetch transport by @mattzcarey in modelcontextprotocol/typescript-sdk#1209

chore: bump version for release by @felixweinberger in modelcontextprotocol/typescript-sdk#1301

... (truncated)

Commits

ced7535 1.25.3
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
b392f02 fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (#1365)
a0c9b13 fix: README badges links destinations (#907)
6dd08ac ci: trigger workflow on v1.x branch (#1319)
384311b chore: bump version for patch fix (#1307)
fb07af8 spec types - backwards compatibility changes (#1306)
2b20ca9 chore: bump version for release (#1301)
67ba7ad feat: fetch transport (#1209)
Additional commits viewable in compare view

Updates body-parser from 2.2.0 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

docs: update README links by @efekrskl in expressjs/body-parser#673

docs: release notes for the v1.20.4 release by @Phillip9587 in expressjs/body-parser#674

docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @Phillip9587 in expressjs/body-parser#679

docs: use standard jsdoc tags everywhere by @Phillip9587 in expressjs/body-parser#677

deps: qs@^6.14.1 by @UlisesGascon in expressjs/body-parser#689

refactor(json): simplify strict mode error string construction by @jonchurch in expressjs/body-parser#693

Release: 2.2.2 by @UlisesGascon in expressjs/body-parser#691

New Contributors

@efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

deps: qs@^6.14.1

refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

3d24866 2.2.2 (#691)
8474a98 refactor(json): simplify strict mode error string construction (#693)
03f17c2 deps: qs@^6.14.1 (#689)
ea1f25e docs: use standard jsdoc tags everywhere (#677)
d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
b6f52aa docs: release notes for the v1.20.4 release (#674)
2965ca4 docs: update links (#673)
d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
Additional commits viewable in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: [email protected] and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates finalhandler from 2.1.0 to 2.1.1

Release notes

Sourced from finalhandler's releases.

v2.1.1

What's Changed

2.1.0 by @wesleytodd in pillarjs/finalhandler#81

ci: add CodeQl (SAST) by @Phillip9587 in pillarjs/finalhandler#84

docs: add OpenSSF Scorecard Badge by @Phillip9587 in pillarjs/finalhandler#86

ci: use full SHAs for github action versions by @Phillip9587 in pillarjs/finalhandler#90

ci: add dependabot by @Phillip9587 in pillarjs/finalhandler#89

docs: update examples to ES6 by @Phillip9587 in pillarjs/finalhandler#91

build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 by @dependabot[bot] in pillarjs/finalhandler#92

ci: update codeql config by @Phillip9587 in pillarjs/finalhandler#96

chore(deps): unpin devDependencies by @Phillip9587 in pillarjs/finalhandler#97

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in pillarjs/finalhandler#102

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in pillarjs/finalhandler#101

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in pillarjs/finalhandler#100

ci: add node.js 24 to test matrix by @Phillip9587 in pillarjs/finalhandler#103

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in pillarjs/finalhandler#105

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in pillarjs/finalhandler#104

chore: add funding to package.json by @Phillip9587 in pillarjs/finalhandler#98

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in pillarjs/finalhandler#106

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in pillarjs/finalhandler#107

build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 by @dependabot[bot] in pillarjs/finalhandler#110

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in pillarjs/finalhandler#109

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in pillarjs/finalhandler#108

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in pillarjs/finalhandler#113

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in pillarjs/finalhandler#112

build(deps): bump github/codeql-action from 3.29.11 to 3.30.5 by @dependabot[bot] in pillarjs/finalhandler#111

build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in pillarjs/finalhandler#117

build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in pillarjs/finalhandler#116

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in pillarjs/finalhandler#115

build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in pillarjs/finalhandler#114

build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in pillarjs/finalhandler#122

build(deps): bump github/codeql-action from 4.31.2 to 4.31.5 by @dependabot[bot] in pillarjs/finalhandler#124

build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 by @dependabot[bot] in pillarjs/finalhandler#123

fix: update engines reference in the pkg by @UlisesGascon in pillarjs/finalhandler#119

Release: 2.1.1 by @UlisesGascon in pillarjs/finalhandler#120

New Contributors

@dependabot[bot] made their first contribution in pillarjs/finalhandler#92

Full Changelog: pillarjs/finalhandler@v2.1.0...v2.1.1

Changelog

Sourced from finalhandler's changelog.

unreleased

deps:

debug@^4.4.3

statuses@^2.0.2

v2.1.1. / 2025-12-01

update engines field in the package.json to reflect the current compatibility (Node <18). See: 2.0.0

Minor changes (package metadata)

Commits

aa2851f 2.1.1 (#120)
e1ec820 fix: update engines reference in the pkg (#119)
3fb91d2 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#123)
7f35d34 build(deps): bump github/codeql-action from 4.31.2 to 4.31.5
15c096f build(deps): bump actions/checkout from 5.0.0 to 6.0.0
0919cb8 build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#114)
6be5f9c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#115)
c33618a build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#116)
fbf0e17 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#117)
27c3f30 build(deps): bump github/codeql-action from 3.29.11 to 3.30.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for finalhandler since your current version.

