From fe0407a9e0e609c64327680f8e8849c598f1c404 Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Fri, 16 Jan 2026 15:38:30 +0200 Subject: [PATCH 1/3] v2: pnpm audit fixes --- pnpm-lock.yaml | 54 +++++++++++++++++++++++++++------------------ pnpm-workspace.yaml | 14 +++++++----- 2 files changed, 40 insertions(+), 28 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 66600384f..5a2461038 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -7,7 +7,7 @@ settings: catalogs: devTools: '@eslint/js': - specifier: ^9.39.1 + specifier: ^9.39.2 version: 9.39.2 '@types/content-type': specifier: ^1.1.8 @@ -22,7 +22,7 @@ catalogs: specifier: ^1.1.15 version: 1.1.15 '@types/express': - specifier: ^5.0.0 + specifier: ^5.0.6 version: 5.0.6 '@types/express-serve-static-core': specifier: ^5.1.0 @@ -37,7 +37,7 @@ catalogs: specifier: ^7.0.0-dev.20251217.1 version: 7.0.0-dev.20260105.1 eslint: - specifier: ^9.8.0 + specifier: ^9.39.2 version: 9.39.2 eslint-config-prettier: specifier: ^10.1.8 @@ -83,12 +83,12 @@ catalogs: specifier: ^3.0.0 version: 3.0.6 jose: - specifier: ^6.1.1 + specifier: ^6.1.3 version: 6.1.3 runtimeServerOnly: '@hono/node-server': - specifier: ^1.19.7 - version: 1.19.7 + specifier: ^1.19.8 + version: 1.19.8 cors: specifier: ^2.8.5 version: 2.8.5 @@ -96,8 +96,8 @@ catalogs: specifier: ^5.2.1 version: 5.2.1 hono: - specifier: ^4.11.1 - version: 4.11.3 + specifier: ^4.11.4 + version: 4.11.4 runtimeShared: '@cfworker/json-schema': specifier: ^4.1.1 @@ -145,7 +145,7 @@ importers: version: link:packages/client '@modelcontextprotocol/conformance': specifier: 0.1.9 - version: 0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.3) + version: 0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.4) '@modelcontextprotocol/node': specifier: workspace:^ version: link:packages/middleware/node @@ -310,7 +310,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.7(hono@4.11.3) + version: 1.19.8(hono@4.11.4) '@modelcontextprotocol/examples-shared': specifier: workspace:^ version: link:../shared @@ -337,7 +337,7 @@ importers: version: 5.2.1 hono: specifier: catalog:runtimeServerOnly - version: 4.11.3 + version: 4.11.4 zod: specifier: catalog:runtimeShared version: 4.3.5 @@ -651,7 +651,7 @@ importers: dependencies: hono: specifier: catalog:runtimeServerOnly - version: 4.11.3 + version: 4.11.4 devDependencies: '@eslint/js': specifier: catalog:devTools @@ -700,7 +700,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.7(hono@4.11.3) + version: 1.19.8(hono@4.11.4) devDependencies: '@eslint/js': specifier: catalog:devTools @@ -1211,6 +1211,12 @@ packages: peerDependencies: hono: ^4 + '@hono/node-server@1.19.8': + resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==} + engines: {node: '>=18.14.1'} + peerDependencies: + hono: ^4 + '@humanfs/core@0.19.1': resolution: {integrity: sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==} engines: {node: '>=18.18.0'} @@ -2752,8 +2758,8 @@ packages: resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==} engines: {node: '>= 0.4'} - hono@4.11.3: - resolution: {integrity: sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==} + hono@4.11.4: + resolution: {integrity: sha512-U7tt8JsyrxSRKspfhtLET79pU8K+tInj5QZXs1jSugO1Vq5dFj3kmZsRldo29mTBfcjDRVRXrEZ6LS63Cog9ZA==} engines: {node: '>=16.9.0'} hookable@6.0.1: @@ -4221,9 +4227,13 @@ snapshots: '@eslint/core': 0.17.0 levn: 0.4.1 - '@hono/node-server@1.19.7(hono@4.11.3)': + '@hono/node-server@1.19.7(hono@4.11.4)': + dependencies: + hono: 4.11.4 + + '@hono/node-server@1.19.8(hono@4.11.4)': dependencies: - hono: 4.11.3 + hono: 4.11.4 '@humanfs/core@0.19.1': {} @@ -4273,9 +4283,9 @@ snapshots: globby: 11.1.0 read-yaml-file: 1.1.0 - '@modelcontextprotocol/conformance@0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.3)': + '@modelcontextprotocol/conformance@0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.4)': dependencies: - '@modelcontextprotocol/sdk': 1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.3)(zod@3.25.76) + '@modelcontextprotocol/sdk': 1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76) commander: 14.0.2 eventsource-parser: 3.0.6 express: 5.2.1 @@ -4286,9 +4296,9 @@ snapshots: - hono - supports-color - '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.3)(zod@3.25.76)': + '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76)': dependencies: - '@hono/node-server': 1.19.7(hono@4.11.3) + '@hono/node-server': 1.19.7(hono@4.11.4) ajv: 8.17.1 ajv-formats: 3.0.1(ajv@8.17.1) content-type: 1.0.5 @@ -5755,7 +5765,7 @@ snapshots: dependencies: function-bind: 1.1.2 - hono@4.11.3: {} + hono@4.11.4: {} hookable@6.0.1: {} diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 61f34ddb3..eee336b2d 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -6,17 +6,17 @@ packages: catalogs: devTools: - '@eslint/js': ^9.39.1 + '@eslint/js': ^9.39.2 '@types/content-type': ^1.1.8 '@types/cors': ^2.8.17 '@types/cross-spawn': ^6.0.6 '@types/eventsource': ^1.1.15 - '@types/express': ^5.0.0 + '@types/express': ^5.0.6 '@types/express-serve-static-core': ^5.1.0 '@types/supertest': ^6.0.2 '@types/ws': ^8.5.12 '@typescript/native-preview': ^7.0.0-dev.20251217.1 - eslint: ^9.8.0 + eslint: ^9.39.2 eslint-config-prettier: ^10.1.8 eslint-plugin-n: ^17.23.1 prettier: 3.6.2 @@ -32,13 +32,13 @@ catalogs: cross-spawn: ^7.0.5 eventsource: ^3.0.2 eventsource-parser: ^3.0.0 - jose: ^6.1.1 + jose: ^6.1.3 runtimeServerOnly: - '@hono/node-server': ^1.19.7 + '@hono/node-server': ^1.19.9 content-type: ^1.0.5 cors: ^2.8.5 express: ^5.2.1 - hono: ^4.11.1 + hono: ^4.11.4 raw-body: ^3.0.0 runtimeShared: '@cfworker/json-schema': ^4.1.1 @@ -56,6 +56,8 @@ linkWorkspacePackages: deep minimumReleaseAge: 10080 # 7 days minimumReleaseAgeExclude: - '@modelcontextprotocol/conformance' + - hono@4.11.4 # fixes https://github.com/advisories/GHSA-3vhc-576x-3qv4 https://github.com/advisories/GHSA-f67f-6cw9-8mq4 + - '@hono/node-server@1.19.8' # https://github.com/honojs/node-server/pull/295 onlyBuiltDependencies: - better-sqlite3 From 78f99f53eceea9d4133390d69d04f51b2502ecfc Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Fri, 16 Jan 2026 15:54:30 +0200 Subject: [PATCH 2/3] add minimum release age exclude on hono 1.19.9 --- pnpm-lock.yaml | 22 +++++++++++----------- pnpm-workspace.yaml | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 5a2461038..569d0b8fd 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -87,8 +87,8 @@ catalogs: version: 6.1.3 runtimeServerOnly: '@hono/node-server': - specifier: ^1.19.8 - version: 1.19.8 + specifier: ^1.19.9 + version: 1.19.9 cors: specifier: ^2.8.5 version: 2.8.5 @@ -310,7 +310,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.8(hono@4.11.4) + version: 1.19.9(hono@4.11.4) '@modelcontextprotocol/examples-shared': specifier: workspace:^ version: link:../shared @@ -700,7 +700,7 @@ importers: dependencies: '@hono/node-server': specifier: catalog:runtimeServerOnly - version: 1.19.8(hono@4.11.4) + version: 1.19.9(hono@4.11.4) devDependencies: '@eslint/js': specifier: catalog:devTools @@ -1205,14 +1205,14 @@ packages: resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==} engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - '@hono/node-server@1.19.7': - resolution: {integrity: sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==} + '@hono/node-server@1.19.8': + resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==} engines: {node: '>=18.14.1'} peerDependencies: hono: ^4 - '@hono/node-server@1.19.8': - resolution: {integrity: sha512-0/g2lIOPzX8f3vzW1ggQgvG5mjtFBDBHFAzI5SFAi2DzSqS9luJwqg9T6O/gKYLi+inS7eNxBeIFkkghIPvrMA==} + '@hono/node-server@1.19.9': + resolution: {integrity: sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==} engines: {node: '>=18.14.1'} peerDependencies: hono: ^4 @@ -4227,11 +4227,11 @@ snapshots: '@eslint/core': 0.17.0 levn: 0.4.1 - '@hono/node-server@1.19.7(hono@4.11.4)': + '@hono/node-server@1.19.8(hono@4.11.4)': dependencies: hono: 4.11.4 - '@hono/node-server@1.19.8(hono@4.11.4)': + '@hono/node-server@1.19.9(hono@4.11.4)': dependencies: hono: 4.11.4 @@ -4298,7 +4298,7 @@ snapshots: '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76)': dependencies: - '@hono/node-server': 1.19.7(hono@4.11.4) + '@hono/node-server': 1.19.8(hono@4.11.4) ajv: 8.17.1 ajv-formats: 3.0.1(ajv@8.17.1) content-type: 1.0.5 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index eee336b2d..c38dc642b 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -57,7 +57,7 @@ minimumReleaseAge: 10080 # 7 days minimumReleaseAgeExclude: - '@modelcontextprotocol/conformance' - hono@4.11.4 # fixes https://github.com/advisories/GHSA-3vhc-576x-3qv4 https://github.com/advisories/GHSA-f67f-6cw9-8mq4 - - '@hono/node-server@1.19.8' # https://github.com/honojs/node-server/pull/295 + - '@hono/node-server@1.19.9' # https://github.com/honojs/node-server/pull/295 onlyBuiltDependencies: - better-sqlite3 From 8894a833a673a0a1c176e8ba92f6fcc6d7f0b5c4 Mon Sep 17 00:00:00 2001 From: Konstantin Konstantinov Date: Tue, 20 Jan 2026 17:33:16 +0200 Subject: [PATCH 3/3] bump conformance to 0.1.10 --- package.json | 2 +- pnpm-lock.yaml | 30 ++++++++++-------------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index bb5154716..941b986b0 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,7 @@ "@changesets/cli": "^2.29.8", "@eslint/js": "catalog:devTools", "@modelcontextprotocol/client": "workspace:^", - "@modelcontextprotocol/conformance": "0.1.9", + "@modelcontextprotocol/conformance": "0.1.10", "@modelcontextprotocol/server": "workspace:^", "@modelcontextprotocol/node": "workspace:^", "@types/content-type": "catalog:devTools", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 4169c295b..7aabe270e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -144,8 +144,8 @@ importers: specifier: workspace:^ version: link:packages/client '@modelcontextprotocol/conformance': - specifier: 0.1.9 - version: 0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.4) + specifier: 0.1.10 + version: 0.1.10(@cfworker/json-schema@4.1.1)(hono@4.11.4) '@modelcontextprotocol/node': specifier: workspace:^ version: link:packages/middleware/node @@ -1208,12 +1208,6 @@ packages: resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==} engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - '@hono/node-server@1.19.7': - resolution: {integrity: sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==} - engines: {node: '>=18.14.1'} - peerDependencies: - hono: ^4 - '@hono/node-server@1.19.9': resolution: {integrity: sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw==} engines: {node: '>=18.14.1'} @@ -1264,12 +1258,12 @@ packages: '@manypkg/get-packages@1.1.3': resolution: {integrity: sha512-fo+QhuU3qE/2TQMQmbVMqaQ6EWbMhi4ABWP+O4AM1NqPBuy0OrApV5LO6BrrgnhtAHS2NH6RrVk9OL181tTi8A==} - '@modelcontextprotocol/conformance@0.1.9': - resolution: {integrity: sha512-hpR5PoW0feue3LHSi1kJNhQxbySEQNWR6McuB3QCoK0zsxIdoq+id4GxRwWVOnRnjOiTecDKMD1QMfXuurDZPQ==} + '@modelcontextprotocol/conformance@0.1.10': + resolution: {integrity: sha512-efzLxW3sNiC48ARADxNkSNSZREdjtQNJ+12MJHCUDSnHZMbiFa7v5SivB2Aja4LCE0ZiWgnG5I5PSNMBrp1xKg==} hasBin: true - '@modelcontextprotocol/sdk@1.25.1': - resolution: {integrity: sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ==} + '@modelcontextprotocol/sdk@1.25.2': + resolution: {integrity: sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==} engines: {node: '>=18'} peerDependencies: '@cfworker/json-schema': ^4.1.1 @@ -4318,10 +4312,6 @@ snapshots: '@eslint/core': 0.17.0 levn: 0.4.1 - '@hono/node-server@1.19.7(hono@4.11.4)': - dependencies: - hono: 4.11.4 - '@hono/node-server@1.19.9(hono@4.11.4)': dependencies: hono: 4.11.4 @@ -4374,9 +4364,9 @@ snapshots: globby: 11.1.0 read-yaml-file: 1.1.0 - '@modelcontextprotocol/conformance@0.1.9(@cfworker/json-schema@4.1.1)(hono@4.11.4)': + '@modelcontextprotocol/conformance@0.1.10(@cfworker/json-schema@4.1.1)(hono@4.11.4)': dependencies: - '@modelcontextprotocol/sdk': 1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76) + '@modelcontextprotocol/sdk': 1.25.2(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76) commander: 14.0.2 eventsource-parser: 3.0.6 express: 5.2.1 @@ -4387,9 +4377,9 @@ snapshots: - hono - supports-color - '@modelcontextprotocol/sdk@1.25.1(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76)': + '@modelcontextprotocol/sdk@1.25.2(@cfworker/json-schema@4.1.1)(hono@4.11.4)(zod@3.25.76)': dependencies: - '@hono/node-server': 1.19.7(hono@4.11.4) + '@hono/node-server': 1.19.9(hono@4.11.4) ajv: 8.17.1 ajv-formats: 3.0.1(ajv@8.17.1) content-type: 1.0.5