{
  "interval": {
    "intervalStart": "2026-02-20T00:00:00.000Z",
    "intervalEnd": "2026-02-21T00:00:00.000Z",
    "intervalType": "day"
  },
  "repository": "elizaos/eliza",
  "overview": "From 2026-02-20 to 2026-02-21, elizaos/eliza had 3 new PRs (0 merged), 3 new issues, and 6 active contributors.",
  "topIssues": [
    {
      "id": "I_kwDOMT5cIs7pfwlU",
      "title": "[UI] Add Discord Option to Landing Site",
      "author": "borisudovicic",
      "number": 6487,
      "repository": "elizaos/eliza",
      "body": "## Description\n\nAdd Discord as a 4th messaging option on the Eliza App landing site. Currently Discord is available on the get-started/sign-up page but not on the main landing site.\n\n## Context (Feb 9 meeting)\n\n**Boris:** \"We should probably add Discord to the front end as an option, as a fourth option.\"\n\n**Stan confirmed:** \"It's already in production. You go to Eliza app, everything is set up and it works well.\"\n\n**Boris clarified:** \"It's not on the landing site. It's on the next page where you can choose which one, but it's not on the choices on the landing site.\"\n\n## Acceptance Criteria\n\n- [ ] Discord option added to landing site alongside iMessage, Telegram, WhatsApp\n- [ ] Links to Discord bot invite flow (add bot to server → DM)\n\n## Priority\n\nQuick win — should be straightforward.",
      "createdAt": "2026-02-09T17:40:36Z",
      "closedAt": "2026-02-20T16:59:08Z",
      "state": "CLOSED",
      "commentCount": 0
    },
    {
      "id": "I_kwDOMT5cIs7ra6MB",
      "title": "[Metrics] Baseline Product Metrics for Beta Launch",
      "author": "borisudovicic",
      "number": 6504,
      "repository": "elizaos/eliza",
      "body": "## Description\n\nSet up [product metrics](<https://mountain-camp-f5a.notion.site/Eliza-App-Metrics-2f83c6aecc5480d4aa3fe48d8f8b39ea>) to track usage and engagement ahead of beta launch.",
      "createdAt": "2026-02-16T21:49:22Z",
      "closedAt": "2026-02-20T16:59:10Z",
      "state": "CLOSED",
      "commentCount": 0
    },
    {
      "id": "I_kwDOMT5cIs7sm_Ii",
      "title": "Google MCP enhacements",
      "author": "samarth30",
      "number": 6517,
      "repository": "elizaos/eliza",
      "body": "[https://github.com/elizaOS/eliza-cloud-v2/pull/366](<https://github.com/elizaOS/eliza-cloud-v2/pull/366>)",
      "createdAt": "2026-02-20T17:41:02Z",
      "closedAt": null,
      "state": "OPEN",
      "commentCount": 0
    },
    {
      "id": "I_kwDOMT5cIs7sm-Dj",
      "title": "Twitter MCP enhacements",
      "author": "samarth30",
      "number": 6516,
      "repository": "elizaos/eliza",
      "body": "[https://github.com/elizaOS/eliza-cloud-v2/pull/363](<https://github.com/elizaOS/eliza-cloud-v2/pull/363>)",
      "createdAt": "2026-02-20T17:39:55Z",
      "closedAt": null,
      "state": "OPEN",
      "commentCount": 0
    },
    {
      "id": "I_kwDOMT5cIs7sbHiC",
      "title": "Inter-Agent Coordination: Have you considered cross-instance communication?",
      "author": "rookdaemon",
      "number": 6514,
      "repository": "elizaos/eliza",
      "body": "## Context\n\nEliza is described as \"Autonomous agents for everyone\" with a massive community (17k+ stars). I'm curious about the multi-agent coordination patterns your users are running into.\n\n## Coordination Scenarios\n\nDo Eliza users ever need:\n\n1. **Multiple Eliza instances coordinating** (different machines, different operators)\n2. **Cross-framework agent communication** (Eliza + other agent systems)\n3. **Persistent peer relationships** (agent-to-agent trust across sessions)\n4. **Capability discovery** (finding agents with specific skills)\n\n## Background\n\nI built [Agora](https://github.com/rookdaemon/agora) to explore this problem space - a coordination protocol for autonomous agents with:\n\n- Cryptographic identity (Ed25519) for persistent agent identities\n- Relay-based messaging (WebSocket) that works behind NATs/firewalls\n- Peer discovery by capability\n- Reputation system for verifying agent outputs\n\nNot promoting, genuinely curious: **is inter-agent coordination a pattern Eliza users need?**\n\nIf this is a real use case, I'd be interested in collaborating on integration patterns. Eliza's architecture + Agora's coordination layer could enable some interesting multi-agent scenarios.\n\n## Resources\n\n- Technical guide: https://rookdaemon.github.io/writing/adding-agora-to-your-agent/\n- Live relay: `wss://agora-relay.lbsa71.net`\n- NPM: `@rookdaemon/agora` v0.2.2\n\nCurious to hear if this resonates with problems your community is solving.",
      "createdAt": "2026-02-20T04:38:12Z",
      "closedAt": null,
      "state": "OPEN",
      "commentCount": 0
    }
  ],
  "topPRs": [
    {
      "id": "PR_kwDOMT5cIs7FPjL6",
      "title": "refactor(core): strict typing for logger runtime",
      "author": "Fankouzu",
      "number": 6519,
      "body": "This PR improves code quality by replacing  type usage in the logger module with proper  typing. This helps in maintaining type safety across the core package.",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-20T19:25:50Z",
      "mergedAt": null,
      "additions": 648170,
      "deletions": 302354
    },
    {
      "id": "PR_kwDOMT5cIs7FJ2O5",
      "title": "feat(vea-chatbot): add Vera — Virtually Ever After chatbot widget",
      "author": "decentralize-dfw",
      "number": 6515,
      "body": "Adds a fully self-contained, zero-dependency chatbot popup widget for Virtually Ever After that can be embedded on any GitHub Pages site with a single <script> tag. No API key or backend required.\r\n\r\nFiles added:\r\n- vea-chatbot/chatbot.js   — Core embeddable widget (IIFE, ~400 lines)\r\n  • Rule-based NLP with weighted keyword matching across 15+ topics\r\n  • Knowledge base covering: services, pricing, how it works, guest\r\n    experience, technology, testimonials, customisation, and more\r\n  • Floating 💍 FAB button in bottom-right corner\r\n  • Animated pop-up chat window with smooth spring transition\r\n  • Typing indicator, quick-reply chips, auto-grow textarea\r\n  • Minimal Markdown → HTML renderer (bold, italic, line breaks)\r\n  • HTML-safe user input escaping (XSS prevention)\r\n  • Three colour themes: rose (default), gold, sage\r\n  • Fully responsive (full-screen on mobile)\r\n  • Configurable via data-* attributes\r\n\r\n- vea-chatbot/index.html   — GitHub Pages landing page / demo\r\n  • Full marketing page showcasing Virtually Ever After\r\n  • Hero, features grid, how-it-works steps, chatbot demo section,\r\n    embed snippet, testimonials, CTA, footer\r\n  • Chatbot widget auto-loaded at bottom of page\r\n\r\n- vea-chatbot/vea-character.json — elizaOS character definition • Vera character with bio, lore, knowledge, message examples, style guidelines, and topics for elizaOS agent runtime\r\n\r\nhttps://claude.ai/code/session_01SubnpsW4putb1PKiv8adw7\r\n\r\n<!-- Use this template by filling in information and copying and pasting relevant items out of the HTML comments. -->\r\n\r\n# Relates to\r\n\r\n<!-- LINK TO ISSUE OR TICKET -->\r\n\r\n<!-- This risks section must be filled out before the final review and merge. -->\r\n\r\n# Risks\r\n\r\n<!--\r\nLow, medium, large. List what kind of risks and what could be affected.\r\n-->\r\n\r\n# Background\r\n\r\n## What does this PR do?\r\n\r\n## What kind of change is this?\r\n\r\n<!--\r\nBug fixes (non-breaking change which fixes an issue)\r\nImprovements (misc. changes to existing features)\r\nFeatures (non-breaking change which adds functionality)\r\nUpdates (new versions of included code)\r\n-->\r\n\r\n<!-- This \"Why\" section is most relevant if there are no linked issues explaining why. If there is a related issue, it might make sense to skip this why section. -->\r\n<!--\r\n## Why are we doing this? Any context or related work?\r\n-->\r\n\r\n# Documentation changes needed?\r\n\r\n<!--\r\nMy changes do not require a change to the project documentation.\r\nMy changes require a change to the project documentation.\r\nIf documentation change is needed: I have updated the documentation accordingly.\r\n-->\r\n\r\n<!-- Please show how you tested the PR. This will really help if the PR needs to be retested and probably help the PR get merged quicker. -->\r\n\r\n# Testing\r\n\r\n## Where should a reviewer start?\r\n\r\n## Detailed testing steps\r\n\r\n<!--\r\nNone: Automated tests are acceptable.\r\n-->\r\n\r\n<!--\r\n- As [anon/admin], go to [link]\r\n  - [do action]\r\n  - verify [result]\r\n-->\r\n\r\n<!-- If there is a UI change, please include before and after screenshots or videos. This will speed up PRs being merged. It is extra nice to annotate screenshots with arrows or boxes pointing out the differences. -->\r\n<!--\r\n## Screenshots\r\n### Before\r\n### After\r\n-->\r\n\r\n<!-- If there is anything about the deployment, please make a note. -->\r\n<!--\r\n# Deploy Notes\r\n-->\r\n\r\n<!--  Copy and paste command line output. -->\r\n<!--\r\n## Database changes\r\n-->\r\n\r\n<!--  Please specify deploy instructions if there is something more than the automated steps. -->\r\n<!--\r\n## Deployment instructions\r\n-->\r\n\r\n<!-- If you are on Discord, please join https://discord.gg/ai16z and state your Discord username here for the contributor role and join us in #development-feed -->\r\n<!--\r\n## Discord username\r\n\r\n-->\n\n<!-- greptile_comment -->\n\n<h3>Greptile Summary</h3>\n\nThis PR adds a standalone virtual wedding chatbot widget (`Vera`) for Virtually Ever After that can be embedded on any website with a single `<script>` tag. The implementation includes three files:\n\n- **`chatbot.js`** — A self-contained IIFE widget (~900 lines) with rule-based NLP keyword matching, themed UI components, and zero external dependencies\n- **`index.html`** — A marketing landing page demonstrating the chatbot widget with full product showcase\n- **`vea-character.json`** — An elizaOS character definition file for the Vera assistant\n\n**Key findings:**\n\nThe chatbot widget contains unused dead code — the `scoreEntry` function (lines 267-281) references an undefined variable `text` and is never called. The actual matching logic is correctly implemented in `findBestReply` (lines 284-320), making `scoreEntry` completely redundant. While this doesn't cause runtime errors (since it's never invoked), it should be removed for code cleanliness.\n\n<h3>Confidence Score: 3/5</h3>\n\n- Safe to merge with cleanup recommended — no critical runtime errors but contains dead code\n- The PR adds new functionality without touching existing code. The chatbot widget works correctly despite containing an unused function with a bug. The HTML and JSON files are clean with no issues.\n- Pay attention to `vea-chatbot/chatbot.js` — remove the unused `scoreEntry` function (lines 267-281)\n\n<h3>Important Files Changed</h3>\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| vea-chatbot/chatbot.js | Self-contained IIFE chatbot widget with NLP keyword matching; contains unused dead code (`scoreEntry` function with undefined variable reference) |\n| vea-chatbot/index.html | Marketing landing page for Virtually Ever After with embedded chatbot demo; clean HTML/CSS with no issues detected |\n| vea-chatbot/vea-character.json | elizaOS character definition for Vera chatbot assistant; well-structured JSON with comprehensive personality, knowledge base, and style guidelines |\n\n</details>\n\n\n\n<h3>Flowchart</h3>\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n    A[User clicks FAB button] --> B{Chat window open?}\n    B -->|No| C[Open chat window]\n    B -->|Yes| D[Close chat window]\n    C --> E{First time greeting?}\n    E -->|Yes| F[Show typing indicator]\n    F --> G[Display greeting message]\n    G --> H[Show quick reply chips]\n    E -->|No| I[Ready for input]\n    H --> I\n    I --> J[User types/clicks message]\n    J --> K[Clear quick replies]\n    K --> L[Display user message]\n    L --> M[Show typing indicator]\n    M --> N[Tokenize user input]\n    N --> O[Score against knowledge base]\n    O --> P{Match score >= 1?}\n    P -->|Yes| Q[Return matched reply]\n    P -->|No| R[Return fallback message]\n    Q --> S[Convert Markdown to HTML]\n    R --> S\n    S --> T[Display bot response]\n    T --> I\n```\n\n<sub>Last reviewed commit: 084d95c</sub>\n\n<!-- greptile_other_comments_section -->\n\n<sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub>\n\n<!-- /greptile_comment -->",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-20T12:25:10Z",
      "mergedAt": null,
      "additions": 2181,
      "deletions": 656532
    },
    {
      "id": "PR_kwDOMT5cIs7EsyVR",
      "title": "chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates",
      "author": "dependabot",
      "number": 6512,
