Skip to content

chore(deps): Bump the production-dependencies group with 4 updates #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): Bump the production-dependencies group with 4 updates #132

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025
edited
Loading

Bumps the production-dependencies group with 4 updates: @modelcontextprotocol/sdk, body-parser, iconv-lite and zod.

Updates @modelcontextprotocol/sdk from 1.22.0 to 1.23.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

1.23.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.22.0...1.23.0

1.23.0-beta.0

Special Note: zod v4

This beta release adds support for zod v4, a highly requested addition.

Special thanks to @​dclark27 @​colinhacks for all the work on modelcontextprotocol/typescript-sdk#1040 which adds this support while staying backwards compatible with zod v3!

NOTE: if you run into any issues with zod v4 in this SDK please raise an issue! We'll be monitoring actively for any issues while trying to use zod v4 as it's a highly anticipated update. In order to make this upgrade possible we needed to also require v3.25+ for zod v3. You may need to update your version of zod v3 if you've been using an older one. We're also making this a beta release while we get initial feedback on the update here.

What's Changed

... (truncated)

Commits
  • e6c71bb chore: bump package number for release (#1170)
  • 3c50d07 feat: implement SEP-1699 SSE polling via server-side disconnect (#1129)
  • b59a2bd fix: React to upstream RC schema changes for form mode elicitation requests (...
  • 2a55dfd sampling: validate tools, tool_use, tool_result constraints (#1156)
  • 41c6b35 SEP-1613: use.catchall() on inputSchema/outputSchema to support JSON Schema...
  • 0c1cbf0 Bump version to 1.23.0-beta.0 (#1147)
  • 33229a4 Support beta releases by publishing with --tag beta (#1146)
  • 3485a06 Support upscoping on insufficient_scope 403 (#1115)
  • fc4a6ec fix: Connect error in URL elicitation example (#1136)
  • 9df0972 chore: Add deprecated marker to old elicitInput overload (#1142)
  • Additional commits viewable in compare view

Updates body-parser from 2.2.0 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3
Commits
  • d96b63d 2.2.1 (#659)
  • b204886 sec: security patch for CVE-2025-13466
  • e20e351 feat: remove history.md from being packaged on publish (#660)
  • 0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
  • 168afff ci: also test on first supported node.js version (#646)
  • e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
  • 9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
  • 57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
  • a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
  • 10a114d test: add test for urlencoded invalid defaultCharset (#643)
  • Additional commits viewable in compare view

Updates iconv-lite from 0.6.3 to 0.7.0

Release notes

Sourced from iconv-lite's releases.

v0.7.0

🐞 Bug fixes

  • Handle split surrogate pairs when encoding utf8 - by @​yosion-p and @​ashtuchkin in #282:

    Handle a case where streaming utf8 encoder (converting js strings -> buffers) encounters surrogate pairs split between chunks (last character of one chunk is high surrogate and first character of the next chunk is a low surrogate).

  • Avoid false positives in encodingExists by using objects without a prototype - by @​bjohansebas in #328

    The encodingExists method could return incorrect results if the lookup matched properties inherited from the prototype of the object that stores the encodings, such as constructor and others. This change replaces that object with one that has no prototype, ensuring that only explicitly defined valid encodings in the library are considered. In addition, the fix is applied to the internal cache system to avoid the same kind of false positives

🚀 Improvements

  • Make explicit that decode() method supports Uint8Array input - by @​jardicc in #271
  • Remove compatibility check for StringDecoder.end method - by @​bjohansebas in #331

Other changes

New Contributors

Full Changelog: pillarjs/iconv-lite@v0.6.3...v0.7.0

Changelog

Sourced from iconv-lite's changelog.

0.7.0

🐞 Bug fixes

  • Handle split surrogate pairs when encoding utf8 - by @​yosion-p and @​ashtuchkin in #282:

    Handle a case where streaming utf8 encoder (converting js strings -> buffers) encounters surrogate pairs split between chunks (last character of one chunk is high surrogate and first character of the next chunk is a low surrogate).

  • Avoid false positives in encodingExists by using objects without a prototype - by @​bjohansebas in #328

    The encodingExists method could return incorrect results if the lookup matched properties inherited from the prototype of the object that stores the encodings, such as constructor and others. This change replaces that object with one that has no prototype, ensuring that only explicitly defined valid encodings in the library are considered. In addition, the fix is applied to the internal cache system to avoid the same kind of false positives

🚀 Improvements

  • Make explicit that decode() method supports Uint8Array input - by @​jardicc in #271
  • Remove compatibility check for StringDecoder.end method - by @​bjohansebas in #331
Commits
  • 165af71 release: 0.7.0 (#334)
  • ec88aea chore: remove object-assign (#338)
  • d8647ea docs(package.json): update repo name and add funding field (#337)
  • fc5925a Revert "chore: support node.js >=6, remove safe-buffer (#335)" (#336)
  • 4c2842a chore: support node.js >=6, remove safe-buffer (#335)
  • 1c2250f fix: add .git-blame-ignore-revs file for lint change
  • 2a31790 feat: adopt linter (#333)
  • 503f435 chore: update performance tests to use bench-node for benchmarking (#332)
  • 3aed296 docs: reorganize README
  • 0a2f8c5 fix: remove compatibility check for StringDecoder.end method (#331)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bsebas, a new releaser for iconv-lite since your current version.


Updates zod from 3.25.76 to 4.1.13

Release notes

Sourced from zod's releases.

v4.1.13

Commits:

  • 5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)
  • d3da530deb713c853e79405adddf770e156d50ac reflect the specified regex correctly in error (#5338)
  • 39f8c45b8a29de2330b485862b83cb35849f4238 faster initialization (#5352)
  • e9e27905cc0f37cb079ea473af8359d5e17a57a1 Clean up comment
  • 8e4739fadbd7de710eb67d34ba7e06a1029a68ab Update inferred z.promise() type
  • 2849df8907b011ab056d67ae8e3d27577ac4ed3e fix(locales): improve Dutch (nl) localization (#5367)
  • b0d3c9f628b60d358b66acf8f0ef7937fc9e8950 Run tests on windows
  • 6fd61b71b85e4fef4c168a46c3ebcc574f26255f feat unitest (#5358)
  • a4e4bc80e204577c698cf1369dd63c2b986d35f3 Lock to node 24
  • 8de8bad0fa84194b81efd32474462d7a236a1ee4 Fix windows build
  • b2c186bbae3a74a12acd385c1ced3ed978235cf8 Use Node LTS
  • b73b1f61c798efdf497852872b4c19cd4111c1f3 Consolidate isTransforming logic
  • d85f3ea4da53a1b232017dd4e4a2874eca4d8d76 Fix #5353
  • 1bac0f37b529eb9a0d833a01200f5a898e8e6220 Fix test.yml
  • 86d4dad5bc27b4b35df533c9170a552ad8c6c3bc Fix partial record
  • 5e6c0fd7471636feffe5763c9b7637879da459fe Fix attw on windows
  • 27fc616b8edb93cc27a4d25b37479d6e418bbccf Extend test timeout
  • 8d336c4d15e1917d78b67b890f7182f26633b56f Remove windows runner
  • 5be72e0ef4dceb1387febb7981079ecdeb5e2817 chore(doc): update metadata.tsx (#5331)
  • cb0272a0ad9962df95832a78587f54afec685351 docs: add 'cd zod' step to development setup instructions (#5394)
  • 24e3325dc63010e4f74e23caf91199652e8b12a9 docs: replace 'Refinement' with 'Transform' in transforms section (#5397)
  • 644a08203ebb00e23484b3f9a986ae783ce26a9a chore: add resource for validating environment variables with Zod (#5403)
  • 5e1cfcf578a47527044e85455e79c907fd913adc Change doc for email validation method in Zod schema (#5392)
  • 88cf9441448608d9de24b47b8a4a4ba879fc2433 Fix: Iterate over keys in catchall object using "in" operator. (#5376)
  • aa437325c5957c0cf57667cd7b8568603ee7ecd3 Emphasise that enum validates against values, for object literal & enums (#5386)
  • 3a4bd00aaa16276ffeb2708cc083a633bd4dd756 Improve Hebrew localization for Zod error messages (#5409)
  • c10f9d109874aeca6855383616c086b077d39f89 Fix typos (#5420)
  • 86f0ef918bb24f4ab9f1ce2afc5cf2d1a4a99473 Documentation Improvements (#5417)
  • e120a4877f4d8d076abf2db5c5cceab91a046be9 Fix opt tuple
  • f9bbb50c48f9c07ca869d28d6a7086d7290b97a3 Improve tuple
  • 0ba0f348f677688b69ed78473e022f5d225b41fc Optimize docs caching/ISR (#5433)
  • c3ec66c74b3fbc2616e880a90751c2cad7270bb3 Improve docs caching
  • c8cce4b607a7c0ca99cfb454571a3948ee9e85fb docs: fix typos and links (#5428)
  • 84ec04708525d6e83e3408d5d3a21edde742bdc5 docs(ecosystem): Add react-f3 (#5429)
  • 3396515cc6f04f5f346a1e00256ad09998dbaeb3 Docs: Fix typo in safeExtend description (#5445)
  • 3d93a7d593c19dc1822bc96a7c9d47312c29995e feat: MAC address validation in v4 and mini (#5440)
  • f2f0d178e1c526bc00ad0385706efad318bd44b0 Fix dual package hazard for globalRegistry (#5452)
  • 9fc493f86f17a5fc550df78e7e261137885f51ea fix: use oneOf for discriminated unions in JSON Schema (#5453)
  • 603dbe8dba6253c702ca8cf10b5299910dba3c88 Clean up regex, drop backreferences
  • ab69b9ee813713a111b56a60c2df929eaf5ba426 Update mac addr tests
  • f7910528901c05293bad275fffcb54a82e28fcc9 chore: upgrade vitest to v4 (#5028)
  • f97e80da9197064937a58167619967bee4ebb638 fix(core): prevent infinite recursion for recursive tuples (#5089) (#5094)
  • 002e01ad0fcc17b17683adafc80f2a86e8d355a9 fix(record): handle non-function constructor field in isPlainObject (#5098)
  • 67165174eb8c7d5c6e76e760830f3109b4fdbd0e docs(contributing): add instructions on building @​zod/docs (#5114)
  • 8b0603dde684f1665bb2329111ed187f73ccf0ac Fix typo in ISO time documentation (#5277)
  • be85ecc48a83e7f65ac0458d25f832fb4e28c9e7 docs(codecs): correct stringToDate safeDecode methods (#5302)
  • 50bba5462546401939920a6566a81c0d9c8ef7e1 Add zodgres to ecosystem documentation (#5308)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 1, 2025

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
chore(deps): Bump the production-dependencies group with 4 updates
0fb4577 
Bumps the production-dependencies group with 4 updates: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [body-parser](https://github.com/expressjs/body-parser), [iconv-lite](https://github.com/pillarjs/iconv-lite) and [zod](https://github.com/colinhacks/zod).


Updates `@modelcontextprotocol/sdk` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.22.0...1.23.0)

Updates `body-parser` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@v2.2.0...v2.2.1)

Updates `iconv-lite` from 0.6.3 to 0.7.0
- [Release notes](https://github.com/pillarjs/iconv-lite/releases)
- [Changelog](https://github.com/pillarjs/iconv-lite/blob/master/Changelog.md)
- [Commits](pillarjs/iconv-lite@v0.6.3...v0.7.0)

Updates `zod` from 3.25.76 to 4.1.13
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.76...v4.1.13)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: body-parser
  dependency-version: 2.2.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: iconv-lite
  dependency-version: 0.7.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zod
  dependency-version: 4.1.13
  dependency-type: indirect
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/production-dependencies-2dde359008 branch from 00938d6 to 0fb4577 Compare December 1, 2025 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant