Skip to content

chore(deps): bump mcp-framework from 0.2.13 to 0.2.22#23

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mcp-framework-0.2.22
Open

chore(deps): bump mcp-framework from 0.2.13 to 0.2.22#23
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mcp-framework-0.2.22

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026

Bumps mcp-framework from 0.2.13 to 0.2.22.

Release notes

Sourced from mcp-framework's releases.

mcp-framework: v0.2.22

0.2.22 (2026-04-05)

Features

  • auth: add SATP agent trust verification provider (57c9679)
  • auth: add SATP agent trust verification provider (cc0135b), closes #142
  • skip git init in existing repos and add unit tests for create . (879cd8b)
  • support mcp create . to scaffold in current directory (1993394)
  • support mcp create . to scaffold in current directory (300d89e), closes #78

Bug Fixes

  • add mcp-framework CLI alias and PATH conflict detection (b543447)
  • add mcp-framework CLI alias and PATH conflict detection (#53) (2c5a1ca)
  • enforce maxMessageSize in readRequestBody (7665c66)
  • enforce maxMessageSize in readRequestBody (f97d2bb)

mcp-framework: v0.2.21

0.2.21 (2026-04-02)

Features

  • add health endpoint for SSE and HTTP Stream transports (8f21477)
  • add health endpoint for SSE and HTTP Stream transports (f165b99), closes #62

mcp-framework: v0.2.20

0.2.20 (2026-04-02)

Features

  • add elicitation support and upgrade SDK to 1.29.0 (652694d)
  • add Lambda/serverless support (handleRequest + createLambdaHandler) (d3e0459)
  • add Lambda/serverless support with handleRequest() and createLambdaHandler() (bec59ab)
  • add MCP Apps support (interactive UI from tools) (277b511)
  • add MCP Apps support (interactive UI from tools) (571b365)
  • add multi-transport support for concurrent stdio/SSE/HTTP Stream (#124) (b7da217)
  • add React support for MCP Apps (a385629)
  • add React support for MCP Apps (4ea299f)
  • implement MCP 2025-11-25 spec compliance (18 tickets) (91c2233)
  • multi-transport support for concurrent stdio/SSE/HTTP Stream (d6353a6)
  • rename CLI to create-docs-mcp and publish @​mcpframework/docs (9ddd03f)

Bug Fixes

... (truncated)

Changelog

Sourced from mcp-framework's changelog.

0.2.22 (2026-04-05)

Features

  • auth: add SATP agent trust verification provider (57c9679)
  • auth: add SATP agent trust verification provider (cc0135b), closes #142
  • skip git init in existing repos and add unit tests for create . (879cd8b)
  • support mcp create . to scaffold in current directory (1993394)
  • support mcp create . to scaffold in current directory (300d89e), closes #78

Bug Fixes

  • add mcp-framework CLI alias and PATH conflict detection (b543447)
  • add mcp-framework CLI alias and PATH conflict detection (#53) (2c5a1ca)
  • enforce maxMessageSize in readRequestBody (7665c66)
  • enforce maxMessageSize in readRequestBody (f97d2bb)

0.2.21 (2026-04-02)

Features

  • add health endpoint for SSE and HTTP Stream transports (8f21477)
  • add health endpoint for SSE and HTTP Stream transports (f165b99), closes #62

0.2.20 (2026-04-02)

Features

  • add elicitation support and upgrade SDK to 1.29.0 (652694d)
  • add Lambda/serverless support (handleRequest + createLambdaHandler) (d3e0459)
  • add Lambda/serverless support with handleRequest() and createLambdaHandler() (bec59ab)
  • add MCP Apps support (interactive UI from tools) (277b511)
  • add MCP Apps support (interactive UI from tools) (571b365)
  • add multi-transport support for concurrent stdio/SSE/HTTP Stream (#124) (b7da217)
  • add React support for MCP Apps (a385629)
  • add React support for MCP Apps (4ea299f)
  • implement MCP 2025-11-25 spec compliance (18 tickets) (91c2233)
  • multi-transport support for concurrent stdio/SSE/HTTP Stream (d6353a6)
  • rename CLI to create-docs-mcp and publish @​mcpframework/docs (9ddd03f)

Bug Fixes

  • add Bearer header and query param fallbacks for API key auth (8002267), closes #80
  • API key auth fallbacks for SSE clients without custom headers (298799f)
  • handle ZodNullable and ZodDefault in legacy schema optionality check (5fcd54d), closes #118

... (truncated)

Commits
  • ead9c4b Merge pull request #169 from QuantGeekDev/release-please--branches--main--com...
  • 2147957 chore: release 0.2.22
  • 57c9679 Merge pull request #171 from 0xbrainkid/feat/satp-agent-trust
  • 7665c66 Merge pull request #173 from razashariff/fix/enforce-max-message-size
  • f97d2bb fix: enforce maxMessageSize in readRequestBody
  • 44bf363 docs: add SATP agent trust verification guide
  • cc0135b feat(auth): add SATP agent trust verification provider
  • 1993394 Merge pull request #170 from QuantGeekDev/feat/create-current-dir-78
  • 879cd8b feat: skip git init in existing repos and add unit tests for create .
  • 300d89e feat: support mcp create . to scaffold in current directory
  • Additional commits viewable in compare view
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump mcp-framework from 0.2.13 to 0.2.22
c88adf4 
Bumps [mcp-framework](https://github.com/QuantGeekDev/mcp-framework) from 0.2.13 to 0.2.22.
- [Release notes](https://github.com/QuantGeekDev/mcp-framework/releases)
- [Changelog](https://github.com/QuantGeekDev/mcp-framework/blob/main/CHANGELOG.md)
- [Commits](QuantGeekDev/mcp-framework@mcp-framework-v0.2.13...mcp-framework-v0.2.22)

---
updated-dependencies:
- dependency-name: mcp-framework
  dependency-version: 0.2.22
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 16, 2026 20:45
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 16, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 16, 2026

MCP Security Check

PASSED - No critical vulnerabilities

MCP Vulnerability Summary

Severity Count Status
CRITICAL 0 Pass
HIGH 26 Warning
MEDIUM 0 Info

MCP project has strict security requirements. Critical vulnerabilities block merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants