Releases: modelcontextprotocol/typescript-sdk
Releases · modelcontextprotocol/typescript-sdk
1.24.3
What's Changed
- chore: fix dev dependency security vulnerabilities by @felixweinberger in #1227
- chore(deps): bump express from 5.0.1 to 5.2.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1228
- fix: release HTTP connections after POST responses by @mattzcarey in #1214
- fix: skip priming events and closeSSEStream for old protocol versions by @felixweinberger in #1233
- chore: bump version for patch release by @felixweinberger in #1235
Full Changelog: 1.24.2...1.24.3
Contributors
felixweinberger, dependabot, and mattzcarey
Assets 2
1.23.1
Fixed:
- Disabled SSE priming events to fix backwards compatibility - 1.23.x clients crash on empty SSE data (JSON.parse(""))
This is a patch for servers still on 1.23.x that were breaking clients not handling the the 2025-11-25 priming event behavior with empty SSE data fields. See #1233 for more details.
Full Changelog: 1.23.0...1.23.1
1.24.2
What's Changed
- feat: add optional resource annotations by @vhorvath2010 in #954
- chore: refresh CLAUDE.md by @LucaButBoring in #1217
- refactor: make Server class framework-agnostic by moving express to separate module by @cytle in #1223
- chore: bump version to 1.24.2 by @pcarleton in #1224
New Contributors
- @vhorvath2010 made their first contribution in #954
- @cytle made their first contribution in #1223
Full Changelog: 1.24.1...1.24.2
Contributors
pcarleton, cytle, and 2 other contributors
Assets 2
1.24.1
What's Changed
- fix(streamableHttp): fix infinite retries when maxRetries is set to 0 by @mrorigo in #1216
- chore: update protocol version to 2025-11-25 by @dsp-ant in #1218
- chore: bump version for release by @felixweinberger in #1219
New Contributors
Full Changelog: 1.24.0...1.24.1
Contributors
mrorigo, felixweinberger, and dsp-ant
Assets 2
1.24.0
Summary
This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.
What's Changed
- fix: update spec links from latest to draft by @domdomegg in #1171
- Make sure to consume HTTP error response bodies by @GreenStage in #1173
- docs: add GET request handling for streamableHttp stateless mode by @saharis9988 in #1161
- SEP-1686: Tasks by @LucaButBoring in #1041
- Fix JSON parse error on SSE events with empty data by @felixweinberger in #1184
- Fix StreamableHTTPClientTransport instantiation by @yuwzho in #944
- feat: eslint rule to prefer node protocols by @mattzcarey in #1187
- fix: call tasks/result to deliver side-channel messages by @felixweinberger in #1185
- Add invalid_target oauth error (rfc 8707) by @GreenStage in #1183
- fix(client): use StreamableHTTPError instead of plain Error in send() by @yamadashy in #1178
- coerce 'expires_in' to be a number by @adam-kuhn in #1111
- Allow HTTP issuer URLs when MCP_DEV_MODE is enabled by @jerome3o-anthropic in #1189
- fix: update registerTool signature for proper typed ToolCallback by @mattzcarey in #1188
- SEP-1046: Client credentials flow for M2M without user interaction by @KKonstantinov in #1157
- adds the transitive @types/express-serve-static-core dependency as a direct devDependency by @mgyarmathy in #1078
- Fix optional argument handling in prompts for Zod V4 by @filip-bartuska-ipf in #1199
- fix hanging stdio servers by @mattzcarey in #1200
- README refactor by @KKonstantinov in #1197
- [Docs] Fix typo by @koic in #1067
- feat: add closeSSEStream callback to RequestHandlerExtra by @felixweinberger in #1166
- fix: improve SSE reconnection behavior by @felixweinberger in #1191
- fix: normalize headers in sse transport by @marcrasi in #856
- feat: add closeStandaloneSSEStream for GET stream polling by @felixweinberger in #1203
- fix: normalize null to undefined in ElicitResultSchema content field by @mattzcarey in #1204
- Modify Origin header validation in validateRequestHeaders (streamableHttp.ts and sse.ts) to allow requests without an Origin, as they are not relevant to server DNS rebinding protection. by @jacopoc in #1205
- fix: allow zod 4 transformations by @mattzcarey in #1213
- feat: backwards-compatible createMessage overloads for SEP-1577 by @felixweinberger in #1212
- chore: bump version for release by @felixweinberger in #1215
New Contributors
- @GreenStage made their first contribution in #1173
- @saharis9988 made their first contribution in #1161
- @yuwzho made their first contribution in #944
- @yamadashy made their first contribution in #1178
- @adam-kuhn made their first contribution in #1111
- @mgyarmathy made their first contribution in #1078
- @filip-bartuska-ipf made their first contribution in #1199
- @koic made their first contribution in #1067
- @marcrasi made their first contribution in #856
- @jacopoc made their first contribution in #1205
Full Changelog: 1.23.0...1.24.0
Contributors
koic, KKonstantinov, and 14 other contributors
Assets 2
1.23.0
What's Changed
- Migrate to vitest from jest by @mattzcarey in #1074
- ci: add workflow_dispatch trigger for manual CI runs by @felixweinberger in #1114
- Fix: @types/node incompatibility with vite warnings on npm install by @KKonstantinov in #1121
- Fix: clean up accidental spec.types.ts by @KKonstantinov in #1122
- fix: Pass RequestInit options to auth requests by @dsp-ant in #1066
- SEP-1036: URL Elicitation by @nbarbettini in #1105
- add none to test and the router. by @m-henderson in #1116
- [auth] Adjust scope management to line up with SEP-835 by @pcarleton in #1133
- chore: add .idea/ to .gitignore by @maxisbey in #1134
- chore: remove unused @types/eslint__js dependency by @mattzcarey in #1128
- feat: url based client metadata registration (SEP 991) by @mattzcarey in #1127
- feat: zod v4 with backwards compatibility for v3.25+ by @dclark27 in #1040
- fix: remove pnpm lock and regenerate package-lock by @mattzcarey in #1138
- docs: update installation instructions for zod peer dependency by @mattzcarey in #1139
- Implement SEP-1577 - Sampling With Tools by @ochafik in #1101
- Follow up: unify v3 and v4 zod types via describe matrix and a test helper by @KKonstantinov in #1141
- chore: Add deprecated marker to old elicitInput overload by @nbarbettini in #1142
- fix: Connect error in URL elicitation example by @nbarbettini in #1136
- Support upscoping on insufficient_scope 403 by @Nayana-Parameswarappa in #1115
- Support beta releases by publishing with --tag beta by @felixweinberger in #1146
- Bump version to 1.23.0-beta.0 by @felixweinberger in #1147
- SEP-1613: use
.catchall()on inputSchema/outputSchema to support JSON Schema 2020-12 by @felixweinberger in #1135 - sampling: validate tools, tool_use, tool_result constraints by @ochafik in #1156
- fix: React to upstream RC schema changes for form mode elicitation requests by @felixweinberger in #1164
- feat: implement SEP-1699 SSE polling via server-side disconnect by @felixweinberger in #1129
- chore: bump package number for release by @felixweinberger in #1170
New Contributors
- @nbarbettini made their first contribution in #1105
- @m-henderson made their first contribution in #1116
- @maxisbey made their first contribution in #1134
- @dclark27 made their first contribution in #1040
- @Nayana-Parameswarappa made their first contribution in #1115
Full Changelog: 1.22.0...1.23.0
Contributors
ochafik, KKonstantinov, and 9 other contributors
Assets 2
1.23.0-beta.0
Special Note: zod v4
This beta release adds support for zod v4, a highly requested addition.
Special thanks to @dclark27 @colinhacks for all the work on #1040 which adds this support while staying backwards compatible with zod v3!
NOTE: if you run into any issues with zod v4 in this SDK please raise an issue! We'll be monitoring actively for any issues while trying to use zod v4 as it's a highly anticipated update. In order to make this upgrade possible we needed to also require v3.25+ for zod v3. You may need to update your version of zod v3 if you've been using an older one. We're also making this a beta release while we get initial feedback on the update here.
What's Changed
- Migrate to vitest from jest by @mattzcarey in #1074
- ci: add workflow_dispatch trigger for manual CI runs by @felixweinberger in #1114
- Fix: @types/node incompatibility with vite warnings on npm install by @KKonstantinov in #1121
- Fix: clean up accidental spec.types.ts by @KKonstantinov in #1122
- fix: Pass RequestInit options to auth requests by @dsp-ant in #1066
- SEP-1036: URL Elicitation by @nbarbettini in #1105
- add none to test and the router. by @m-henderson in #1116
- [auth] Adjust scope management to line up with SEP-835 by @pcarleton in #1133
- chore: add .idea/ to .gitignore by @maxisbey in #1134
- chore: remove unused @types/eslint__js dependency by @mattzcarey in #1128
- feat: url based client metadata registration (SEP 991) by @mattzcarey in #1127
- feat: zod v4 with backwards compatibility for v3.25+ by @dclark27 in #1040
- fix: remove pnpm lock and regenerate package-lock by @mattzcarey in #1138
- docs: update installation instructions for zod peer dependency by @mattzcarey in #1139
- Implement SEP-1577 - Sampling With Tools by @ochafik in #1101
- Follow up: unify v3 and v4 zod types via describe matrix and a test helper by @KKonstantinov in #1141
- chore: Add deprecated marker to old elicitInput overload by @nbarbettini in #1142
- fix: Connect error in URL elicitation example by @nbarbettini in #1136
- Support upscoping on insufficient_scope 403 by @Nayana-Parameswarappa in #1115
- Support beta releases by publishing with --tag beta by @felixweinberger in #1146
- Bump version to 1.23.0-beta.0 by @felixweinberger in #1147
New Contributors
- @nbarbettini made their first contribution in #1105
- @m-henderson made their first contribution in #1116
- @maxisbey made their first contribution in #1134
- @dclark27 made their first contribution in #1040
- @Nayana-Parameswarappa made their first contribution in #1115
Full Changelog: 1.22.0...1.23.0-beta.0
Contributors
ochafik, KKonstantinov, and 10 other contributors