fix(deps): update dependency @modelcontextprotocol/sdk to v1.24.0 [security] #9753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

renovate wants to merge 1 commit into main from renovate/npm-modelcontextprotocol-sdk-vulnerability

Contributor

renovate bot commented Dec 2, 2025 •

edited

Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@modelcontextprotocol/sdk (source)	`1.12.0` -> `1.24.0`

GitHub Vulnerability Alerts

CVE-2025-66414

The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPServerTransport or SSEServerTransport and has not enabled enableDnsRebindingProtection, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.

Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.

Servers created via createMcpExpressApp() now have this protection enabled by default when binding to localhost. Users with custom Express configurations are advised to update to version 1.24.0 and apply the exported hostHeaderValidation() middleware when running an unauthenticated server on localhost.

Release Notes

modelcontextprotocol/typescript-sdk (@modelcontextprotocol/sdk)

`v1.24.0`

`v1.23.0`

What's Changed

Migrate to vitest from jest by @mattzcarey in #1074
ci: add workflow_dispatch trigger for manual CI runs by @felixweinberger in #1114
Fix: @types/node incompatibility with vite warnings on npm install by @KKonstantinov in #1121
Fix: clean up accidental spec.types.ts by @KKonstantinov in #1122
fix: Pass RequestInit options to auth requests by @dsp-ant in #1066
SEP-1036: URL Elicitation by @nbarbettini in #1105
add none to test and the router. by @m-henderson in #1116
[auth] Adjust scope management to line up with SEP-835 by @pcarleton in #1133
chore: add .idea/ to .gitignore by @maxisbey in #1134
chore: remove unused @types/eslint__js dependency by @mattzcarey in #1128
feat: url based client metadata registration (SEP 991) by @mattzcarey in #1127
feat: zod v4 with backwards compatibility for v3.25+ by @dclark27 in #1040
fix: remove pnpm lock and regenerate package-lock by @mattzcarey in #1138
docs: update installation instructions for zod peer dependency by @mattzcarey in #1139
Implement SEP-1577 - Sampling With Tools by @ochafik in #1101
Follow up: unify v3 and v4 zod types via describe matrix and a test helper by @KKonstantinov in #1141
chore: Add deprecated marker to old elicitInput overload by @nbarbettini in #1142
fix: Connect error in URL elicitation example by @nbarbettini in #1136
Support upscoping on insufficient_scope 403 by @Nayana-Parameswarappa in #1115
Support beta releases by publishing with --tag beta by @felixweinberger in #1146
Bump version to 1.23.0-beta.0 by @felixweinberger in #1147
SEP-1613: use.catchall() on inputSchema/outputSchema to support JSON Schema 2020-12 by @felixweinberger in #1135
sampling: validate tools, tool_use, tool_result constraints by @ochafik in #1156
fix: React to upstream RC schema changes for form mode elicitation requests by @felixweinberger in #1164
feat: implement SEP-1699 SSE polling via server-side disconnect by @felixweinberger in #1129
chore: bump package number for release by @felixweinberger in #1170

New Contributors

@nbarbettini made their first contribution in #1105
@m-henderson made their first contribution in #1116
@maxisbey made their first contribution in #1134
@dclark27 made their first contribution in #1040
@Nayana-Parameswarappa made their first contribution in #1115

Full Changelog: modelcontextprotocol/typescript-sdk@1.22.0...1.23.0

`v1.22.0`

What's Changed

registerTool: accept ZodType for input and output schema by @ksinder in #816
SEP-1319: Decouple Request Payloads, Remove passthrough iteration, Typecheck fixes by @KKonstantinov in #1086
add pkg-pr-new bot by @pcarleton in #1088
Upgrade to Node LTS by @mattzcarey in #1072
change step name by @pcarleton in #1089
SEP-1034: Default values for Elicitation Schemas by @KKonstantinov in #1096
SEP-1330: Compatibility with SEP-1034 by @KKonstantinov in #1100
Implementation of SEP-986: Specify Format for Tool Names by @kentcdodds in #900
[auth] Fix march spec fallback for metadata discovery by @pcarleton in #1108
chore: bump version for release by @felixweinberger in #1110

New Contributors

@ksinder made their first contribution in #816

Full Changelog: modelcontextprotocol/typescript-sdk@1.21.1...1.22.0

`v1.21.2`

What's changed

This is a patch release for a regression highlighted by #1103

This patch contains only the cherry picked fix in #1108

Full Changelog: modelcontextprotocol/typescript-sdk@1.21.1...1.21.2

`v1.21.1`

What's Changed

Only use path-based discovery URLs from the authorization server to discover metadata by @roadmapper in #1070
Add @deprecated annotations to legacy APIs by @domdomegg in #1018
fix: Support WWW-Authenticate scope param for SEP-835 by @chipgpt in #983
move CLI script to dedicated scripts directory by @mattzcarey in #1073
Check script which typechecks using Typescripts new Go port by @mattzcarey in #1075
FIX: use a nightly spec.types.ts by @mattzcarey in #1087
chore: bump version for release by @felixweinberger in #1085

New Contributors

@roadmapper made their first contribution in #1070

Full Changelog: modelcontextprotocol/typescript-sdk@1.21.0...1.21.1

`v1.21.0`

What's Changed

feat: pluggable JSON schema validator providers by @mattzcarey in #1012
Update metadata.ts by @pcarleton in #1010
fix: Prefer the token_endpoint_auth_method response from DCR registration by @chipgpt in #1022
Fix: Non-existent tool, disabled tool and inputSchema validation return MCP protocol level instead of CallToolResult with isError: true by @KKonstantinov in #1044
chore: bump version to 1.21.0 for release by @felixweinberger in #1062

New Contributors

@chipgpt made their first contribution in #1022

Full Changelog: modelcontextprotocol/typescript-sdk@1.20.2...1.21.0

`v1.20.2`

What's Changed

fix: Zod to JSONSchema pipe strategies by @pierreliefauche in #962
chore: bump version for weekly release by @felixweinberger in #1042

New Contributors

@pierreliefauche made their first contribution in #962

Full Changelog: modelcontextprotocol/typescript-sdk@1.20.1...1.20.2

`v1.20.1`

What's Changed

fix: Add Accept header to auth metadata request by @SVLaursen in #901
Allow empty string as valid URL in DCR workflow by @fredericbarthelet in #987
docs: fix summary contents at readme by @starfish719 in #1025
chore: bump version to 1.20.1 for release by @felixweinberger in #1032

New Contributors

@SVLaursen made their first contribution in #901
@starfish719 made their first contribution in #1025

Full Changelog: modelcontextprotocol/typescript-sdk@1.20.0...1.20.1

`v1.20.0`

What's Changed

docs: improve main README with better quick start, include examples of stateless HTTP, explain tools v resources v prompts by @domdomegg in #980
chore: add lint:fix script by @mattzcarey in #1013
Default to S256 code challenge if not specified in authorization server metadata by @LucaButBoring in #992

New Contributors 🙏

@mattzcarey made their first contribution in #1013

Full Changelog: modelcontextprotocol/typescript-sdk@1.19.0...1.20.0

`v1.19.1`

`v1.18.2`

What's Changed

Updates the sampling code example in the README by @viniciuscsouza in #958
Use redirect Uri passed in in demoInMemoryOAuthProvider by @TylerLeonhardt in #931
fix(auth-router): correct Protected Resource Metadata for pathful RS and add explicit resourceServerUrl (RFC 9728) by @blustAI in #858
chore: update version to 1.18.2 for weekly release by @felixweinberger in #970

New Contributors

@viniciuscsouza made their first contribution in #958
@TylerLeonhardt made their first contribution in #931
@blustAI made their first contribution in #858

Full Changelog: modelcontextprotocol/typescript-sdk@1.18.1...1.18.2

`v1.18.1`

What's Changed

fix: prevent streamable http wite after end from crashing the node process by @MQ37 in #933
chore: update version to 1.18.1 for weekly release by @felixweinberger in #950

New Contributors

@MQ37 made their first contribution in #933

Full Changelog: modelcontextprotocol/typescript-sdk@1.18.0...1.18.1

`v1.18.0`

What's Changed

mcp: update SDK for SEP 973 + add to example server by @jesselumarie in #904
feat: add _meta field support to tool definitions by @knguyen-figma in #922
Fix automatic log level handling for sessionless connections by @cliffhall in #917
1.17.6 by @ihrpr in #936
1.18.0 by @ihrpr in #937
ignore icons for now by @ihrpr in #938

New Contributors

@jesselumarie made their first contribution in #904
@knguyen-figma made their first contribution in #922

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.5...1.18.0

`v1.17.5`

What's Changed

Automatic handling of logging level by @cliffhall in #882
Fix the SDK vs Spec types test that is breaking CI by @cliffhall in #908

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.4...1.17.5

`v1.17.4`

What's Changed

feature(middleware): Composable fetch middleware for auth and cross‑cutting concerns by @m-paternostro in #485
restrict url schemes allowed in oauth metadata by @pcarleton in #877
[auth] OAuth protected-resource-metadata: fallback on 4xx not just 404 by @pcarleton in #879
chore: bump version to 1.17.4 by @felixweinberger in #894

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.3...1.17.4

`v1.17.3`

What's Changed

Fix quit command in Example client with OAuth by @DaleSeo in #864
fix: client import & server imports by @jatinsandilya in #851
fix: pass fetchfn parameter to registerClient and refreshAuthorizatio… by @arjunkmrm in #850
docs: correct parameter schema key in Dynamic Servers documentation by @bianbianzhu in #789
version: patch to 0.17.3 by @felixweinberger in #878

New Contributors

@DaleSeo made their first contribution in #864
@jatinsandilya made their first contribution in #851
@arjunkmrm made their first contribution in #850
@bianbianzhu made their first contribution in #789

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.2...1.17.3

`v1.17.2`

What's Changed

fix: retry next endpoint on CORS error during auth server discovery by @xiaoyijun in #827

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.1...1.17.2

`v1.17.1`

What's Changed

(fix): Update fallbackRequestHandler type to match _requestHandlers leaves type by @fredericbarthelet in #784
fix: prevent responses being sent to wrong client when multiple transports connect by @grimmerk in #820
1.17.1 by @ihrpr in #831

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.0...1.17.1

`v1.17.0`

What's Changed

Add CODEOWNERS file for sdk by @ihrpr in #781
Add more robust base64 check by @cliffhall in #786
update codeowners by @ihrpr in #803
Fix indent by @jiec-msft in #807
fix: Explicitly declare accpet type to json when exchanging oauth token by @JoJoJoJoJoJoJo in #801
feat: support oidc discovery in client sdk by @xiaoyijun in #652
fix: remove extraneous code block in README.md by @sd0ric4 in #791
Bump form-data from 4.0.2 to 4.0.4 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #798
Bump version 1.17.0 by @ihrpr in #810

New Contributors 🙏

@jiec-msft made their first contribution in #807
@sd0ric4 made their first contribution in #791

Full Changelog: modelcontextprotocol/typescript-sdk@1.16.0...1.17.0

`v1.16.0`

What's Changed

Add type compatibility test between SDK and spec types by @ochafik in #729
Add OIDC ID token support by @dankelleher in #680
Add prompt=consent for OIDC offline_access scope by @dankelleher in #681
Non-critical: Readme syntax and typographical error fixes by @freakynit in #765
make client side client_id generation configurable in the oauth router by @cdaguerre in #734
Adding invalidateCredentials() to OAuthClientProvider by @geelen in #570
fix: use authorization_server_url as issuer when fetching metadata by @JoJoJoJoJoJoJo in #763
feat(protocol): Debounce notifications to improve network efficiancy by @jneums in #746
fix(731): StreamableHTTPClientTransport Fails to Reconnect on Non-Resumable Streams by @jneums in #732
fix: consistently use consumer-provided fetch function by @LucaButBoring in #767
fix client id issuance date should only be sent when generated by @cdaguerre in #775
1.16.0 by @ihrpr in #779

New Contributors 🙏

@dankelleher made their first contribution in #680
@freakynit made their first contribution in #765
@cdaguerre made their first contribution in #734
@JoJoJoJoJoJoJo made their first contribution in #763
@jneums made their first contribution in #746
@LucaButBoring made their first contribution in #767

Full Changelog: modelcontextprotocol/typescript-sdk@1.15.1...1.16.0

`v1.15.1`

What's Changed

fix(client): Some mcp server need default env(#393, #196) by @sunrabbit123 in #394
feat: Add CORS configuration for browser-based MCP clients by @jerome3o-anthropic in #713
Add onsessionclosed hook to StreamableHTTPServerTransport by @jerome3o-anthropic in #743
add custom headers on initial _startOrAuth call by @anthonjn in #318
Improve stdio test Windows compatibility and refactor command logic by @HoberMin in #284
Add missing app.listen error handling to server examples by @ochafik in #749
fix(server): validate expiresAt token value for non existence by @christian-bromann in #446
[auth]: support oauth client_secret_basic / none / custom methods by @jaredhanson, @SightStudio, @ochafik in #720
feat: support async callbacks for onsessioninitialized and onsessionclosed by @jerome3o-anthropic in #751
Fix oauth well-known paths to retain path and query by @ihrpr in #756
auth: fetch AS metadata in well-known subpath from serverUrl even when PRM returns external AS by @ochafik in #752

New Contributors

@sunrabbit123 made their first contribution in #394
@anthonjn made their first contribution in #318
@HoberMin made their first contribution in #284

Full Changelog: modelcontextprotocol/typescript-sdk@1.15.0...1.15.1

`v1.15.0`

What's Changed

[!NOTE]
This release reverts a breaking change introduced in version 1.13.3.

Allow custom fetch in SSEClientTransport and StreamableHTTPClientTransport by @cliffhall in #721
Revert "fix: add type safety for tool output schemas in ToolCallback" by @sushichan044 in #725
bump version to 1.15.0 by @bhosmer-ant in #730

Full Changelog: modelcontextprotocol/typescript-sdk@1.14.0...1.15.0

`v1.14.0`

What's Changed

[!WARNING]
This introduces breaking changes, which are required to comply with the spec - more details

Rename reject to decline by @ihrpr in #727
1.14.0 by @ihrpr in #728

Full Changelog: modelcontextprotocol/typescript-sdk@1.13.3...1.14.0

`v1.13.3`

What's Changed

Implement DNS Rebinding Protections per spec by @ddworken in #565
fix lint by @ihrpr in #704
fix: add missing eventsource-parser dependency by @domnit in #424
fix: add windows env PROGRAMFILES, avoid some exe can not be found by @muzea in #386
add overloads for registerResource method in McpServer class by @kentcdodds in #661
fix: extra headers when they are a Headers object by @garciasdos in #571
fix: missing "properties" property in empty schema by @sinedied in #598
fix: Expose the MCP child process PID as an accessible property in StdioClientTransport by @XiaofuHuang in #455
fix: add type safety for tool output schemas in ToolCallback by @sushichan044 in #670
doc minimum node version requirment by @marcopeg in #463
docs: add error handling when it fails to start HTTP server by @formulahendry in #371
Added Sampling Example to README by @RishiNandha in #698
Returning undefined from discoverOAuthMetadata for CORS errors by @geelen in #717
Bump version to 1.13.3 by @ihrpr in #719

New Contributors 🙏

@ddworken made their first contribution in #565
@domnit made their first contribution in #424
@muzea made their first contribution in #386
@kentcdodds made their first contribution in #661
@garciasdos made their first contribution in #571
@sinedied made their first contribution in #598
@XiaofuHuang made their first contribution in #455
@sushichan044 made their first contribution in #670
@marcopeg made their first contribution in #463
@formulahendry made their first contribution in #371
@RishiNandha made their first contribution in #698

Full Changelog: modelcontextprotocol/typescript-sdk@1.13.2...1.13.3

`v1.13.2`

What's Changed

Fix /.well-known/oauth-authorization-server dropping path by @calclavia in #687
Fallback for /.well-known/oauth-authorization-server dropping path by @ihrpr in #692
[auth] refactor resource selection to not include resource if PRM is not present by @pcarleton in #693
fix: skip validation if tool reports error by @Areo-Joe in #655
feat(shared/auth): support software_statement in OAuthClientMetadata by @chrisdickinson in #696
Show session id per request in simpleStreamableHttp example server by @cliffhall in #640
Raw request propagation in tools - passed to callbacks via RequestHandlerExtra<ServerRequest, ServerNotification> by @KKonstantinov in #627
Update readme file to include a tip to allow mcp-session-id in CORS when using StreamableHTTP by @Achintha444 in #633
Pr/protocol overwriting transport hooks by @nichtsam in #477
docs: Add clarifying comments for stateless streamable HTTP endpoints by @dhodun in #542
Bump formidable from 3.5.2 to 3.5.4 in the npm_and_yarn group across 1 directory by @dependabot in #428
test(server): add more tests for SSEServerTransport class by @christian-bromann in #391
Update version of the package to 1.13.2 by @ihrpr in #701

New Contributors 🙏

@calclavia made their first contribution in #687
@Areo-Joe made their first contribution in #655
@KKonstantinov made their first contribution in #627
@Achintha444 made their first contribution in #633
@nichtsam made their first contribution in #477
@dhodun made their first contribution in #542
@christian-bromann made their first contribution in #391

Full Changelog: modelcontextprotocol/typescript-sdk@1.13.1...1.13.2

`v1.13.1`

What's Changed

simpleStreamableHttp: fix example code by @ochafik in #660
build: add watching script targets for build & simple streamable http server by @ochafik in #663
feat: remove console statements from SDK code by @ashwin-ant in #668
[auth] adjust default validation for resource parameter in client flow, and server example by @pcarleton in #664
fix(client/sse): extract protected resource from eventsource 401 by @chrisdickinson in #675
1.13.1 by @ihrpr in #683

Full Changelog: modelcontextprotocol/typescript-sdk@1.13.0...1.13.1

`v1.13.0`

🚀 Implementation for Spec revision 2025-06-18

https://github.com/modelcontextprotocol/modelcontextprotocol/releases/tag/2025-06-18

feat: implement MCP-Protocol-Version header requirement for HTTP transport by @ochafik in #614
Rename ResourceReference to ResourceTemplateReference by @ihrpr in #619
Adds _meta to additional interface types by @ihrpr in #630
Add title to tools, resources, prompts by @ihrpr in #631
Add support for resource link by @ihrpr in #632
Include context into completions by @ihrpr in #634
Add missing _meta fields to match spec requirements by @felixweinberger in #636
Introduce Elicitation capability by @ihrpr in #520
update _meta usage guidance in types.ts by @bhosmer-ant in #639
Jerome/fix/dev oauth server required scopes change by @jerome3o-anthropic in #629
remove hasCustomTitle by @ihrpr in #645
update latest protocol version by @ihrpr in #643
change version by @ihrpr in #647
RFC 8707 Resource Indicators Implementation by @ochafik in #638
rename decline to reject by [@ihrpr](https://redirect.g

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot requested review from cte, jr and mrubens as code owners

December 2, 2025 18:43

github-project-automation bot added this to Roo Code Roadmap and Roo Code Roadmap

github-project-automation bot moved this to New in Roo Code Roadmap

github-project-automation bot moved this to Triage in Roo Code Roadmap

Contributor

roomote bot commented Dec 2, 2025 •

edited

Loading

Rooviewer See task on Roo Cloud

Review completed. No issues found.

This security update addresses CVE-2025-66414 (DNS rebinding vulnerability) and is safe to merge. The dependency update is properly configured with all peer dependencies satisfied.

Previous reviews

fedae8d: Review #1

_{Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.}

dosubot bot added the size:XS label

roomote bot approved these changes

View reviewed changes

hannesrudolph added the Issue/PR - Triage label


          fix(deps): update dependency @modelcontextprotocol/sdk to v1.24.0 [se…

09bc6a0

…curity]

renovate bot force-pushed the renovate/npm-modelcontextprotocol-sdk-vulnerability branch from fedae8d to 09bc6a0 Compare

December 3, 2025 16:02

roomote bot approved these changes

View reviewed changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

roomote[bot] roomote[bot] approved these changes

mrubens Awaiting requested review from mrubens mrubens is a code owner

cte Awaiting requested review from cte cte is a code owner

jr Awaiting requested review from jr jr is a code owner

At least 1 approving review is required to merge this pull request.

Labels

Issue/PR - Triage size:XS