Updates iconv-lite from 0.6.3 to 0.7.2

Release notes

Sourced from iconv-lite's releases.

v0.7.2

🐞 Bug fixes

Correction of CommonJS exports in TypeScript definitions - by @plbstl in #366

Fixed the TypeScript definitions to correctly represent the CommonJS exports of the library. This resolves issues where consumers using TypeScript would encounter errors due to incorrect type definitions that did not align with the actual module exports.

Other changes

Bump actions/setup-node from 4 to 6 by @dependabot[bot] in pillarjs/iconv-lite#373

Bump actions/checkout from 4 to 6 by @dependabot[bot] in pillarjs/iconv-lite#374

chore: use files field in package.json instead of .npmignore by @bjohansebas in pillarjs/iconv-lite#372

Bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in pillarjs/iconv-lite#375

Bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in pillarjs/iconv-lite#377

Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in ...
Description has been truncated

…y with 11 updates Bumps the production-dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.22.0` | `1.25.3` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.2` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [finalhandler](https://github.com/pillarjs/finalhandler) | `2.1.0` | `2.1.1` | | [send](https://github.com/pillarjs/send) | `1.2.0` | `1.2.1` | | [serve-static](https://github.com/expressjs/serve-static) | `2.2.0` | `2.2.1` | | [zod](https://github.com/colinhacks/zod) | `3.25.76` | `4.3.6` | | [zod-to-json-schema](https://github.com/StefanTerdell/zod-to-json-schema) | `3.25.0` | `3.25.1` | Updates `@modelcontextprotocol/sdk` from 1.22.0 to 1.25.3 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.22.0...v1.25.3) Updates `body-parser` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.2) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `finalhandler` from 2.1.0 to 2.1.1 - [Release notes](https://github.com/pillarjs/finalhandler/releases) - [Changelog](https://github.com/pillarjs/finalhandler/blob/master/HISTORY.md) - [Commits](pillarjs/finalhandler@v2.1.0...v2.1.1) Updates `iconv-lite` from 0.6.3 to 0.7.2 - [Release notes](https://github.com/pillarjs/iconv-lite/releases) - [Changelog](https://github.com/pillarjs/iconv-lite/blob/master/Changelog.md) - [Commits](pillarjs/iconv-lite@v0.6.3...v0.7.2) Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `send` from 1.2.0 to 1.2.1 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@1.2.0...1.2.1) Updates `serve-static` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v2.2.0...v2.2.1) Updates `zod` from 3.25.76 to 4.3.6 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.76...v4.3.6) Updates `zod-to-json-schema` from 3.25.0 to 3.25.1 - [Release notes](https://github.com/StefanTerdell/zod-to-json-schema/releases) - [Changelog](https://github.com/StefanTerdell/zod-to-json-schema/blob/master/changelog.md) - [Commits](https://github.com/StefanTerdell/zod-to-json-schema/commits) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.25.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: body-parser dependency-version: 2.2.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: cors dependency-version: 2.8.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: express dependency-version: 5.2.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: finalhandler dependency-version: 2.1.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: iconv-lite dependency-version: 0.7.2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: send dependency-version: 1.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: serve-static dependency-version: 2.2.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: zod dependency-version: 4.3.6 dependency-type: indirect update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: zod-to-json-schema dependency-version: 3.25.1 dependency-type: indirect update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2026-01-26T11:13:35Z

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the production-dependencies group across 1 directory with 11 updates #144

chore(deps): Bump the production-dependencies group across 1 directory with 11 updates #144

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): Bump the production-dependencies group across 1 directory with 11 updates #144

Are you sure you want to change the base?

chore(deps): Bump the production-dependencies group across 1 directory with 11 updates #144

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

v2.2.2

What's Changed

New Contributors

v2.2.1

Important: Security

What's Changed

2.2.2 / 2026-01-07

2.2.1 / 2025-11-24

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

v2.1.1

What's Changed

New Contributors

unreleased

v2.1.1. / 2025-12-01

v0.7.2

🐞 Bug fixes

Other changes

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading