chore(deps): bump the all-dependencies group with 18 updates #131

dependabot · 2026-02-01T16:00:05Z

Bumps the all-dependencies group with 18 updates:

Package	From	To
@modelcontextprotocol/sdk	`1.25.2`	`1.25.3`
commander	`14.0.2`	`14.0.3`
express	`5.1.0`	`5.2.1`
@types/express	`5.0.3`	`5.0.6`
jose	`6.1.2`	`6.1.3`
undici	`7.19.0`	`7.19.2`
zod	`3.25.76`	`4.3.6`
@eslint/js	`9.39.1`	`9.39.2`
@types/node	`22.18.12`	`25.2.0`
@typescript/native-preview	`7.0.0-dev.20251201.1`	`7.0.0-dev.20260201.1`
cors	`2.8.5`	`2.8.6`
eslint	`9.38.0`	`9.39.2`
lefthook	`2.0.2`	`2.0.16`
prettier	`3.6.2`	`3.8.1`
tsdown	`0.15.12`	`0.20.1`
tsx	`4.20.6`	`4.21.0`
typescript-eslint	`8.48.0`	`8.54.0`
vitest	`4.0.16`	`4.0.18`

Updates @modelcontextprotocol/sdk from 1.25.2 to 1.25.3

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

Commits

ced7535 1.25.3
6e8f7e1 fix: prevent Hono from overriding global Response object (v1.x) (#1411)
12ae856 [v1.x backport] Use correct schema for client sampling validation when tools ...
See full diff in compare view

Updates commander from 14.0.2 to 14.0.3

Release notes

Sourced from commander's releases.

v14.0.3

Added

Release Policy document (#2462)

Changes

old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)

clarify typing for deprecated callback parameter to .outputHelp() (#2427)

simple readability improvements to README (#2465)

Changelog

Sourced from commander's changelog.

[14.0.3] (2026-01-31)

Added

Release Policy document (#2462)

Changes

old major versions now supported for 12 months instead of just previous major version, to give predictable end-of-life date (#2462)

clarify typing for deprecated callback parameter to .outputHelp() (#2427)

simple readability improvements to README (#2465)

Commits

8247364 14.0.3
e281fe3 Update docs for 14.0.3 (#2474)
7357dda Separate out a more detailed release policy document (#2462)
b6e2e3a Bump eslint from 9.39.1 to 9.39.2 (#2470)
d6f63a7 Bump ts-jest from 29.4.5 to 29.4.6 (#2467)
2a9768a Bump prettier from 3.6.2 to 3.7.4 (#2466)
9211918 docs(README): Tweak formatting, punctuation for clarity (#2465)
4208a96 Bump typescript-eslint from 8.46.2 to 8.48.0 (#2458)
03308ce Bump eslint-plugin-jest from 29.0.1 to 29.2.1 (#2457)
4d2db1f Bump globals from 16.4.0 to 16.5.0 (#2456)
Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates @types/express from 5.0.3 to 5.0.6

Commits

See full diff in compare view

Updates jose from 6.1.2 to 6.1.3

Release notes

Sourced from jose's releases.

v6.1.3

Refactor

avoid export * as for google closure's compiler sake (6303d98), closes #832

Changelog

Sourced from jose's changelog.

6.1.3 (2025-12-02)

Refactor

avoid export * as for google closure's compiler sake (6303d98), closes #832

Commits

ebb8774 chore(release): 6.1.3
6303d98 refactor: avoid export * as for google closure's compiler sake
39c8805 chore: bump packages
cf5726e chore: update error message
0154775 chore: update threat model
d015cdf chore: add a threat model
c5e285e chore: bump packages
d681315 chore: bump packages
4ae1005 chore(deps-dev): bump glob from 11.0.3 to 11.1.0 (#831)
aaedc25 chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#830)
Additional commits viewable in compare view

Updates undici from 7.19.0 to 7.19.2

Release notes

Sourced from undici's releases.

v7.19.2

What's Changed

Minor code cleanups to decompress interceptor by @domenic in nodejs/undici#4754

fix(h2): fix flaky stream end handling on macOS by @mcollina in nodejs/undici#4762

return response when receiving 401 instead of network error by @KhafraDev in nodejs/undici#4769

fix: properly close idle connections in test server cleanup by @mcollina in nodejs/undici#4764

fix: decode HTTP headers as latin1 instead of utf8 by @mcollina in nodejs/undici#4768

fix: submodule update by @Uzlopak in nodejs/undici#4648

build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @dependabot[bot] in nodejs/undici#4720

New Contributors

@domenic made their first contribution in nodejs/undici#4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

v7.19.1

What's Changed

fix: use commit hash when generating release (#4757) by @fenichelar in nodejs/undici#4759

fix fetch 401 loop by @KhafraDev in nodejs/undici#4761

New Contributors

@fenichelar made their first contribution in nodejs/undici#4759

Full Changelog: nodejs/undici@v7.19.0...v7.19.1

Commits

4b36fef Bumped v7.19.2 (#4777)
44e437d build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 (#4720)
cfd42c6 fix: submodule update (#4648)
9f5466c fix: decode HTTP headers as latin1 instead of utf8 (#4768)
5e94274 fix: properly close idle connections in test server cleanup (#4764)
be564c1 return response when receiving 401 instead of network error (#4769)
94d147d fix: remove incorrect stream state check in h2 'end' event handler (#4762)
e26acd8 Minor code cleanups to decompress interceptor (#4754)
e2aeb52 Bumped v7.19.1 (#4760)
4920fc4 fix fetch 401 loop (#4761)
Additional commits viewable in compare view

Updates zod from 3.25.76 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors

f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)

251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call

edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)

85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)

cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)

dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)

762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling

ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)

e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking

0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests

e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)

089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs

decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint

9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema

66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType

b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)

f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)

0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

ca3c862 v4.3.6
762e911 Generalize numeric key handling
dfbbf1c Avoid re-exported star modules (#5656)
cbf77bb Avoid non null assertion (#5638)
85db85e fix: typo in codec.test.ts file (#5628)
edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
251d716 Clean up workflow_call
f4b7bae Update pullfrog.yml (#5634)
9977fb0 Add brand.dev to sponsors
0cdc0b8 4.3.5
Additional commits viewable in compare view

Updates @eslint/js from 9.39.1 to 9.39.2

Release notes

Sourced from @eslint/js's releases.

v9.39.2

Bug Fixes

5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)

c43ce24 chore: package.json update for @eslint/js release (Jenkins)

4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

c43ce24 chore: package.json update for @eslint/js release
See full diff in compare view

Updates @types/express from 5.0.3 to 5.0.6

Commits

See full diff in compare view

Updates @types/node from 22.18.12 to 25.2.0

Commits

See full diff in compare view

Updates @typescript/native-preview from 7.0.0-dev.20251201.1 to 7.0.0-dev.20260201.1

Commits

See full diff in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates eslint from 9.38.0 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)

c43ce24 chore: package.json update for @eslint/js release (Jenkins)

4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

v9.39.1

Bug Fixes

650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)

b44d426 docs: Update README (GitHub Actions Bot)

Chores

92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)

c7ebefc chore: package.json update for @eslint/js release (Jenkins)

61778f6 chore: update eslint-config-eslint dependency @eslint/js to ^9.39.0 (#20275) (renovate[bot])

d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)

009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

v9.39.0

Features

cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)

126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)

167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)

5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)

e86b813 fix: Use more types from @eslint/core (#20257) (Nicholas C. Zakas)

927272d fix: correct Scope typings (#20198) (jaymarvelz)

37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)

ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)

b165d47 fix: correct Rule typings (#20199) (jaymarvelz)

fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)

0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)

a3b1456 docs: Update README (GitHub Actions Bot)

cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)

10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)

2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)

... (truncated)

Commits

9278324 9.39.2
542266a Build: changelog update for 9.39.2
7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394)
c43ce24 chore: package.json update for @eslint/js release
5705833 fix: warn when eslint-env configuration comments are found (#20381)
506f154 build: add .scss files entry to knip (#20391)
4c9858e ci: add v9.x-dev branch (#20382)
e277281 9.39.1
4cdf397 Build: changelog update for 9.39.1
92db329 chore: update @eslint/js version to 9.39.1 (#20284)
Additional commits viewable in compare view

Updates lefthook from 2.0.2 to 2.0.16

Release notes

Sourced from lefthook's releases.

v2.0.16

Changelog

432efde268b98e5874281d7ca3cb16306bcdd04a chore(golangci-lint): upgrade to 2.8.0 (#1278)

130855b6a576799afcd1d32f7ab4e1e286ef69d1 chore: timeout cleanup (#1297)

4217025c2fef2caa2abe334ef2beeabeca3d7e05 deps: January 2026 (#1285)

272b59b38c50e948602e28c363c39a6e33936f43 docs(remotes): elaborate on when to refetch and failure mode (#1287)

e6adbbaf0b12e6cbe72e95e9e482617d0b4ac36c feat: add timeout argument (#1263)

a50fcff10df9ccc0afa0c4c7236d1b48b4215f93 fix(jsonschema): accept string in file_types (#1288)

8b88796491706f4c897b26d289d429988c4be411 fix: try reading direct file instead of all remotes (#1243)

7c6b73327162b93661ad59fe6705ccbfd4beefc1 perf!: skip ghost hook when hooks are already configured (#1255)

2096d4c72b96fbdebb6792b6fec141b6eeb1480b pkg: pack one binary per platform into python wheels (#1181)

v2.0.15

Changelog

f8dc321dd3ed3b7bdcad622a4011a268a63451e3 feat: skip scripts if args given with empty file template (#1277)

v2.0.14

Changelog

037fcdca819684123dc1c62df1d14f4402b1e245 deps: December 2025 (#1209)

e80f8927482b638bcd068136d3624d5adc83f0b2 deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261)

87350d63c401c47b9260d0023c7640e3885e0202 feat: add jsonc support (#1274)

882159f29f83b1f4f175ed5116ac48c631639deb fix: don't install custom hooks to hooks dir (#1246)

2bcab48ec33b2bf57e1a981734a73be4ea0a10ed fix: skip if any files template is empty (#1275)

v2.0.13

Changelog

009da6884b03e65c7d920ff0fd8ea53a49de6929 chore: add more tests (#1244)

ab93c17f526d064a169fca6cc6df42807b8737b4 docs(output): remove duplicate config: false description (#1245)

862908827582ffe87483692b963c5ad8fec3ef71 fix: allow custom hooks in JSON schema by updating generator (#1250)

aeb326c728cf1b86e5ea60b2138f498954792590 fix: set extends to empty slice after loading remotes (#1259)

v2.0.12

Changel...
Description has been truncated

Bumps the all-dependencies group with 18 updates: | Package | From | To | | --- | --- | --- | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.2` | `1.25.3` | | [commander](https://github.com/tj/commander.js) | `14.0.2` | `14.0.3` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `5.0.3` | `5.0.6` | | [jose](https://github.com/panva/jose) | `6.1.2` | `6.1.3` | | [undici](https://github.com/nodejs/undici) | `7.19.0` | `7.19.2` | | [zod](https://github.com/colinhacks/zod) | `3.25.76` | `4.3.6` | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.1` | `9.39.2` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.18.12` | `25.2.0` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20251201.1` | `7.0.0-dev.20260201.1` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [eslint](https://github.com/eslint/eslint) | `9.38.0` | `9.39.2` | | [lefthook](https://github.com/evilmartians/lefthook) | `2.0.2` | `2.0.16` | | [prettier](https://github.com/prettier/prettier) | `3.6.2` | `3.8.1` | | [tsdown](https://github.com/rolldown/tsdown) | `0.15.12` | `0.20.1` | | [tsx](https://github.com/privatenumber/tsx) | `4.20.6` | `4.21.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.48.0` | `8.54.0` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.16` | `4.0.18` | Updates `@modelcontextprotocol/sdk` from 1.25.2 to 1.25.3 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3) Updates `commander` from 14.0.2 to 14.0.3 - [Release notes](https://github.com/tj/commander.js/releases) - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md) - [Commits](tj/commander.js@v14.0.2...v14.0.3) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `@types/express` from 5.0.3 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `jose` from 6.1.2 to 6.1.3 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](panva/jose@v6.1.2...v6.1.3) Updates `undici` from 7.19.0 to 7.19.2 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.19.0...v7.19.2) Updates `zod` from 3.25.76 to 4.3.6 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.76...v4.3.6) Updates `@eslint/js` from 9.39.1 to 9.39.2 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js) Updates `@types/express` from 5.0.3 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `@types/node` from 22.18.12 to 25.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@typescript/native-preview` from 7.0.0-dev.20251201.1 to 7.0.0-dev.20260201.1 - [Changelog](https://github.com/microsoft/typescript-go/blob/main/CHANGES.md) - [Commits](https://github.com/microsoft/typescript-go/commits) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `eslint` from 9.38.0 to 9.39.2 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.38.0...v9.39.2) Updates `lefthook` from 2.0.2 to 2.0.16 - [Release notes](https://github.com/evilmartians/lefthook/releases) - [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md) - [Commits](evilmartians/lefthook@v2.0.2...v2.0.16) Updates `prettier` from 3.6.2 to 3.8.1 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.6.2...3.8.1) Updates `tsdown` from 0.15.12 to 0.20.1 - [Release notes](https://github.com/rolldown/tsdown/releases) - [Commits](rolldown/tsdown@v0.15.12...v0.20.1) Updates `tsx` from 4.20.6 to 4.21.0 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.20.6...v4.21.0) Updates `typescript-eslint` from 8.48.0 to 8.54.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/typescript-eslint) Updates `vitest` from 4.0.16 to 4.0.18 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/vitest) --- updated-dependencies: - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.25.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: commander dependency-version: 14.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: jose dependency-version: 6.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: undici dependency-version: 7.19.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@eslint/js" dependency-version: 9.39.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: "@types/node" dependency-version: 25.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@typescript/native-preview" dependency-version: 7.0.0-dev.20260201.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: eslint dependency-version: 9.39.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: lefthook dependency-version: 2.0.16 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: prettier dependency-version: 3.8.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: tsdown dependency-version: 0.20.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: tsx dependency-version: 4.21.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: typescript-eslint dependency-version: 8.54.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: vitest dependency-version: 4.0.18 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

pkg-pr-new · 2026-02-01T16:00:30Z

Open in StackBlitz

npx https://pkg.pr.new/modelcontextprotocol/conformance/@modelcontextprotocol/conformance@131

commit: 66f87e5

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all-dependencies group with 18 updates #131

chore(deps): bump the all-dependencies group with 18 updates #131

dependabot bot commented on behalf of github Feb 1, 2026

Uh oh!

pkg-pr-new bot commented Feb 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): bump the all-dependencies group with 18 updates #131

Are you sure you want to change the base?

chore(deps): bump the all-dependencies group with 18 updates #131

Conversation

dependabot bot commented on behalf of github Feb 1, 2026

v1.25.3

What's Changed

v14.0.3

Added

Changes

[14.0.3] (2026-01-31)

Added

Changes

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

v6.1.3

Refactor

6.1.3 (2025-12-02)

Refactor

v7.19.2

What's Changed

New Contributors

v7.19.1

What's Changed

New Contributors

v4.3.6

Commits:

v4.3.5

Commits:

v4.3.4

Commits:

v4.3.3

Commits:

v4.3.2

Commits:

v4.3.1

Commits:

v4.3.0

v9.39.2

Bug Fixes

Build Related

Chores

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

v9.39.2

Bug Fixes

Build Related

Chores

v9.39.1

Bug Fixes

Documentation

Chores

v9.39.0

Features

Bug Fixes

Documentation

v2.0.16

Changelog

v2.0.15

Changelog

v2.0.14

Changelog

v2.0.13

Changelog

v2.0.12

Changel... Description has been truncated

Uh oh!

pkg-pr-new bot commented Feb 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Changel...
Description has been truncated