chore(deps): bump the npm-mcp group across 1 directory with 14 updates by dependabot[bot] · Pull Request #1742 · airweave-ai/airweave

dependabot · 2026-04-01T10:26:16Z

Bumps the npm-mcp group with 14 updates in the /mcp directory:

Package	From	To
@airweave/sdk	`0.9.44`	`0.9.62`
@modelcontextprotocol/sdk	`1.27.1`	`1.29.0`
express	`4.22.1`	`5.2.1`
@types/express	`4.17.23`	`5.0.6`
ioredis	`5.10.0`	`5.10.1`
jose	`6.1.3`	`6.2.3`
posthog-node	`5.24.11`	`5.32.0`
zod	`3.25.28`	`4.4.1`
@types/node	`22.15.21`	`25.6.0`
@vitest/coverage-v8	`2.1.9`	`4.1.5`
supertest	`7.1.4`	`7.2.2`
@types/supertest	`6.0.3`	`7.2.0`
typescript	`5.8.3`	`6.0.3`
vitest	`2.1.9`	`4.1.5`

Updates @airweave/sdk from 0.9.44 to 0.9.62

Commits

b3f8145 Release v0.9.62
645a9e1 Release v0.9.61
5fca619 Release v0.9.60
519acf2 Release v0.9.59
2794e0d Release v0.9.58
d462a98 Release v0.9.57
2a3c51f Release v0.9.56
3c0fce0 Release v0.9.55
8bbb194 Release v0.9.54
d72a37f Release v0.9.53
Additional commits viewable in compare view

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

fix: treat v1.x as primary branch for npm latest tag (backport #1577) by @felixweinberger in modelcontextprotocol/typescript-sdk#1749

[v1.x] fix: disallow null (infinite) requested TTL by @LucaButBoring in modelcontextprotocol/typescript-sdk#1339

[v1.x] fix: add missing size field to ResourceSchema by @olaservo in modelcontextprotocol/typescript-sdk#1575

Add typings exports by @tdraier in modelcontextprotocol/typescript-sdk#1623

v1.x npm audit fix by @KKonstantinov in modelcontextprotocol/typescript-sdk#1780

v1.x #1623 follow up -add missing types to package.json by @KKonstantinov in modelcontextprotocol/typescript-sdk#1773

[v1.x backport] Allow servers / clients to advertise extensions in the capability object by @localden in modelcontextprotocol/typescript-sdk#1811

fix(stdio): always set windowsHide on Windows, not just in Electron by @jnMetaCode in modelcontextprotocol/typescript-sdk#1640

chore: bump version to 1.29.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1820

New Contributors

@tdraier made their first contribution in modelcontextprotocol/typescript-sdk#1623

@jnMetaCode made their first contribution in modelcontextprotocol/typescript-sdk#1640

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

feat: use scopes_supported from resource metadata by default (fixes #580) by @antogyn in modelcontextprotocol/typescript-sdk#757

[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by @pcarleton in modelcontextprotocol/typescript-sdk#1611

fix: reject plain JSON Schema objects passed as inputSchema by @tiluckdave in modelcontextprotocol/typescript-sdk#1596

fix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by @pcarleton in modelcontextprotocol/typescript-sdk#1462

fix(server/auth): RFC 8252 loopback port relaxation by @poteat in modelcontextprotocol/typescript-sdk#1738

chore: bump version to 1.28.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1746

New Contributors

@antogyn made their first contribution in modelcontextprotocol/typescript-sdk#757

@tiluckdave made their first contribution in modelcontextprotocol/typescript-sdk#1596

@poteat made their first contribution in modelcontextprotocol/typescript-sdk#1738

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

e12cbd7 chore: bump version to 1.29.0 (#1820)
3913fd4 fix(stdio): always set windowsHide on Windows, not just in Electron (#1640)
5608e78 [v1.x backport] Allow servers / clients to advertise extensions in the capabi...
7213816 v1.x #1623 follow up -add missing types to package.json (#1773)
364f38c v1.x npm audit fix (#1780)
c95cc09 Add typings exports (#1623)
ddadaa6 [v1.x] fix: add missing size field to ResourceSchema (#1575)
2a15851 [v1.x] fix: disallow null (infinite) requested TTL (#1339)
13e30f1 fix: treat v1.x as primary branch for npm latest tag (backport #1577) (#1749)
a056569 chore: bump version to 1.28.0 (#1746)
Additional commits viewable in compare view

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: server-static@2.2.0

deps: type-is@2.0.1

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: send@1.0.0

... (truncated)

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates @types/express from 4.17.23 to 5.0.6

Commits

See full diff in compare view

Updates ioredis from 5.10.0 to 5.10.1

Release notes

Sourced from ioredis's releases.

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

cluster: lazily start sharded subscribers (#2090) (4f167bb)

Changelog

Sourced from ioredis's changelog.

5.10.1 (2026-03-19)

Bug Fixes

cluster: lazily start sharded subscribers (#2090) (4f167bb)

Commits

9e26f8b chore(release): 5.10.1 [skip ci]
4f167bb fix(cluster): lazily start sharded subscribers (#2090)
See full diff in compare view

Updates jose from 6.1.3 to 6.2.3

Release notes

Sourced from jose's releases.

v6.2.3

Refactor

cleanly reject invalid PBES2 p2c (0cdb851)

v6.2.2

Fixes

reject failed decompression with JWEInvalid error (043b181)

v6.2.1

Refactor

reorganize internals, less files, smaller footprint (d4231f9)

v6.2.0

Features

re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

clarify return of general jws and jwe (56682b4)

Changelog

Sourced from jose's changelog.

6.2.3 (2026-04-27)

Refactor

cleanly reject invalid PBES2 p2c (0cdb851)

6.2.2 (2026-03-18)

Fixes

reject failed decompression with JWEInvalid error (043b181)

6.2.1 (2026-03-09)

Refactor

reorganize internals, less files, smaller footprint (d4231f9)

6.2.0 (2026-03-05)

Features

re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

clarify return of general jws and jwe (56682b4)

Commits

41ad7e9 chore(release): 6.2.3
988e90f chore: account for commit-and-tag-version instead of standard-version
4b24656 chore: update CHANGELOG.md header
0cdb851 refactor: cleanly reject invalid PBES2 p2c
a0b261e test: update Bun expectations
b39dc1a chore: use fs.globSync
0675be1 build: replace rollup umd build with a custom esbuild iife wrap
9b03323 chore: bump packages
914b73d chore(deps-dev): bump lodash
9dce817 chore: bump packages
Additional commits viewable in compare view

Updates posthog-node from 5.24.11 to 5.32.0

Release notes

Sourced from posthog-node's releases.

posthog-node@5.32.0

5.32.0

Minor Changes

#3474 70ba8f8 Thanks @patricio-posthog! - feat(flags): support mixed targeting in local evaluation (2026-04-30)

posthog-node@5.31.0

5.31.0

Minor Changes

#3491 974e4b2 Thanks @dustinbyrne! - Add Express and NestJS request context support for PostHog tracing headers. (2026-04-29)

posthog-node@5.30.8

5.30.8

Patch Changes

Updated dependencies []:

@posthog/core@1.27.9

posthog-node@5.30.7

5.30.7

Patch Changes

Updated dependencies []:

@posthog/core@1.27.8

posthog-node@5.30.6

5.30.6

Patch Changes

Updated dependencies []:

@posthog/core@1.27.7

posthog-node@5.30.5

5.30.5

Patch Changes

Updated dependencies []:

@posthog/core@1.27.6

posthog-node@5.30.4

5.30.4

... (truncated)

Changelog

Sourced from posthog-node's changelog.

5.32.0

Minor Changes

#3474 70ba8f8 Thanks @patricio-posthog! - feat(flags): support mixed targeting in local evaluation (2026-04-30)

5.31.0

Minor Changes

#3491 974e4b2 Thanks @dustinbyrne! - Add Express and NestJS request context support for PostHog tracing headers. (2026-04-29)

5.30.8

Patch Changes

Updated dependencies []:

@posthog/core@1.27.9

5.30.7

Patch Changes

Updated dependencies []:

@posthog/core@1.27.8

5.30.6

Patch Changes

Updated dependencies []:

@posthog/core@1.27.7

5.30.5

Patch Changes

Updated dependencies []:

@posthog/core@1.27.6

5.30.4

Patch Changes

Updated dependencies [70508df]:

@posthog/core@1.27.5

5.30.3

... (truncated)

Commits

b02194b chore: update versions and lockfile [version bump]
70ba8f8 feat(flags): support mixed targeting in local evaluation (#3474)
eb5fc8e chore: update versions and lockfile [version bump]
974e4b2 feat(node): add request context tracing headers (#3491)
d0db43d chore: update versions and lockfile [version bump]
983118f chore: update versions and lockfile [version bump]
1816007 chore: update versions and lockfile [version bump]
1f68496 chore: update versions and lockfile [version bump]
782f944 chore: update versions and lockfile [version bump]
82b5b19 chore: update versions and lockfile [version bump]
Additional commits viewable in compare view

Updates zod from 3.25.28 to 4.4.1

Release notes

Sourced from zod's releases.

v4.4.1

Commits:

481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow

95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations

cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)

edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1

180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

Tuple defaults now materialize output values correctly

Fixed in #5661. Tuple parsing now more accurately reflects defaults, optional tails, explicit undefined, and under-filled inputs. The headline behavior is that defaults in tuple positions now properly appear in parsed output.
const schema = z.tuple([
  z.string(),
  z.string().default("fallback"),
]);
schema.parse(["a"]);
// ["a", "fallback"]
Trailing optional elements that are absent still stay absent; they are not filled with undefined.
const schema = z.tuple([
  z.string(),
  z.string().optional(),
]);
schema.parse(["a"]);
// ["a"]
But explicit undefined values supplied by the caller are preserved.
schema.parse(["a", undefined]);
// ["a", undefined]
When optional elements appear before later defaults, the parsed tuple is now dense so array operations behave predictably.

