coerce 'expires_in' to be a number #1111
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit: |
Contributor
|
Thank you for working on this. Have resolved some incoming conflicts from cc @pcarleton |
KKonstantinov
approved these changes
Nov 16, 2025
felixweinberger
approved these changes
Nov 28, 2025
Contributor
felixweinberger
left a comment
felixweinberger
left a comment
There was a problem hiding this comment.
Makes sense, thank you
MightyPrytanis
added a commit
to MightyPrytanis/codebase
that referenced
this pull request
Jan 3, 2026
 <h3>Snyk has created this PR to upgrade @modelcontextprotocol/sdk from 1.24.0 to 1.24.3.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **3 versions** ahead of your current version. - The recommended version was released **a month ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@modelcontextprotocol/sdk</b></summary> <ul> <li> <b>1.24.3</b> - <a href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/releases/tag/1.24.3">2025-12-04</a></br><h2>What's Changed</h2> <ul> <li>chore: fix dev dependency security vulnerabilities by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3691198208" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1227" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1227/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1227">#1227</a></li> <li>chore(deps): bump express from 5.0.1 to 5.2.1 in the npm_and_yarn group across 1 directory by <a class="user-mention notranslate" data-hovercard-type="organization" data-hovercard-url="/orgs/dependabot/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/dependabot">@ dependabot</a>[bot] in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3691221872" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1228" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1228/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1228">#1228</a></li> <li>fix: release HTTP connections after POST responses by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mattzcarey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mattzcarey">@ mattzcarey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3685626979" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1214" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1214/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1214">#1214</a></li> <li>fix: skip priming events and closeSSEStream for old protocol versions by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3694335007" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1233" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1233/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1233">#1233</a></li> <li>chore: bump version for patch release by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3694887719" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1235" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1235/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1235">#1235</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/compare/1.24.2...1.24.3"><tt>1.24.2...1.24.3</tt></a></p> </li> <li> <b>1.24.2</b> - <a href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/releases/tag/1.24.2">2025-12-03</a></br><h2>What's Changed</h2> <ul> <li>feat: add optional resource annotations by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/vhorvath2010/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/vhorvath2010">@ vhorvath2010</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3436712736" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#954" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/954/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/954">#954</a></li> <li>chore: refresh CLAUDE.md by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/LucaButBoring/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/LucaButBoring">@ LucaButBoring</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3686867636" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1217" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1217/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1217">#1217</a></li> <li>refactor: make Server class framework-agnostic by moving express to separate module by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/cytle/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/cytle">@ cytle</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3689485567" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1223" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1223/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1223">#1223</a></li> <li>chore: bump version to 1.24.2 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/pcarleton/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/pcarleton">@ pcarleton</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3689937597" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1224" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1224/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1224">#1224</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/vhorvath2010/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/vhorvath2010">@ vhorvath2010</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3436712736" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#954" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/954/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/954">#954</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/cytle/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/cytle">@ cytle</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3689485567" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1223" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1223/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1223">#1223</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/compare/1.24.1...1.24.2"><tt>1.24.1...1.24.2</tt></a></p> </li> <li> <b>1.24.1</b> - <a href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/releases/tag/1.24.1">2025-12-02</a></br><h2>What's Changed</h2> <ul> <li>fix(streamableHttp): fix infinite retries when maxRetries is set to 0 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mrorigo/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mrorigo">@ mrorigo</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3686035318" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1216" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1216/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1216">#1216</a></li> <li>chore: update protocol version to 2025-11-25 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/dsp-ant/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/dsp-ant">@ dsp-ant</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3687018759" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1218" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1218/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1218">#1218</a></li> <li>chore: bump version for release by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3687067916" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1219" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1219/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1219">#1219</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mrorigo/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mrorigo">@ mrorigo</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3686035318" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1216" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1216/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1216">#1216</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/compare/1.24.0...1.24.1"><tt>1.24.0...1.24.1</tt></a></p> </li> <li> <b>1.24.0</b> - <a href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/releases/tag/1.24.0">2025-12-02</a></br><h2>Summary</h2> <p>This release brings us up to speed with the latest MCP spec <code>2025-11-25</code>. Take a look at the <a href="https://modelcontextprotocol.io/specification/2025-11-25" rel="nofollow">latest spec</a> as well as the release <a href="https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/" rel="nofollow">blog post.</a></p> <h2>What's Changed</h2> <ul> <li>fix: update spec links from latest to draft by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/domdomegg/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/domdomegg">@ domdomegg</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3664829218" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1171" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1171/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1171">#1171</a></li> <li>Make sure to consume HTTP error response bodies by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/GreenStage/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/GreenStage">@ GreenStage</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3666874622" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1173" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1173/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1173">#1173</a></li> <li>docs: add GET request handling for streamableHttp stateless mode by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/saharis9988/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/saharis9988">@ saharis9988</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3660259155" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1161" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1161/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1161">#1161</a></li> <li>SEP-1686: Tasks by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/LucaButBoring/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/LucaButBoring">@ LucaButBoring</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3546900542" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1041" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1041/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1041">#1041</a></li> <li>Fix JSON parse error on SSE events with empty data by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3672860656" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1184" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1184/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1184">#1184</a></li> <li>Fix StreamableHTTPClientTransport instantiation by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuwzho/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/yuwzho">@ yuwzho</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3420595607" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#944" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/944/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/944">#944</a></li> <li>feat: eslint rule to prefer node protocols by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mattzcarey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mattzcarey">@ mattzcarey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3674518488" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1187" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1187/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1187">#1187</a></li> <li>fix: call tasks/result to deliver side-channel messages by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3672896336" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1185" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1185/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1185">#1185</a></li> <li>Add invalid_target oauth error (rfc 8707) by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/GreenStage/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/GreenStage">@ GreenStage</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3672704149" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1183" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1183/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1183">#1183</a></li> <li>fix(client): use StreamableHTTPError instead of plain Error in send() by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yamadashy/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/yamadashy">@ yamadashy</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3669612690" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1178" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1178/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1178">#1178</a></li> <li>coerce 'expires_in' to be a number by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/adam-kuhn/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/adam-kuhn">@ adam-kuhn</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3624481815" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1111" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1111/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1111">#1111</a></li> <li>Allow HTTP issuer URLs when MCP_DEV_MODE is enabled by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jerome3o-anthropic/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/jerome3o-anthropic">@ jerome3o-anthropic</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3675262314" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1189" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1189/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1189">#1189</a></li> <li>fix: update registerTool signature for proper typed ToolCallback by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mattzcarey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mattzcarey">@ mattzcarey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3674832778" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1188" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1188/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1188">#1188</a></li> <li>SEP-1046: Client credentials flow for M2M without user interaction by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KKonstantinov/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/KKonstantinov">@ KKonstantinov</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3655110317" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1157" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1157/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1157">#1157</a></li> <li>adds the transitive @ types/express-serve-static-core dependency as a direct devDependency by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mgyarmathy/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mgyarmathy">@ mgyarmathy</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3584050696" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1078" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1078/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1078">#1078</a></li> <li>Fix optional argument handling in prompts for Zod V4 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/filip-bartuska-ipf/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/filip-bartuska-ipf">@ filip-bartuska-ipf</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3680574535" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1199" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1199/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1199">#1199</a></li> <li>fix hanging stdio servers by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mattzcarey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mattzcarey">@ mattzcarey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3680985762" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1200" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1200/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1200">#1200</a></li> <li>README refactor by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KKonstantinov/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/KKonstantinov">@ KKonstantinov</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3679336733" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1197" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1197/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1197">#1197</a></li> <li>[Docs] Fix typo by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/koic/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/koic">@ koic</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3576912671" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1067" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1067/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1067">#1067</a></li> <li>feat: add closeSSEStream callback to RequestHandlerExtra by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3663783141" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1166" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1166/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1166">#1166</a></li> <li>fix: improve SSE reconnection behavior by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3675644114" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1191" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1191/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1191">#1191</a></li> <li>fix: normalize headers in sse transport by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/marcrasi/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/marcrasi">@ marcrasi</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3301818827" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#856" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/856/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/856">#856</a></li> <li>feat: add closeStandaloneSSEStream for GET stream polling by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3681592788" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1203" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1203/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1203">#1203</a></li> <li>fix: normalize null to undefined in ElicitResultSchema content field by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mattzcarey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mattzcarey">@ mattzcarey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3681871133" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1204" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1204/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1204">#1204</a></li> <li>Modify Origin header validation in validateRequestHeaders (streamableHttp.ts and sse.ts) to allow requests without an Origin, as they are not relevant to server DNS rebinding protection. by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jacopoc/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/jacopoc">@ jacopoc</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3682254908" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1205" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1205/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1205">#1205</a></li> <li>fix: allow zod 4 transformations by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mattzcarey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mattzcarey">@ mattzcarey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3685521543" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1213" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1213/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1213">#1213</a></li> <li>feat: backwards-compatible createMessage overloads for SEP-1577 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3685389937" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1212" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1212/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1212">#1212</a></li> <li>chore: bump version for release by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/felixweinberger/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/felixweinberger">@ felixweinberger</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3685838812" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1215" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1215/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1215">#1215</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/GreenStage/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/GreenStage">@ GreenStage</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3666874622" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1173" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1173/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1173">#1173</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/saharis9988/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/saharis9988">@ saharis9988</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3660259155" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1161" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1161/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1161">#1161</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yuwzho/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/yuwzho">@ yuwzho</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3420595607" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#944" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/944/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/944">#944</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yamadashy/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/yamadashy">@ yamadashy</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3669612690" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1178" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1178/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1178">#1178</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/adam-kuhn/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/adam-kuhn">@ adam-kuhn</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3624481815" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1111" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1111/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1111">#1111</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mgyarmathy/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/mgyarmathy">@ mgyarmathy</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3584050696" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1078" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1078/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1078">#1078</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/filip-bartuska-ipf/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/filip-bartuska-ipf">@ filip-bartuska-ipf</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3680574535" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1199" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1199/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1199">#1199</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/koic/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/koic">@ koic</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3576912671" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1067" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1067/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1067">#1067</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/marcrasi/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/marcrasi">@ marcrasi</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3301818827" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#856" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/856/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/856">#856</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jacopoc/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/jacopoc">@ jacopoc</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3682254908" data-permission-text="Title is private" data-url="modelcontextprotocol/typescript-sdk#1205" data-hovercard-type="pull_request" data-hovercard-url="/modelcontextprotocol/typescript-sdk/pull/1205/hovercard" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1205">#1205</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/compare/1.23.0...1.24.0"><tt>1.23.0...1.24.0</tt></a></p> </li> </ul> from <a href="https://redirect.github.com/modelcontextprotocol/typescript-sdk/releases">@modelcontextprotocol/sdk GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJhMDljYzIxZS1mZjNiLTQzOTEtOGZlZi04NmE4ODU2MDA2YTgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImEwOWNjMjFlLWZmM2ItNDM5MS04ZmVmLTg2YTg4NTYwMDZhOCJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/mightyprytanis/project/eba72b74-6882-414c-8d80-bbb34df62e40?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/mightyprytanis/project/eba72b74-6882-414c-8d80-bbb34df62e40/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/mightyprytanis/project/eba72b74-6882-414c-8d80-bbb34df62e40/settings/integration?pkg=@modelcontextprotocol/sdk&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"breakingChangeRiskLevel":null,"FF_showPullRequestBreakingChanges":false,"FF_showPullRequestBreakingChangesWebSearch":false,"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@modelcontextprotocol/sdk","from":"1.24.0","to":"1.24.3"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"a09cc21e-ff3b-4391-8fef-86a8856006a8","prPublicId":"a09cc21e-ff3b-4391-8fef-86a8856006a8","packageManager":"npm","priorityScoreList":[],"projectPublicId":"eba72b74-6882-414c-8d80-bbb34df62e40","projectUrl":"https://app.snyk.io/org/mightyprytanis/project/eba72b74-6882-414c-8d80-bbb34df62e40?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2025-12-04T14:35:52.609Z"},"vulns":[]}'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Microsoft Entra login returns a string for the "expires_in" property. The proposed changes addresses this by coercing the string value to a number.
Motivation and Context
When building an MCP server Entra login the token exchange fails a zod validation because "expires_in" is a string.
An issue was originally created for the inspector as that is where this was first noticed, but after some digging I found the root cause to be in the SDK itself.
Example token response:
Original issue:
modelcontextprotocol/inspector#912
How Has This Been Tested?
Add unit tests
Breaking Changes
No
Types of changes
Checklist