      "body": "Bumps the npm_and_yarn group with 1 update in the /packages/computeruse/crates/computeruse-mcp-agent directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk).\nBumps the npm_and_yarn group with 1 update in the /packages/computeruse/crates/computeruse-mcp-agent/tests/integration directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk).\nBumps the npm_and_yarn group with 2 updates in the /packages/computeruse/examples/mcp-client-elicitation directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) and [ajv](https://github.com/ajv-validator/ajv).\n\nUpdates `@modelcontextprotocol/sdk` from 1.17.3 to 1.26.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"><code>@​modelcontextprotocol/sdk</code>'s releases</a>.</em></p>\n<blockquote>\n<h2>v1.26.0</h2>\n<p>Addresses &quot;Sharing server/transport instances can leak cross-client response data&quot; in this GHSA <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\">https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7</a></p>\n<h2>What's Changed</h2>\n<ul>\n<li>chore: bump v1.25.3 for backport fixes by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\">modelcontextprotocol/typescript-sdk#1412</a></li>\n<li>fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by <a href=\"https://github.com/samuv\"><code>@​samuv</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li>Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) by <a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n<li>chore: bump version to 1.26.0 by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\">modelcontextprotocol/typescript-sdk#1479</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/samuv\"><code>@​samuv</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li><a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0</a></p>\n<h2>v1.25.3</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>[v1.x backport] Use correct schema for client sampling validation when tools are present by <a href=\"https://github.com/olaservo\"><code>@​olaservo</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\">modelcontextprotocol/typescript-sdk#1407</a></li>\n<li>fix: prevent Hono from overriding global Response object (v1.x) by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\">modelcontextprotocol/typescript-sdk#1411</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3</a></p>\n<h2>v1.25.2</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>ci: trigger workflow on v1.x branch by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\">modelcontextprotocol/typescript-sdk#1319</a></li>\n<li>fix: README badges links destinations by <a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n<li>fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\">modelcontextprotocol/typescript-sdk#1365</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2</a></p>\n<h2>1.25.1</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>spec types - backwards compatibility changes by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\">modelcontextprotocol/typescript-sdk#1306</a></li>\n<li>chore: bump version for patch fix by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\">modelcontextprotocol/typescript-sdk#1307</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1</a></p>\n<h2>1.25.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>list changed handlers on client constructor by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\">modelcontextprotocol/typescript-sdk#1206</a></li>\n<li>Role - moved from inline to reusable type by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\">modelcontextprotocol/typescript-sdk#1221</a></li>\n<li>fix: use versioned npm tag for non-main branch releases by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\">modelcontextprotocol/typescript-sdk#1236</a></li>\n<li>No automatic completion support unless needed - Revisited yet again by <a href=\"https://github.com/cliffhall\"><code>@​cliffhall</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\">modelcontextprotocol/typescript-sdk#1237</a></li>\n<li>fix: Support updating output schema by <a href=\"https://github.com/vincent0426\"><code>@​vincent0426</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\">modelcontextprotocol/typescript-sdk#1048</a></li>\n</ul>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"><code>fe9c07b</code></a> chore: bump version to 1.26.0 (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\">#1479</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"><code>4f01e7e</code></a> fix: add non-null assertions for optional setupServer fields in stateful test</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"><code>a05be17</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"><code>50d9fa3</code></a> Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\">#1442</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"><code>aa81a66</code></a> fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"><code>6aba065</code></a> chore: bump v1.25.3 for backport fixes (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\">#1412</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"><code>6e8f7e1</code></a> fix: prevent Hono from overriding global Response object (v1.x) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\">#1411</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"><code>12ae856</code></a> [v1.x backport] Use correct schema for client sampling validation when tools ...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"><code>b392f02</code></a> fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\">#1365</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"><code>a0c9b13</code></a> fix: README badges links destinations (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\">#907</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...v1.26.0\">compare view</a></li>\n</ul>\n</details>\n<details>\n<summary>Maintainer changes</summary>\n<p>This version was pushed to npm by <a href=\"https://www.npmjs.com/~pcarleton\">pcarleton</a>, a new releaser for <code>@​modelcontextprotocol/sdk</code> since your current version.</p>\n</details>\n<br />\n\nUpdates `ajv` from 6.12.6 to 8.18.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/ajv-validator/ajv/releases\">ajv's releases</a>.</em></p>\n<blockquote>\n<h2>v8.18.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>feat: allow tree-shaking by adding <code>&quot;sideEffects&quot;: false</code> to <code>package.json</code> by <a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li>fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null by <a href=\"https://github.com/jasoniangreen\"><code>@​jasoniangreen</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\">ajv-validator/ajv#2487</a></li>\n<li>fix: small grammatical error in managing-schemas.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n<li>fix: typos in schema-language.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\">ajv-validator/ajv#2507</a></li>\n<li>fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by <a href=\"https://github.com/epoberezkin\"><code>@​epoberezkin</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\">ajv-validator/ajv#2586</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li><a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0</a></p>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"><code>142ce84</code></a> 8.18.0</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"><code>720a23f</code></a> fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"><code>82735a1</code></a> fix: typos in schema-language.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\">#2507</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"><code>b17ec32</code></a> fix: small grammatical error in managing-schemas.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\">#2508</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"><code>69568d0</code></a> fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\">#2487</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"><code>f06766f</code></a> feat: allow tree-shaking by adding ``&quot;sideEffects&quot;: false<code>to</code>package.json` ...</li>\n<li>See full diff in <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `qs` from 6.14.0 to 6.15.0\n<details>\n<summary>Changelog</summary>\n<p><em>Sourced from <a href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\">qs's changelog</a>.</em></p>\n<blockquote>\n<h2><strong>6.15.0</strong></h2>\n<ul>\n<li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href=\"https://redirect.github.com/ljharb/qs/issues/425\">#425</a>, <a href=\"https://redirect.github.com/ljharb/qs/issues/122\">#122</a>)</li>\n<li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href=\"https://redirect.github.com/ljharb/qs/issues/514\">#514</a>)</li>\n</ul>\n<h2><strong>6.14.2</strong></h2>\n<ul>\n<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href=\"https://redirect.github.com/ljharb/qs/issues/546\">#546</a>)</li>\n<li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>\n<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href=\"https://redirect.github.com/ljharb/qs/issues/529\">#529</a>)</li>\n<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li>\n<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href=\"https://redirect.github.com/ljharb/qs/issues/545\">#545</a>)</li>\n<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>\n<li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href=\"https://redirect.github.com/ljharb/qs/issues/418\">#418</a>)</li>\n<li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href=\"https://redirect.github.com/ljharb/qs/issues/543\">#543</a>)</li>\n<li>[readme] replace runkit CI badge with shields.io check-runs badge</li>\n<li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li>\n<li>[actions] fix rebase workflow permissions</li>\n</ul>\n<h2><strong>6.14.1</strong></h2>\n<ul>\n<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li>\n<li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li>\n<li>[Refactor] <code>parse</code>: extract key segment splitting helper</li>\n<li>[meta] add threat model</li>\n<li>[actions] add workflow permissions</li>\n<li>[Tests] <code>stringify</code>: increase coverage</li>\n<li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li>\n</ul>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"><code>d9b4c66</code></a> v6.15.0</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"><code>cb41a54</code></a> [New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in...</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"><code>88e1563</code></a> [Fix] <code>duplicates</code> option should not apply to bracket notation keys</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"><code>9d441d2</code></a> Merge backport release tags v6.0.6–v6.13.3 into main</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"><code>85cc8ca</code></a> v6.12.5</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/ffc12aa71030f508ab28cccbb1987424abf52379\"><code>ffc12aa</code></a> v6.11.4</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/0506b11e457f6b3847b1dcf65b5c11c0eaf5dfb9\"><code>0506b11</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/6a37fafc75ce8a3d00ef611c9d7acfccc6ec449c\"><code>6a37faf</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/8e8df5a3b147ec2f86830c2e3de1016a7ecbc18b\"><code>8e8df5a</code></a> [Fix] fix regressions from robustness refactor</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/d60bab35a42b3c789d7a1461ea176eaee74eb751\"><code>d60bab3</code></a> v6.10.7</li>\n<li>Additional commits viewable in <a href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `@modelcontextprotocol/sdk` from 1.17.3 to 1.26.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"><code>@​modelcontextprotocol/sdk</code>'s releases</a>.