[Snyk] Security upgrade @modelcontextprotocol/sdk from 1.6.0 to 1.24.0#2
[Snyk] Security upgrade @modelcontextprotocol/sdk from 1.6.0 to 1.24.0#2ebothegreat wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MODELCONTEXTPROTOCOLSDK-14171914
|
Keep this PR in a mergeable state → Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| peerDependencies: | ||
| '@cfworker/json-schema': ^4.1.1 | ||
| zod: ^3.25 || ^4.0 |
There was a problem hiding this comment.
Upgrading @modelcontextprotocol/sdk to 1.24.x introduces a peer dependency on zod ^3.25 || ^4.0 (pnpm-lock.yaml lines 557-559), but package.json still pins zod at ^3.24.2. With pnpm’s default strict peer dependency checks, installs will now error or warn because the project’s zod version does not satisfy the new range; even if ignored, the SDK is built against a newer zod API. Please bump the root zod dependency (and lockfile) to a compatible version or pin the SDK to a version that matches 3.24.x.
Useful? React with 👍 / 👎.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.
Snyk changed the following file(s):
package.jsonpnpm-lock.yamlVulnerabilities that will be fixed with an upgrade:
SNYK-JS-MODELCONTEXTPROTOCOLSDK-14171914
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.