</em></p>\n<blockquote>\n<h2>v1.26.0</h2>\n<p>Addresses &quot;Sharing server/transport instances can leak cross-client response data&quot; in this GHSA <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\">https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7</a></p>\n<h2>What's Changed</h2>\n<ul>\n<li>chore: bump v1.25.3 for backport fixes by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\">modelcontextprotocol/typescript-sdk#1412</a></li>\n<li>fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by <a href=\"https://github.com/samuv\"><code>@​samuv</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li>Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) by <a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n<li>chore: bump version to 1.26.0 by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\">modelcontextprotocol/typescript-sdk#1479</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/samuv\"><code>@​samuv</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li><a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0</a></p>\n<h2>v1.25.3</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>[v1.x backport] Use correct schema for client sampling validation when tools are present by <a href=\"https://github.com/olaservo\"><code>@​olaservo</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\">modelcontextprotocol/typescript-sdk#1407</a></li>\n<li>fix: prevent Hono from overriding global Response object (v1.x) by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\">modelcontextprotocol/typescript-sdk#1411</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3</a></p>\n<h2>v1.25.2</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>ci: trigger workflow on v1.x branch by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\">modelcontextprotocol/typescript-sdk#1319</a></li>\n<li>fix: README badges links destinations by <a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n<li>fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\">modelcontextprotocol/typescript-sdk#1365</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2</a></p>\n<h2>1.25.1</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>spec types - backwards compatibility changes by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\">modelcontextprotocol/typescript-sdk#1306</a></li>\n<li>chore: bump version for patch fix by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\">modelcontextprotocol/typescript-sdk#1307</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1</a></p>\n<h2>1.25.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>list changed handlers on client constructor by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\">modelcontextprotocol/typescript-sdk#1206</a></li>\n<li>Role - moved from inline to reusable type by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\">modelcontextprotocol/typescript-sdk#1221</a></li>\n<li>fix: use versioned npm tag for non-main branch releases by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\">modelcontextprotocol/typescript-sdk#1236</a></li>\n<li>No automatic completion support unless needed - Revisited yet again by <a href=\"https://github.com/cliffhall\"><code>@​cliffhall</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\">modelcontextprotocol/typescript-sdk#1237</a></li>\n<li>fix: Support updating output schema by <a href=\"https://github.com/vincent0426\"><code>@​vincent0426</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\">modelcontextprotocol/typescript-sdk#1048</a></li>\n</ul>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"><code>fe9c07b</code></a> chore: bump version to 1.26.0 (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\">#1479</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"><code>4f01e7e</code></a> fix: add non-null assertions for optional setupServer fields in stateful test</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"><code>a05be17</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"><code>50d9fa3</code></a> Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\">#1442</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"><code>aa81a66</code></a> fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"><code>6aba065</code></a> chore: bump v1.25.3 for backport fixes (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\">#1412</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"><code>6e8f7e1</code></a> fix: prevent Hono from overriding global Response object (v1.x) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\">#1411</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"><code>12ae856</code></a> [v1.x backport] Use correct schema for client sampling validation when tools ...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"><code>b392f02</code></a> fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\">#1365</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"><code>a0c9b13</code></a> fix: README badges links destinations (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\">#907</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...v1.26.0\">compare view</a></li>\n</ul>\n</details>\n<details>\n<summary>Maintainer changes</summary>\n<p>This version was pushed to npm by <a href=\"https://www.npmjs.com/~pcarleton\">pcarleton</a>, a new releaser for <code>@​modelcontextprotocol/sdk</code> since your current version.</p>\n</details>\n<br />\n\nUpdates `ajv` from 6.12.6 to 8.18.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/ajv-validator/ajv/releases\">ajv's releases</a>.</em></p>\n<blockquote>\n<h2>v8.18.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>feat: allow tree-shaking by adding <code>&quot;sideEffects&quot;: false</code> to <code>package.json</code> by <a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li>fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null by <a href=\"https://github.com/jasoniangreen\"><code>@​jasoniangreen</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\">ajv-validator/ajv#2487</a></li>\n<li>fix: small grammatical error in managing-schemas.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n<li>fix: typos in schema-language.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\">ajv-validator/ajv#2507</a></li>\n<li>fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by <a href=\"https://github.com/epoberezkin\"><code>@​epoberezkin</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\">ajv-validator/ajv#2586</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li><a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0</a></p>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"><code>142ce84</code></a> 8.18.0</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"><code>720a23f</code></a> fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"><code>82735a1</code></a> fix: typos in schema-language.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\">#2507</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"><code>b17ec32</code></a> fix: small grammatical error in managing-schemas.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\">#2508</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"><code>69568d0</code></a> fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\">#2487</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"><code>f06766f</code></a> feat: allow tree-shaking by adding ``&quot;sideEffects&quot;: false<code>to</code>package.json` ...</li>\n<li>See full diff in <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `qs` from 6.14.0 to 6.15.0\n<details>\n<summary>Changelog</summary>\n<p><em>Sourced from <a href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\">qs's changelog</a>.</em></p>\n<blockquote>\n<h2><strong>6.15.0</strong></h2>\n<ul>\n<li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href=\"https://redirect.github.com/ljharb/qs/issues/425\">#425</a>, <a href=\"https://redirect.github.com/ljharb/qs/issues/122\">#122</a>)</li>\n<li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href=\"https://redirect.github.com/ljharb/qs/issues/514\">#514</a>)</li>\n</ul>\n<h2><strong>6.14.2</strong></h2>\n<ul>\n<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href=\"https://redirect.github.com/ljharb/qs/issues/546\">#546</a>)</li>\n<li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>\n<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href=\"https://redirect.github.com/ljharb/qs/issues/529\">#529</a>)</li>\n<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li>\n<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href=\"https://redirect.github.com/ljharb/qs/issues/545\">#545</a>)</li>\n<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>\n<li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href=\"https://redirect.github.com/ljharb/qs/issues/418\">#418</a>)</li>\n<li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href=\"https://redirect.github.com/ljharb/qs/issues/543\">#543</a>)</li>\n<li>[readme] replace runkit CI badge with shields.io check-runs badge</li>\n<li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li>\n<li>[actions] fix rebase workflow permissions</li>\n</ul>\n<h2><strong>6.14.1</strong></h2>\n<ul>\n<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li>\n<li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li>\n<li>[Refactor] <code>parse</code>: extract key segment splitting helper</li>\n<li>[meta] add threat model</li>\n<li>[actions] add workflow permissions</li>\n<li>[Tests] <code>stringify</code>: increase coverage</li>\n<li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li>\n</ul>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"><code>d9b4c66</code></a> v6.15.0</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"><code>cb41a54</code></a> [New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in...</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"><code>88e1563</code></a> [Fix] <code>duplicates</code> option should not apply to bracket notation keys</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"><code>9d441d2</code></a> Merge backport release tags v6.0.6–v6.13.3 into main</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"><code>85cc8ca</code></a> v6.12.5</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/ffc12aa71030f508ab28cccbb1987424abf52379\"><code>ffc12aa</code></a> v6.11.4</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/0506b11e457f6b3847b1dcf65b5c11c0eaf5dfb9\"><code>0506b11</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/6a37fafc75ce8a3d00ef611c9d7acfccc6ec449c\"><code>6a37faf</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/8e8df5a3b147ec2f86830c2e3de1016a7ecbc18b\"><code>8e8df5a</code></a> [Fix] fix regressions from robustness refactor</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/d60bab35a42b3c789d7a1461ea176eaee74eb751\"><code>d60bab3</code></a> v6.10.7</li>\n<li>Additional commits viewable in <a href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `@modelcontextprotocol/sdk` from 1.25.1 to 1.26.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"><code>@​modelcontextprotocol/sdk</code>'s releases</a>.</em></p>\n<blockquote>\n<h2>v1.26.0</h2>\n<p>Addresses &quot;Sharing server/transport instances can leak cross-client response data&quot; in this GHSA <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\">https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7</a></p>\n<h2>What's Changed</h2>\n<ul>\n<li>chore: bump v1.25.3 for backport fixes by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\">modelcontextprotocol/typescript-sdk#1412</a></li>\n<li>fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by <a href=\"https://github.com/samuv\"><code>@​samuv</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li>Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) by <a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n<li>chore: bump version to 1.26.0 by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\">modelcontextprotocol/typescript-sdk#1479</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/samuv\"><code>@​samuv</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li><a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0</a></p>\n<h2>v1.25.3</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>[v1.x backport] Use correct schema for client sampling validation when tools are present by <a href=\"https://github.com/olaservo\"><code>@​olaservo</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\">modelcontextprotocol/typescript-sdk#1407</a></li>\n<li>fix: prevent Hono from overriding global Response object (v1.x) by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\">modelcontextprotocol/typescript-sdk#1411</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3</a></p>\n<h2>v1.25.2</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>ci: trigger workflow on v1.x branch by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\">modelcontextprotocol/typescript-sdk#1319</a></li>\n<li>fix: README badges links destinations by <a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n<li>fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\">modelcontextprotocol/typescript-sdk#1365</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2</a></p>\n<h2>1.25.1</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>spec types - backwards compatibility changes by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\">modelcontextprotocol/typescript-sdk#1306</a></li>\n<li>chore: bump version for patch fix by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\">modelcontextprotocol/typescript-sdk#1307</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1</a></p>\n<h2>1.25.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>list changed handlers on client constructor by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\">modelcontextprotocol/typescript-sdk#1206</a></li>\n<li>Role - moved from inline to reusable type by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\">modelcontextprotocol/typescript-sdk#1221</a></li>\n<li>fix: use versioned npm tag for non-main branch releases by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\">modelcontextprotocol/typescript-sdk#1236</a></li>\n<li>No automatic completion support unless needed - Revisited yet again by <a href=\"https://github.com/cliffhall\"><code>@​cliffhall</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\">modelcontextprotocol/typescript-sdk#1237</a></li>\n<li>fix: Support updating output schema by <a href=\"https://github.com/vincent0426\"><code>@​vincent0426</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\">modelcontextprotocol/typescript-sdk#1048</a></li>\n</ul>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"><code>fe9c07b</code></a> chore: bump version to 1.26.0 (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\">#1479</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"><code>4f01e7e</code></a> fix: add non-null assertions for optional setupServer fields in stateful test</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"><code>a05be17</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"><code>50d9fa3</code></a> Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\">#1442</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"><code>aa81a66</code></a> fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"><code>6aba065</code></a> chore: bump v1.25.3 for backport fixes (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\">#1412</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"><code>6e8f7e1</code></a> fix: prevent Hono from overriding global Response object (v1.x) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\">#1411</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"><code>12ae856</code></a> [v1.x backport] Use correct schema for client sampling validation when tools ...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"><code>b392f02</code></a> fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\">#1365</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"><code>a0c9b13</code></a> fix: README badges links destinations (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\">#907</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...v1.26.0\">compare view</a></li>\n</ul>\n</details>\n<details>\n<summary>Maintainer changes</summary>\n<p>This version was pushed to npm by <a href=\"https://www.npmjs.com/~pcarleton\">pcarleton</a>, a new releaser for <code>@​modelcontextprotocol/sdk</code> since your current version.</p>\n</details>\n<br />\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/ajv-validator/ajv/releases\">ajv's releases</a>.</em></p>\n<blockquote>\n<h2>v8.18.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>feat: allow tree-shaking by adding <code>&quot;sideEffects&quot;: false</code> to <code>package.json</code> by <a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li>fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null by <a href=\"https://github.com/jasoniangreen\"><code>@​jasoniangreen</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\">ajv-validator/ajv#2487</a></li>\n<li>fix: small grammatical error in managing-schemas.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n<li>fix: typos in schema-language.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\">ajv-validator/ajv#2507</a></li>\n<li>fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by <a href=\"https://github.com/epoberezkin\"><code>@​epoberezkin</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\">ajv-validator/ajv#2586</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li><a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0</a></p>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"><code>142ce84</code></a> 8.18.0</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"><code>720a23f</code></a> fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"><code>82735a1</code></a> fix: typos in schema-language.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\">#2507</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"><code>b17ec32</code></a> fix: small grammatical error in managing-schemas.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\">#2508</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"><code>69568d0</code></a> fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\">#2487</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"><code>f06766f</code></a> feat: allow tree-shaking by adding ``&quot;sideEffects&quot;: false<code>to</code>package.json` ...</li>\n<li>See full diff in <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `qs` from 6.14.0 to 6.15.0\n<details>\n<summary>Changelog</summary>\n<p><em>Sourced from <a href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\">qs's changelog</a>.</em></p>\n<blockquote>\n<h2><strong>6.15.0</strong></h2>\n<ul>\n<li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href=\"https://redirect.github.com/ljharb/qs/issues/425\">#425</a>, <a href=\"https://redirect.github.com/ljharb/qs/issues/122\">#122</a>)</li>\n<li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href=\"https://redirect.github.com/ljharb/qs/issues/514\">#514</a>)</li>\n</ul>\n<h2><strong>6.14.2</strong></h2>\n<ul>\n<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href=\"https://redirect.github.com/ljharb/qs/issues/546\">#546</a>)</li>\n<li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>\n<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href=\"https://redirect.github.com/ljharb/qs/issues/529\">#529</a>)</li>\n<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li>\n<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href=\"https://redirect.github.com/ljharb/qs/issues/545\">#545</a>)</li>\n<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>\n<li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href=\"https://redirect.github.com/ljharb/qs/issues/418\">#418</a>)</li>\n<li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href=\"https://redirect.github.com/ljharb/qs/issues/543\">#543</a>)</li>\n<li>[readme] replace runkit CI badge with shields.io check-runs badge</li>\n<li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li>\n<li>[actions] fix rebase workflow permissions</li>\n</ul>\n<h2><strong>6.14.1</strong></h2>\n<ul>\n<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li>\n<li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li>\n<li>[Refactor] <code>parse</code>: extract key segment splitting helper</li>\n<li>[meta] add threat model</li>\n<li>[actions] add workflow permissions</li>\n<li>[Tests] <code>stringify</code>: increase coverage</li>\n<li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li>\n</ul>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"><code>d9b4c66</code></a> v6.15.0</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"><code>cb41a54</code></a> [New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in...</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"><code>88e1563</code></a> [Fix] <code>duplicates</code> option should not apply to bracket notation keys</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"><code>9d441d2</code></a> Merge backport release tags v6.0.6–v6.13.3 into main</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"><code>85cc8ca</code></a> v6.12.5</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/ffc12aa71030f508ab28cccbb1987424abf52379\"><code>ffc12aa</code></a> v6.11.4</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/0506b11e457f6b3847b1dcf65b5c11c0eaf5dfb9\"><code>0506b11</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/6a37fafc75ce8a3d00ef611c9d7acfccc6ec449c\"><code>6a37faf</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/8e8df5a3b147ec2f86830c2e3de1016a7ecbc18b\"><code>8e8df5a</code></a> [Fix] fix regressions from robustness refactor</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/d60bab35a42b3c789d7a1461ea176eaee74eb751\"><code>d60bab3</code></a> v6.10.7</li>\n<li>Additional commits viewable in <a href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `hono` from 4.11.1 to 4.11.10\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/honojs/hono/releases\">hono's releases</a>.</em></p>\n<blockquote>\n<h2>v4.11.10</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>fix: fixed to be more properly timing safe (Merge commit from fork  91def7ca)</li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/honojs/hono/compare/v4.11.9...v4.11.10\">https://github.com/honojs/hono/compare/v4.11.9...v4.11.10</a></p>\n<h2>v4.11.9</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>fix(url): ignore fragment identifiers in getPath() by <a href=\"https://github.com/sano-suguru\"><code>@​sano-suguru</code></a> in <a href=\"https://redirect.github.com/honojs/hono/pull/4627\">honojs/hono#4627</a></li>\n<li>fix: determine if rendered or not by <code>node.vC[0]</code> instead of referring to <code>node.pP</code> by <a href=\"https://github.com/usualoma\"><code>@​usualoma</code></a> in <a href=\"https://redirect.github.com/honojs/hono/pull/4663\">honojs/hono#4663</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/honojs/hono/compare/v4.11.8...v4.11.9\">https://github.com/honojs/hono/compare/v4.11.8...v4.11.9</a></p>\n<h2>v4.11.8</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>fix(jsx): preserve context when using await before html helper by <a href=\"https://github.com/kaigritun\"><code>@​kaigritun</code></a> in <a href=\"https://redirect.github.com/honojs/hono/pull/4662\">honojs/hono#4662</a></li>\n<li>fix(bearer-auth): make auth-scheme case-insensitive by <a href=\"https://github.com/bytaesu\"><code>@​bytaesu</code></a> in <a href=\"https://redirect.github.com/honojs/hono/pull/4659\">honojs/hono#4659</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/kaigritun\"><code>@​kaigritun</code></a> made their first contribution in <a href=\"https://redirect.github.com/honojs/hono/pull/4662\">honojs/hono#4662</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/honojs/hono/compare/v4.11.7...v4.11.8\">https://github.com/honojs/hono/compare/v4.11.7...v4.11.8</a></p>\n<h2>v4.11.7</h2>\n<h1>Security Release</h1>\n<p>This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.</p>\n<h2>Components</h2>\n<h3>IP Restriction Middleware</h3>\n<p>Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.</p>\n<h3>Cache Middleware</h3>\n<p>Fixed an issue where responses marked with <code>Cache-Control: private</code> or <code>no-store</code> could be cached, potentially leading to information disclosure on some runtimes.</p>\n<h3>Serve Static Middleware (Cloudflare Workers adapter)</h3>\n<p>Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.</p>\n<h3>hono/jsx <code>ErrorBoundary</code></h3>\n<p>Fixed a reflected Cross-Site Scripting (XSS) issue in the <code>ErrorBoundary</code> component that could occur when untrusted strings were rendered without proper escaping.</p>\n<h2>Recommendation</h2>\n<p>Users are encouraged to upgrade to this release, especially if they:</p>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/honojs/hono/commit/a40d210834adfa4f24cc42faaed5661cd025e6af\"><code>a40d210</code></a> 4.11.10</li>\n<li><a href=\"https://github.com/honojs/hono/commit/91def7cab654bad5eecc9270e6620d577971ff5e\"><code>91def7c</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/honojs/hono/commit/8b179354c10f13eaca87a24507d909886c39f124\"><code>8b17935</code></a> test(types): add regression tests for <a href=\"https://redirect.github.com/honojs/hono/issues/4388\">#4388</a> (routes before .use() with explic...</li>\n<li><a href=\"https://github.com/honojs/hono/commit/4a03f4f9cded9f0ed95aeefe7ed95e8a5170260b\"><code>4a03f4f</code></a> doc(jwt): mark <code>options.secret</code> as required in JSDoc (<a href=\"https://redirect.github.com/honojs/hono/issues/4718\">#4718</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/730055133f2579ee56d2d8327bf0040c310293ae\"><code>7300551</code></a> chore(ci): bump typescript-go to the latest (<a href=\"https://redirect.github.com/honojs/hono/issues/4716\">#4716</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/4b2978060888718351941140a7e8e028b2e9d69b\"><code>4b29780</code></a> chore: update Zod import examples to use namespace imports (<a href=\"https://redirect.github.com/honojs/hono/issues/4715\">#4715</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/69ad8857df4eeef1a02e628ab8f5b2b60e643f19\"><code>69ad885</code></a> 4.11.9</li>\n<li><a href=\"https://github.com/honojs/hono/commit/3d536ff38d5c24ca584866a7f01cf5691b96e983\"><code>3d536ff</code></a> fix: determine if rendered or not by <code>node.vC[0]</code> instead of referring to `no...</li>\n<li><a href=\"https://github.com/honojs/hono/commit/0c1d4c76cf6b2aace8bbef745d375c2cc176d99f\"><code>0c1d4c7</code></a> fix(url): ignore fragment identifiers in getPath() (<a href=\"https://redirect.github.com/honojs/hono/issues/4627\">#4627</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/5ca5c3e9764486b31ad7db4c0c19b2c926753ae3\"><code>5ca5c3e</code></a> 4.11.8</li>\n<li>Additional commits viewable in <a href=\"https://github.com/honojs/hono/compare/v4.11.1...v4.11.10\">compare view</a></li>\n</ul>\n</details>\n<br />\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n<details>\n<summary>Dependabot commands and options</summary>\n<br />\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/elizaOS/eliza/network/alerts).\n\n</details>\n\n<!-- greptile_comment -->\n\n<h3>Greptile Summary</h3>\n\nSecurity-focused dependency bump across 3 directories in the `packages/computeruse` tree. The primary change updates `@modelcontextprotocol/sdk` to v1.26.0, which addresses [GHSA-345p-7cg4-v4c7](https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7) (cross-client response data leak when sharing server/transport instances). Transitive dependency updates include security patches for `hono` (IP restriction bypass, cache middleware, XSS in ErrorBoundary), `ajv` (ReDoS via CVE-2025-69873), and `qs`.\n\n- `@modelcontextprotocol/sdk`: 1.17.3 → 1.26.0 (two directories) and 1.25.1 → 1.26.0 (one directory)\n- `ajv`: 6.12.6 → 8.18.0 (transitive, major version bump handled internally by the SDK)\n- `hono`: 4.11.1 → 4.11.10 (transitive, includes multiple security fixes)\n- `qs`: 6.14.0 → 6.15.0 (transitive)\n- `express-rate-limit`: 7.x → 8.x (transitive, now includes `ip-address` dependency)\n- **Note**: The new SDK version declares `zod` as a required (non-optional) peer dependency, but none of the 3 `package.json` files explicitly list it. The lockfiles resolve it transitively so `npm ci` will work, but explicit declaration is recommended.\n\n<h3>Confidence Score: 4/5</h3>\n\n- This PR is a standard Dependabot security bump with low risk; the main concern is an undeclared peer dependency that resolves transitively.\n- All changes are lockfile and version specifier updates generated by Dependabot. The SDK upgrade addresses a known security advisory. The ajv major version bump (6→8) is purely transitive (internal to the SDK) and not used directly by this codebase. The only concern is the missing explicit `zod` peer dependency declaration across all 3 package.json files, which could cause npm warnings but won't break `npm ci` since the lockfiles resolve it.\n- The three `package.json` files should be reviewed for the missing `zod` peer dependency: `packages/computeruse/crates/computeruse-mcp-agent/package.json`, `packages/computeruse/crates/computeruse-mcp-agent/tests/integration/package.json`, and `packages/computeruse/examples/mcp-client-elicitation/package.json`.\n\n<h3>Important Files Changed</h3>\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/computeruse/crates/computeruse-mcp-agent/package.json | Bumps `@modelcontextprotocol/sdk` from ^1.17.3 to ^1.26.0. Missing explicit `zod` dependency required as a non-optional peer by the new SDK version. |\n| packages/computeruse/crates/computeruse-mcp-agent/tests/integration/package.json | Bumps `@modelcontextprotocol/sdk` from ^1.17.3 to ^1.26.0. Missing explicit `zod` dependency required as a non-optional peer by the new SDK version. |\n| packages/computeruse/examples/mcp-client-elicitation/package.json | Bumps `@modelcontextprotocol/sdk` from ^1.25.0 to ^1.26.0. Missing explicit `zod` dependency required as a non-optional peer by the new SDK version. |\n| packages/computeruse/crates/computeruse-mcp-agent/package-lock.json | Lock file updated for SDK 1.26.0. Resolves zod@4.3.6, ajv@8.18.0, hono@4.11.10, and other transitive dependencies correctly. |\n| packages/computeruse/crates/computeruse-mcp-agent/tests/integration/package-lock.json | Lock file updated for SDK 1.26.0. Resolves zod@4.3.6, ajv@8.18.0, hono@4.11.10, and other transitive dependencies correctly. |\n| packages/computeruse/examples/mcp-client-elicitation/package-lock.json | Lock file updated for SDK 1.26.0. Resolves zod@4.3.6, ajv@8.18.0, hono@4.11.10, qs@6.15.0, and other transitive dependencies correctly. |\n\n</details>\n\n\n\n<h3>Flowchart</h3>\n\n```mermaid\nflowchart TD\n    A[\"@modelcontextprotocol/sdk\\n1.17.3 → 1.26.0\"] --> B[\"ajv\\n6.12.6 → 8.18.0\\n(CVE-2025-69873 fix)\"]\n    A --> C[\"hono\\n4.11.1 → 4.11.10\\n(security fixes)\"]\n    A --> D[\"express-rate-limit\\n7.x → 8.x\"]\n    A --> E[\"zod ^3.25 || ^4.0\\n(NEW required peer dep)\"]\n    A --> F[\"qs\\n6.14.0 → 6.15.0\"]\n    D --> G[\"ip-address 10.0.1\\n(new transitive dep)\"]\n    \n    subgraph \"Affected Packages\"\n        H[\"computeruse-mcp-agent\"]\n        I[\"integration tests\"]\n        J[\"mcp-client-elicitation\"]\n    end\n    \n    H --> A\n    I --> A\n    J --> A\n```\n\n<sub>Last reviewed commit: 67287fb</sub>\n\n<!-- greptile_other_comments_section -->\n\n<!-- /greptile_comment -->",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-18T19:25:36Z",
      "mergedAt": null,
      "additions": 481,
      "deletions": 333
    },
    {
      "id": "PR_kwDOMT5cIs7FO8wM",
      "title": "chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates",
      "author": "dependabot",
      "number": 6518,
      "body": "Bumps the npm_and_yarn group with 1 update in the /packages/computeruse/crates/computeruse-mcp-agent directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk).\nBumps the npm_and_yarn group with 1 update in the /packages/computeruse/crates/computeruse-mcp-agent/tests/integration directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk).\nBumps the npm_and_yarn group with 2 updates in the /packages/computeruse/examples/mcp-client-elicitation directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) and [ajv](https://github.com/ajv-validator/ajv).\n\nUpdates `@modelcontextprotocol/sdk` from 1.17.3 to 1.26.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"><code>@​modelcontextprotocol/sdk</code>'s releases</a>.</em></p>\n<blockquote>\n<h2>v1.26.0</h2>\n<p>Addresses &quot;Sharing server/transport instances can leak cross-client response data&quot; in this GHSA <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\">https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7</a></p>\n<h2>What's Changed</h2>\n<ul>\n<li>chore: bump v1.25.3 for backport fixes by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\">modelcontextprotocol/typescript-sdk#1412</a></li>\n<li>fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by <a href=\"https://github.com/samuv\"><code>@​samuv</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li>Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) by <a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n<li>chore: bump version to 1.26.0 by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\">modelcontextprotocol/typescript-sdk#1479</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/samuv\"><code>@​samuv</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li><a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0</a></p>\n<h2>v1.25.3</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>[v1.x backport] Use correct schema for client sampling validation when tools are present by <a href=\"https://github.com/olaservo\"><code>@​olaservo</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\">modelcontextprotocol/typescript-sdk#1407</a></li>\n<li>fix: prevent Hono from overriding global Response object (v1.x) by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\">modelcontextprotocol/typescript-sdk#1411</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3</a></p>\n<h2>v1.25.2</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>ci: trigger workflow on v1.x branch by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\">modelcontextprotocol/typescript-sdk#1319</a></li>\n<li>fix: README badges links destinations by <a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n<li>fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\">modelcontextprotocol/typescript-sdk#1365</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2</a></p>\n<h2>1.25.1</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>spec types - backwards compatibility changes by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\">modelcontextprotocol/typescript-sdk#1306</a></li>\n<li>chore: bump version for patch fix by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\">modelcontextprotocol/typescript-sdk#1307</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1</a></p>\n<h2>1.25.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>list changed handlers on client constructor by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\">modelcontextprotocol/typescript-sdk#1206</a></li>\n<li>Role - moved from inline to reusable type by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\">modelcontextprotocol/typescript-sdk#1221</a></li>\n<li>fix: use versioned npm tag for non-main branch releases by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\">modelcontextprotocol/typescript-sdk#1236</a></li>\n<li>No automatic completion support unless needed - Revisited yet again by <a href=\"https://github.com/cliffhall\"><code>@​cliffhall</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\">modelcontextprotocol/typescript-sdk#1237</a></li>\n<li>fix: Support updating output schema by <a href=\"https://github.com/vincent0426\"><code>@​vincent0426</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\">modelcontextprotocol/typescript-sdk#1048</a></li>\n</ul>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"><code>fe9c07b</code></a> chore: bump version to 1.26.0 (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\">#1479</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"><code>4f01e7e</code></a> fix: add non-null assertions for optional setupServer fields in stateful test</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"><code>a05be17</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"><code>50d9fa3</code></a> Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\">#1442</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"><code>aa81a66</code></a> fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"><code>6aba065</code></a> chore: bump v1.25.3 for backport fixes (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\">#1412</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"><code>6e8f7e1</code></a> fix: prevent Hono from overriding global Response object (v1.x) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\">#1411</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"><code>12ae856</code></a> [v1.x backport] Use correct schema for client sampling validation when tools ...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"><code>b392f02</code></a> fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\">#1365</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"><code>a0c9b13</code></a> fix: README badges links destinations (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\">#907</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...v1.26.0\">compare view</a></li>\n</ul>\n</details>\n<details>\n<summary>Maintainer changes</summary>\n<p>This version was pushed to npm by <a href=\"https://www.npmjs.com/~pcarleton\">pcarleton</a>, a new releaser for <code>@​modelcontextprotocol/sdk</code> since your current version.</p>\n</details>\n<br />\n\nUpdates `ajv` from 6.12.6 to 8.18.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/ajv-validator/ajv/releases\">ajv's releases</a>.</em></p>\n<blockquote>\n<h2>v8.18.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>feat: allow tree-shaking by adding <code>&quot;sideEffects&quot;: false</code> to <code>package.json</code> by <a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li>fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null by <a href=\"https://github.com/jasoniangreen\"><code>@​jasoniangreen</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\">ajv-validator/ajv#2487</a></li>\n<li>fix: small grammatical error in managing-schemas.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n<li>fix: typos in schema-language.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\">ajv-validator/ajv#2507</a></li>\n<li>fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by <a href=\"https://github.com/epoberezkin\"><code>@​epoberezkin</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\">ajv-validator/ajv#2586</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li><a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0</a></p>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"><code>142ce84</code></a> 8.18.0</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"><code>720a23f</code></a> fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"><code>82735a1</code></a> fix: typos in schema-language.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\">#2507</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"><code>b17ec32</code></a> fix: small grammatical error in managing-schemas.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\">#2508</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"><code>69568d0</code></a> fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\">#2487</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"><code>f06766f</code></a> feat: allow tree-shaking by adding ``&quot;sideEffects&quot;: false<code>to</code>package.json` ...</li>\n<li>See full diff in <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `qs` from 6.14.0 to 6.15.0\n<details>\n<summary>Changelog</summary>\n<p><em>Sourced from <a href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\">qs's changelog</a>.</em></p>\n<blockquote>\n<h2><strong>6.15.0</strong></h2>\n<ul>\n<li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href=\"https://redirect.github.com/ljharb/qs/issues/425\">#425</a>, <a href=\"https://redirect.github.com/ljharb/qs/issues/122\">#122</a>)</li>\n<li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href=\"https://redirect.github.com/ljharb/qs/issues/514\">#514</a>)</li>\n</ul>\n<h2><strong>6.14.2</strong></h2>\n<ul>\n<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href=\"https://redirect.github.com/ljharb/qs/issues/546\">#546</a>)</li>\n<li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>\n<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href=\"https://redirect.github.com/ljharb/qs/issues/529\">#529</a>)</li>\n<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li>\n<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href=\"https://redirect.github.com/ljharb/qs/issues/545\">#545</a>)</li>\n<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>\n<li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href=\"https://redirect.github.com/ljharb/qs/issues/418\">#418</a>)</li>\n<li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href=\"https://redirect.github.com/ljharb/qs/issues/543\">#543</a>)</li>\n<li>[readme] replace runkit CI badge with shields.io check-runs badge</li>\n<li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li>\n<li>[actions] fix rebase workflow permissions</li>\n</ul>\n<h2><strong>6.14.1</strong></h2>\n<ul>\n<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li>\n<li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li>\n<li>[Refactor] <code>parse</code>: extract key segment splitting helper</li>\n<li>[meta] add threat model</li>\n<li>[actions] add workflow permissions</li>\n<li>[Tests] <code>stringify</code>: increase coverage</li>\n<li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li>\n</ul>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"><code>d9b4c66</code></a> v6.15.0</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"><code>cb41a54</code></a> [New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in...</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"><code>88e1563</code></a> [Fix] <code>duplicates</code> option should not apply to bracket notation keys</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"><code>9d441d2</code></a> Merge backport release tags v6.0.6–v6.13.3 into main</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"><code>85cc8ca</code></a> v6.12.5</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/ffc12aa71030f508ab28cccbb1987424abf52379\"><code>ffc12aa</code></a> v6.11.4</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/0506b11e457f6b3847b1dcf65b5c11c0eaf5dfb9\"><code>0506b11</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/6a37fafc75ce8a3d00ef611c9d7acfccc6ec449c\"><code>6a37faf</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/8e8df5a3b147ec2f86830c2e3de1016a7ecbc18b\"><code>8e8df5a</code></a> [Fix] fix regressions from robustness refactor</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/d60bab35a42b3c789d7a1461ea176eaee74eb751\"><code>d60bab3</code></a> v6.10.7</li>\n<li>Additional commits viewable in <a href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `@modelcontextprotocol/sdk` from 1.17.3 to 1.26.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"><code>@​modelcontextprotocol/sdk</code>'s releases</a>.</em></p>\n<blockquote>\n<h2>v1.26.0</h2>\n<p>Addresses &quot;Sharing server/transport instances can leak cross-client response data&quot; in this GHSA <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\">https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7</a></p>\n<h2>What's Changed</h2>\n<ul>\n<li>chore: bump v1.25.3 for backport fixes by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\">modelcontextprotocol/typescript-sdk#1412</a></li>\n<li>fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by <a href=\"https://github.com/samuv\"><code>@​samuv</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li>Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) by <a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n<li>chore: bump version to 1.26.0 by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\">modelcontextprotocol/typescript-sdk#1479</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/samuv\"><code>@​samuv</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li><a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0</a></p>\n<h2>v1.25.3</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>[v1.x backport] Use correct schema for client sampling validation when tools are present by <a href=\"https://github.com/olaservo\"><code>@​olaservo</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\">modelcontextprotocol/typescript-sdk#1407</a></li>\n<li>fix: prevent Hono from overriding global Response object (v1.x) by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\">modelcontextprotocol/typescript-sdk#1411</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3</a></p>\n<h2>v1.25.2</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>ci: trigger workflow on v1.x branch by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\">modelcontextprotocol/typescript-sdk#1319</a></li>\n<li>fix: README badges links destinations by <a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n<li>fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\">modelcontextprotocol/typescript-sdk#1365</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2</a></p>\n<h2>1.25.1</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>spec types - backwards compatibility changes by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\">modelcontextprotocol/typescript-sdk#1306</a></li>\n<li>chore: bump version for patch fix by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\">modelcontextprotocol/typescript-sdk#1307</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1</a></p>\n<h2>1.25.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>list changed handlers on client constructor by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\">modelcontextprotocol/typescript-sdk#1206</a></li>\n<li>Role - moved from inline to reusable type by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\">modelcontextprotocol/typescript-sdk#1221</a></li>\n<li>fix: use versioned npm tag for non-main branch releases by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\">modelcontextprotocol/typescript-sdk#1236</a></li>\n<li>No automatic completion support unless needed - Revisited yet again by <a href=\"https://github.com/cliffhall\"><code>@​cliffhall</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\">modelcontextprotocol/typescript-sdk#1237</a></li>\n<li>fix: Support updating output schema by <a href=\"https://github.com/vincent0426\"><code>@​vincent0426</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\">modelcontextprotocol/typescript-sdk#1048</a></li>\n</ul>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"><code>fe9c07b</code></a> chore: bump version to 1.26.0 (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\">#1479</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"><code>4f01e7e</code></a> fix: add non-null assertions for optional setupServer fields in stateful test</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"><code>a05be17</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"><code>50d9fa3</code></a> Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\">#1442</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"><code>aa81a66</code></a> fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"><code>6aba065</code></a> chore: bump v1.25.3 for backport fixes (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\">#1412</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"><code>6e8f7e1</code></a> fix: prevent Hono from overriding global Response object (v1.x) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\">#1411</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"><code>12ae856</code></a> [v1.x backport] Use correct schema for client sampling validation when tools ...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"><code>b392f02</code></a> fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\">#1365</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"><code>a0c9b13</code></a> fix: README badges links destinations (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\">#907</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...v1.26.0\">compare view</a></li>\n</ul>\n</details>\n<details>\n<summary>Maintainer changes</summary>\n<p>This version was pushed to npm by <a href=\"https://www.npmjs.com/~pcarleton\">pcarleton</a>, a new releaser for <code>@​modelcontextprotocol/sdk</code> since your current version.</p>\n</details>\n<br />\n\nUpdates `ajv` from 6.12.6 to 8.18.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/ajv-validator/ajv/releases\">ajv's releases</a>.</em></p>\n<blockquote>\n<h2>v8.18.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>feat: allow tree-shaking by adding <code>&quot;sideEffects&quot;: false</code> to <code>package.json</code> by <a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li>fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null by <a href=\"https://github.com/jasoniangreen\"><code>@​jasoniangreen</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\">ajv-validator/ajv#2487</a></li>\n<li>fix: small grammatical error in managing-schemas.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n<li>fix: typos in schema-language.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\">ajv-validator/ajv#2507</a></li>\n<li>fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by <a href=\"https://github.com/epoberezkin\"><code>@​epoberezkin</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\">ajv-validator/ajv#2586</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li><a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0</a></p>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"><code>142ce84</code></a> 8.18.0</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"><code>720a23f</code></a> fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"><code>82735a1</code></a> fix: typos in schema-language.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\">#2507</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"><code>b17ec32</code></a> fix: small grammatical error in managing-schemas.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\">#2508</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"><code>69568d0</code></a> fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\">#2487</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"><code>f06766f</code></a> feat: allow tree-shaking by adding ``&quot;sideEffects&quot;: false<code>to</code>package.json` ...</li>\n<li>See full diff in <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `qs` from 6.14.0 to 6.15.0\n<details>\n<summary>Changelog</summary>\n<p><em>Sourced from <a href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\">qs's changelog</a>.</em></p>\n<blockquote>\n<h2><strong>6.15.0</strong></h2>\n<ul>\n<li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href=\"https://redirect.github.com/ljharb/qs/issues/425\">#425</a>, <a href=\"https://redirect.github.com/ljharb/qs/issues/122\">#122</a>)</li>\n<li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href=\"https://redirect.github.com/ljharb/qs/issues/514\">#514</a>)</li>\n</ul>\n<h2><strong>6.14.2</strong></h2>\n<ul>\n<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href=\"https://redirect.github.com/ljharb/qs/issues/546\">#546</a>)</li>\n<li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>\n<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href=\"https://redirect.github.com/ljharb/qs/issues/529\">#529</a>)</li>\n<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li>\n<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href=\"https://redirect.github.com/ljharb/qs/issues/545\">#545</a>)</li>\n<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>\n<li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href=\"https://redirect.github.com/ljharb/qs/issues/418\">#418</a>)</li>\n<li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href=\"https://redirect.github.com/ljharb/qs/issues/543\">#543</a>)</li>\n<li>[readme] replace runkit CI badge with shields.io check-runs badge</li>\n<li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li>\n<li>[actions] fix rebase workflow permissions</li>\n</ul>\n<h2><strong>6.14.1</strong></h2>\n<ul>\n<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li>\n<li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li>\n<li>[Refactor] <code>parse</code>: extract key segment splitting helper</li>\n<li>[meta] add threat model</li>\n<li>[actions] add workflow permissions</li>\n<li>[Tests] <code>stringify</code>: increase coverage</li>\n<li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li>\n</ul>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"><code>d9b4c66</code></a> v6.15.0</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"><code>cb41a54</code></a> [New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in...</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"><code>88e1563</code></a> [Fix] <code>duplicates</code> option should not apply to bracket notation keys</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"><code>9d441d2</code></a> Merge backport release tags v6.0.6–v6.13.3 into main</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"><code>85cc8ca</code></a> v6.12.5</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/ffc12aa71030f508ab28cccbb1987424abf52379\"><code>ffc12aa</code></a> v6.11.4</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/0506b11e457f6b3847b1dcf65b5c11c0eaf5dfb9\"><code>0506b11</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/6a37fafc75ce8a3d00ef611c9d7acfccc6ec449c\"><code>6a37faf</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/8e8df5a3b147ec2f86830c2e3de1016a7ecbc18b\"><code>8e8df5a</code></a> [Fix] fix regressions from robustness refactor</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/d60bab35a42b3c789d7a1461ea176eaee74eb751\"><code>d60bab3</code></a> v6.10.7</li>\n<li>Additional commits viewable in <a href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `@modelcontextprotocol/sdk` from 1.25.1 to 1.26.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"><code>@​modelcontextprotocol/sdk</code>'s releases</a>.</em></p>\n<blockquote>\n<h2>v1.26.0</h2>\n<p>Addresses &quot;Sharing server/transport instances can leak cross-client response data&quot; in this GHSA <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\">https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7</a></p>\n<h2>What's Changed</h2>\n<ul>\n<li>chore: bump v1.25.3 for backport fixes by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\">modelcontextprotocol/typescript-sdk#1412</a></li>\n<li>fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by <a href=\"https://github.com/samuv\"><code>@​samuv</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li>Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) by <a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n<li>chore: bump version to 1.26.0 by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\">modelcontextprotocol/typescript-sdk#1479</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/samuv\"><code>@​samuv</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\">modelcontextprotocol/typescript-sdk#1382</a></li>\n<li><a href=\"https://github.com/NSeydoux\"><code>@​NSeydoux</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\">modelcontextprotocol/typescript-sdk#1442</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0</a></p>\n<h2>v1.25.3</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>[v1.x backport] Use correct schema for client sampling validation when tools are present by <a href=\"https://github.com/olaservo\"><code>@​olaservo</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\">modelcontextprotocol/typescript-sdk#1407</a></li>\n<li>fix: prevent Hono from overriding global Response object (v1.x) by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\">modelcontextprotocol/typescript-sdk#1411</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\">https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3</a></p>\n<h2>v1.25.2</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>ci: trigger workflow on v1.x branch by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\">modelcontextprotocol/typescript-sdk#1319</a></li>\n<li>fix: README badges links destinations by <a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n<li>fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\">modelcontextprotocol/typescript-sdk#1365</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/antonpk1\"><code>@​antonpk1</code></a> made their first contribution in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\">modelcontextprotocol/typescript-sdk#907</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2</a></p>\n<h2>1.25.1</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>spec types - backwards compatibility changes by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\">modelcontextprotocol/typescript-sdk#1306</a></li>\n<li>chore: bump version for patch fix by <a href=\"https://github.com/felixweinberger\"><code>@​felixweinberger</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\">modelcontextprotocol/typescript-sdk#1307</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\">https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1</a></p>\n<h2>1.25.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>list changed handlers on client constructor by <a href=\"https://github.com/mattzcarey\"><code>@​mattzcarey</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\">modelcontextprotocol/typescript-sdk#1206</a></li>\n<li>Role - moved from inline to reusable type by <a href=\"https://github.com/KKonstantinov\"><code>@​KKonstantinov</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\">modelcontextprotocol/typescript-sdk#1221</a></li>\n<li>fix: use versioned npm tag for non-main branch releases by <a href=\"https://github.com/pcarleton\"><code>@​pcarleton</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\">modelcontextprotocol/typescript-sdk#1236</a></li>\n<li>No automatic completion support unless needed - Revisited yet again by <a href=\"https://github.com/cliffhall\"><code>@​cliffhall</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\">modelcontextprotocol/typescript-sdk#1237</a></li>\n<li>fix: Support updating output schema by <a href=\"https://github.com/vincent0426\"><code>@​vincent0426</code></a> in <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\">modelcontextprotocol/typescript-sdk#1048</a></li>\n</ul>\n<!-- raw HTML omitted -->\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"><code>fe9c07b</code></a> chore: bump version to 1.26.0 (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\">#1479</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"><code>4f01e7e</code></a> fix: add non-null assertions for optional setupServer fields in stateful test</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"><code>a05be17</code></a> Merge commit from fork</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"><code>50d9fa3</code></a> Fix <a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\">#1430</a>: Client Credentials providers scopes support (backported) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\">#1442</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"><code>aa81a66</code></a> fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"><code>6aba065</code></a> chore: bump v1.25.3 for backport fixes (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\">#1412</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"><code>6e8f7e1</code></a> fix: prevent Hono from overriding global Response object (v1.x) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\">#1411</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"><code>12ae856</code></a> [v1.x backport] Use correct schema for client sampling validation when tools ...</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"><code>b392f02</code></a> fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\">#1365</a>)</li>\n<li><a href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"><code>a0c9b13</code></a> fix: README badges links destinations (<a href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\">#907</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...v1.26.0\">compare view</a></li>\n</ul>\n</details>\n<details>\n<summary>Maintainer changes</summary>\n<p>This version was pushed to npm by <a href=\"https://www.npmjs.com/~pcarleton\">pcarleton</a>, a new releaser for <code>@​modelcontextprotocol/sdk</code> since your current version.</p>\n</details>\n<br />\n\nUpdates `ajv` from 8.17.1 to 8.18.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/ajv-validator/ajv/releases\">ajv's releases</a>.</em></p>\n<blockquote>\n<h2>v8.18.0</h2>\n<h2>What's Changed</h2>\n<ul>\n<li>feat: allow tree-shaking by adding <code>&quot;sideEffects&quot;: false</code> to <code>package.json</code> by <a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li>fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null by <a href=\"https://github.com/jasoniangreen\"><code>@​jasoniangreen</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\">ajv-validator/ajv#2487</a></li>\n<li>fix: small grammatical error in managing-schemas.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n<li>fix: typos in schema-language.md by <a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\">ajv-validator/ajv#2507</a></li>\n<li>fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by <a href=\"https://github.com/epoberezkin\"><code>@​epoberezkin</code></a> in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\">ajv-validator/ajv#2586</a></li>\n</ul>\n<h2>New Contributors</h2>\n<ul>\n<li><a href=\"https://github.com/josdejong\"><code>@​josdejong</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\">ajv-validator/ajv#2480</a></li>\n<li><a href=\"https://github.com/monteiro-renato\"><code>@​monteiro-renato</code></a> made their first contribution in <a href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\">ajv-validator/ajv#2508</a></li>\n</ul>\n<p><strong>Full Changelog</strong>: <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0</a></p>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"><code>142ce84</code></a> 8.18.0</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"><code>720a23f</code></a> fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"><code>82735a1</code></a> fix: typos in schema-language.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\">#2507</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"><code>b17ec32</code></a> fix: small grammatical error in managing-schemas.md (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\">#2508</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"><code>69568d0</code></a> fix: <a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\">#2482</a> Infinity and NaN serialise to null (<a href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\">#2487</a>)</li>\n<li><a href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"><code>f06766f</code></a> feat: allow tree-shaking by adding ``&quot;sideEffects&quot;: false<code>to</code>package.json` ...</li>\n<li>See full diff in <a href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `qs` from 6.14.0 to 6.15.0\n<details>\n<summary>Changelog</summary>\n<p><em>Sourced from <a href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\">qs's changelog</a>.</em></p>\n<blockquote>\n<h2><strong>6.15.0</strong></h2>\n<ul>\n<li>[New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in an array (<a href=\"https://redirect.github.com/ljharb/qs/issues/425\">#425</a>, <a href=\"https://redirect.github.com/ljharb/qs/issues/122\">#122</a>)</li>\n<li>[Fix] <code>duplicates</code> option should not apply to bracket notation keys (<a href=\"https://redirect.github.com/ljharb/qs/issues/514\">#514</a>)</li>\n</ul>\n<h2><strong>6.14.2</strong></h2>\n<ul>\n<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href=\"https://redirect.github.com/ljharb/qs/issues/546\">#546</a>)</li>\n<li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>\n<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href=\"https://redirect.github.com/ljharb/qs/issues/529\">#529</a>)</li>\n<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li>\n<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href=\"https://redirect.github.com/ljharb/qs/issues/545\">#545</a>)</li>\n<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>\n<li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href=\"https://redirect.github.com/ljharb/qs/issues/418\">#418</a>)</li>\n<li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href=\"https://redirect.github.com/ljharb/qs/issues/543\">#543</a>)</li>\n<li>[readme] replace runkit CI badge with shields.io check-runs badge</li>\n<li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li>\n<li>[actions] fix rebase workflow permissions</li>\n</ul>\n<h2><strong>6.14.1</strong></h2>\n<ul>\n<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code> notation as well</li>\n<li>[Fix] <code>parse</code>: when a custom decoder returns <code>null</code> for a key, ignore that key</li>\n<li>[Refactor] <code>parse</code>: extract key segment splitting helper</li>\n<li>[meta] add threat model</li>\n<li>[actions] add workflow permissions</li>\n<li>[Tests] <code>stringify</code>: increase coverage</li>\n<li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>npmignore</code>, <code>es-value-fixtures</code>, <code>for-each</code>, <code>object-inspect</code></li>\n</ul>\n</blockquote>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"><code>d9b4c66</code></a> v6.15.0</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"><code>cb41a54</code></a> [New] <code>parse</code>: add <code>strictMerge</code> option to wrap object/primitive conflicts in...</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"><code>88e1563</code></a> [Fix] <code>duplicates</code> option should not apply to bracket notation keys</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"><code>9d441d2</code></a> Merge backport release tags v6.0.6–v6.13.3 into main</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"><code>85cc8ca</code></a> v6.12.5</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/ffc12aa71030f508ab28cccbb1987424abf52379\"><code>ffc12aa</code></a> v6.11.4</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/0506b11e457f6b3847b1dcf65b5c11c0eaf5dfb9\"><code>0506b11</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/6a37fafc75ce8a3d00ef611c9d7acfccc6ec449c\"><code>6a37faf</code></a> [actions] update reusable workflows</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/8e8df5a3b147ec2f86830c2e3de1016a7ecbc18b\"><code>8e8df5a</code></a> [Fix] fix regressions from robustness refactor</li>\n<li><a href=\"https://github.com/ljharb/qs/commit/d60bab35a42b3c789d7a1461ea176eaee74eb751\"><code>d60bab3</code></a> v6.10.7</li>\n<li>Additional commits viewable in <a href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\nUpdates `hono` from 4.11.1 to 4.12.0\n<details>\n<summary>Release notes</summary>\n<p><em>Sourced from <a href=\"https://github.com/honojs/hono/releases\">hono's releases</a>.</em></p>\n<blockquote>\n<h2>v4.12.0</h2>\n<h1>Release Notes</h1>\n<p>Hono v4.12.0 is now available!</p>\n<p>This release includes new features for the Hono client, middleware improvements, adapter enhancements, and significant performance improvements to the router and context.</p>\n<h2><code>$path</code> for Hono Client</h2>\n<p>The Hono client now has a <code>$path()</code> method that returns the path string instead of a full URL. This is useful when you need just the path portion for routing or key-based operations:</p>\n<pre lang=\"ts\"><code>const client = hc&lt;typeof app&gt;('http://localhost:8787')\n<p>// Get the path string\nconst path = client.api.posts.$path()\n// =&gt; '/api/posts'</p>\n<p>// With path parameters\nconst postPath = client.api.posts[':id'].$path({\nparam: { id: '123' },\n})\n// =&gt; '/api/posts/123'</p>\n<p>// With query parameters\nconst searchPath = client.api.posts.$path({\nquery: { filter: 'test' },\n})\n// =&gt; '/api/posts?filter=test'\n</code></pre></p>\n<p>Unlike <code>$url()</code> which returns a <code>URL</code> object, <code>$path()</code> returns a plain path string, making it convenient for use with routers or as cache keys.</p>\n<p>Thanks <a href=\"https://github.com/ShaMan123\"><code>@​ShaMan123</code></a>!</p>\n<h2><code>ApplyGlobalResponse</code> Type Helper for RPC Client</h2>\n<p>The new <code>ApplyGlobalResponse</code> type helper allows you to add global error response types to all routes in the RPC client. This is useful for typing common error responses from <code>app.onError()</code> or global middlewares:</p>\n<pre lang=\"ts\"><code>const app = new Hono()\n  .get('/api/users', (c) =&gt; c.json({ users: ['alice', 'bob'] }, 200))\n  .onError((err, c) =&gt; c.json({ error: err.message }, 500))\n<p>type AppWithErrors = ApplyGlobalResponse&lt;\ntypeof app,\n{\n401: { json: { error: string; message: string } }\n500: { json: { error: string; message: string } }\n}\n&lt;/tr&gt;&lt;/table&gt;\n</code></pre></p>\n</blockquote>\n<p>... (truncated)</p>\n</details>\n<details>\n<summary>Commits</summary>\n<ul>\n<li><a href=\"https://github.com/honojs/hono/commit/d2ed2e9c966d82e2369bd74bdae4acd4e8f57807\"><code>d2ed2e9</code></a> 4.12.0</li>\n<li><a href=\"https://github.com/honojs/hono/commit/01e78adc637de2bc4ae532cf4a80bf7863652f8e\"><code>01e78ad</code></a> Merge pull request <a href=\"https://redirect.github.com/honojs/hono/issues/4735\">#4735</a> from honojs/next</li>\n<li><a href=\"https://github.com/honojs/hono/commit/a340a25fc6065f41328a20068c495f8a32410401\"><code>a340a25</code></a> perf(context): use <code>createResponseInstance</code> for new Response (<a href=\"https://redirect.github.com/honojs/hono/issues/4733\">#4733</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/bd26c3129f8e159864d3f96522f44e900516e847\"><code>bd26c31</code></a> perf(trie-router): improve performance (1.5x ~ 2.0x) (<a href=\"https://redirect.github.com/honojs/hono/issues/4724\">#4724</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/b85c1e032864322c581f4d04652d37ef59130eee\"><code>b85c1e0</code></a> feat(types): Add exports field to ExecutionContext (<a href=\"https://redirect.github.com/honojs/hono/issues/4719\">#4719</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/02346c6d945a10c98f54ae51622e8c7afbe3bad4\"><code>02346c6</code></a> feat(language): add progressive locale code truncation to normalizeLanguage (...</li>\n<li><a href=\"https://github.com/honojs/hono/commit/7438ab93553ce61773e2a74376972777602f08ff\"><code>7438ab9</code></a> perf(context): add fast path to c.json() matching c.text() optimization (<a href=\"https://redirect.github.com/honojs/hono/issues/4707\">#4707</a>)</li>\n<li><a href=\"https://github.com/honojs/hono/commit/034223f1bf8db3c98e4bf2d11d597c94362729d7\"><code>034223f</code></a> feat(trailing-slash): add <code>alwaysRedirect</code> option to support wildcard routes ...</li>\n<li><a href=\"https://github.com/honojs/hono/commit/16321afd47e1bf8f48d06d9d8a2eae6b607c73ef\"><code>16321af</code></a> feat(adapter): add getConnInfo for AWS Lambda, Cloudflare Pages, and Netlify ...</li>\n<li><a href=\"https://github.com/honojs/hono/commit/bf37828d6df56618bb90649c65c1c4deb2f9bcd6\"><code>bf37828</code></a> feat(basic-auth): add context key and callback options (<a href=\"https://redirect.github.com/honojs/hono/issues/4645\">#4645</a>)</li>\n<li>Additional commits viewable in <a href=\"https://github.com/honojs/hono/compare/v4.11.1...v4.12.0\">compare view</a></li>\n</ul>\n</details>\n<br />\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n<details>\n<summary>Dependabot commands and options</summary>\n<br />\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/elizaOS/eliza/network/alerts).\n\n</details>\n\n<!-- greptile_comment -->\n\n<h3>Greptile Summary</h3>\n\nThis PR updates npm dependencies across 3 directories in the computeruse package, primarily updating `@modelcontextprotocol/sdk` from various versions (1.17.3, 1.25.0) to 1.26.0. The update includes critical security fixes and addresses multiple vulnerabilities.\n\n**Key Security Improvements:**\n- **`@modelcontextprotocol/sdk` 1.26.0**: Fixes GHSA-345p-7cg4-v4c7 (cross-client response data leak vulnerability), prevents ReDoS attacks in UriTemplate regex patterns, and resolves npm audit vulnerabilities\n- **`ajv` 6.12.6→8.18.0**: Major version upgrade with CVE-2025-69873 fix (ReDoS mitigation in pattern validation with $data keyword)\n- **`qs` 6.14.0→6.15.0**: Minor update with bug fixes for arrayLimit handling and strictMerge option\n- **`hono` 4.11.1→4.12.0**: Minor update with performance improvements (transitive dependency)\n\n**Breaking Change Analysis:**\nThe `ajv` major version bump (v6→v8) is a transitive dependency change brought in by `@modelcontextprotocol/sdk`. Since the codebase does not directly import or use `ajv` (verified via code search), this breaking change is internally handled by the SDK and poses no risk to the application code.\n\n**Compatibility:**\nThe MCP SDK v1.26.0 maintains backward compatibility with v1.x APIs. The update includes type fixes and additional features (client credentials scopes support, schema validation improvements) without breaking existing usage patterns.\n\n<h3>Confidence Score: 5/5</h3>\n\n- This PR is safe to merge with no risk - it's an automated dependency update that addresses critical security vulnerabilities\n- Score of 5 reflects: (1) automated Dependabot PR with well-documented changes, (2) critical security fixes including GHSA advisory and CVE patches, (3) no direct code changes - only dependency version bumps in lock files, (4) ajv major version bump is safely encapsulated within @modelcontextprotocol/sdk with no direct usage in application code, (5) all updates maintain backward compatibility for the SDK's public API\n- No files require special attention - all changes are standard dependency updates in package.json and package-lock.json files\n\n<h3>Important Files Changed</h3>\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/computeruse/crates/computeruse-mcp-agent/package-lock.json | Updated MCP SDK and transitive dependencies including `ajv` 6.12.6→8.18.0, `qs` 6.14.0→6.15.0 with security patches |\n| packages/computeruse/crates/computeruse-mcp-agent/tests/integration/package-lock.json | Updated MCP SDK and transitive dependencies, notably `ajv` major version bump 6.12.6→8.18.0 with CVE fix |\n| packages/computeruse/examples/mcp-client-elicitation/package-lock.json | Updated MCP SDK and transitive dependencies including `ajv` 8.17.1→8.18.0, `hono` 4.11.1→4.12.0 with security patches |\n\n</details>\n\n\n\n<sub>Last reviewed commit: b820dcc</sub>\n\n<!-- greptile_other_comments_section -->\n\n<!-- /greptile_comment -->",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-20T18:32:56Z",
      "mergedAt": null,
      "additions": 481,
      "deletions": 333
    }
  ],
  "codeChanges": {
    "additions": 0,
    "deletions": 0,
    "files": 0,
    "commitCount": 9
  },
  "completedItems": [],
  "topContributors": [
    {
      "username": "decentralize-dfw",
      "avatarUrl": "https://avatars.githubusercontent.com/u/115695363?u=858e729376e39f7d94ec1907637812ec3b9ca575&v=4",
      "totalScore": 43.5437738965761,
      "prScore": 43.5437738965761,
      "issueScore": 0,
      "reviewScore": 0,
      "commentScore": 0,
      "summary": "decentralize-dfw: Focused on new feature development, opening PR #6515 in elizaos/eliza to add a new chatbot."
    },
    {
      "username": "standujar",
      "avatarUrl": "https://avatars.githubusercontent.com/u/16385918?u=718bdcd1585be8447bdfffb8c11ce249baa7532d&v=4",
      "totalScore": 43.343509249468454,
      "prScore": 43.343509249468454,
      "issueScore": 0,
      "reviewScore": 0,
      "commentScore": 0,
      "summary": "standujar: Focused on bugfix work, opening PR elizaos-plugins/plugin-n8n-workflow#19 to prevent multi-step confabulation and ensure AI nodes in responses, modifying 24 files with significant code and test changes (+451/-150 lines)."
    },
    {
      "username": "Fankouzu",
      "avatarUrl": "https://avatars.githubusercontent.com/u/8297296?u=bfe40f2d2a88d01f2092e44db726b11c0608b657&v=4",
      "totalScore": 34.0207738965761,
      "prScore": 34.0207738965761,
      "issueScore": 0,
      "reviewScore": 0,
      "commentScore": 0,
      "summary": "Fankouzu: Focused on code quality and maintainability by opening a pull request, elizaos/eliza#6519, to introduce strict typing for the logger runtime."
    },
    {
      "username": "greptile-apps",
      "avatarUrl": "https://avatars.githubusercontent.com/in/867647?v=4",
      "totalScore": 9.2,
      "prScore": 0,
      "issueScore": 0,
      "reviewScore": 9,
      "commentScore": 0.2,
      "summary": "greptile-apps: No activity today."
    },
    {
      "username": "samarth30",
      "avatarUrl": "https://avatars.githubusercontent.com/u/48334430?u=1fc119a6c2deb8cf60448b4c8961cb21dc69baeb&v=4",
      "totalScore": 4,
      "prScore": 0,
      "issueScore": 4,
      "reviewScore": 0,
      "commentScore": 0,
      "summary": "samarth30: Initiated work on enhancing Google and Twitter MCP functionalities by creating two new issues, elizaos/eliza#6517 and elizaos/eliza#6516, respectively."
    },
    {
      "username": "rookdaemon",
      "avatarUrl": "https://avatars.githubusercontent.com/u/258400181?u=f806b5798e056f9384e53da900fdcd3d7bc24c14&v=4",
      "totalScore": 2,
      "prScore": 0,
      "issueScore": 2,
      "reviewScore": 0,
      "commentScore": 0,
      "summary": "rookdaemon: Initiated a strategic discussion on inter-agent coordination by creating issue elizaos/eliza#6514, focusing on cross-instance communication."
    }
  ],
  "newPRs": 3,
  "mergedPRs": 0,
  "newIssues": 3,
  "closedIssues": 2,
  "activeContributors": 6
}