... (truncated)

Commits

180d83d docs: remove Jazz featured sponsor
edd0bf0 release: 4.4.1
cede2c6 fix(v4): reject tuple holes before required defaults (#5900)
95ccab4 test(v3): restore optional undefined expectations
481f7be ci: gate release publishing on full test workflow
d05f026 release: 4.4.0
f778e02 build: bump zshy for JSR wildcard exports
6db607b fix(release): keep JSR manifest publishable
ad0b827 ci: update release workflow for trusted publishing
b6066b3 fix(v4): align object and tuple optionality handling (#5661)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.

Updates @types/express from 4.17.23 to 5.0.6

Commits

See full diff in compare view

Updates @types/node from 22.15.21 to 25.6.0

Commits

See full diff in compare view

Updates @vitest/coverage-v8 from 2.1.9 to 4.1.5

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
ac04bac chore: release v4.1.4
2dc0d62 chore: release v4.1.3
fc6f482 chore: release v4.1.2
1f2d318 chore: release v4.1.1
aaf9f18 fix(coverage): simplify provider types (#9931)
4150b91 chore: release v4.1.0
0c2c013 chore: release v4.1.0-beta.6
689a22a fix(browser): types of getCDPSession and cdp() (#9716)
94eb73b chore(deps): update eslint packages (#9615)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @vitest/coverage-v8 since your current version.

Updates supertest from 7.1.4 to 7.2.2

Release notes

Sourced from supertest's releases.

v7.2.2

fix: replace 'should' dependency with native assertions in cookies module 1954bcf

forwardemail/supertest@v7.2.1...v7.2.2

v7.2.1

fix: correct case-sensitive require path for assertion module d4f04fb

forwardemail/supertest@v7.2.0...v7.2.1

v7.2.0

fix: fixed package lock c4b08a6

fix: drop v14 and v16 from tests d084ce2

Merge pull request #872 from forwardemail/dependabot/npm_and_yarn/js-yaml-3.14.2 61f3ddf

Merge pull request #873 from forwardemail/dependabot/npm_and_yarn/multi-6d05d0e569 bd2fe45

chore(deps): bump qs, body-parser and express 07bf4fb

Merge pull request #866 from SchroederSteffen/use-lowercase-header-name 0666797

Merge pull request #868 from dmurvihill/cookie-assertions 953eca7

chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 81ab94c

Merge pull request #870 from kudlav/patch-1 14d905d

Update links to documentation in README f508b30

feat(cookies): add cookie assertions 4f89680

chore(readme): use lower-case header name 1e642b0

forwardemail/supertest@v7.1.4...v7.2.0

Commits

d799751 7.2.2
1954bcf fix: replace 'should' dependency with native assertions in cookies module
8fb7453 7.2.1
d4f04fb fix: correct case-sensitive require path for assertion module
b8f0a43 7.2.0
c4b08a6 fix: fixed package lock
d084ce2 fix: drop v14 and v16 from tests
61f3ddf Merge pull request #872 from forwardemail/dependabot/npm_and_yarn/js-yaml-3.14.2
bd2fe45 Merge pull request #873 from forwardemail/dependabot/npm_and_yarn/multi-6d05d...
07bf4fb chore(deps): bump qs, body-parser and express
Additional commits viewable in compare view

Updates @types/supertest from 6.0.3 to 7.2.0

Commits

See full diff in compare view

Updates typescript from 5.8.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

fixed issues query for TypeScript 6.0.0 (Beta).

fixed issues query for TypeScript 6.0.1 (RC).

fixed issues query for TypeScript 6.0.2 (Stable).

fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

fixed issues query for TypeScript 6.0.0 (Beta).

fixed issues query for TypeScript 6.0.1 (RC).

fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

<...
Description has been truncated

cubic-dev-ai

No issues found across 2 files

Bumps the npm-mcp group with 14 updates in the /mcp directory: | Package | From | To | | --- | --- | --- | | [@airweave/sdk](https://github.com/airweave-ai/typescript-sdk) | `0.9.44` | `0.9.62` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.27.1` | `1.29.0` | | [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `4.17.23` | `5.0.6` | | [ioredis](https://github.com/luin/ioredis) | `5.10.0` | `5.10.1` | | [jose](https://github.com/panva/jose) | `6.1.3` | `6.2.3` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.24.11` | `5.32.0` | | [zod](https://github.com/colinhacks/zod) | `3.25.28` | `4.4.1` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.15.21` | `25.6.0` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `2.1.9` | `4.1.5` | | [supertest](https://github.com/ladjs/supertest) | `7.1.4` | `7.2.2` | | [@types/supertest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/supertest) | `6.0.3` | `7.2.0` | | [typescript](https://github.com/microsoft/TypeScript) | `5.8.3` | `6.0.3` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.9` | `4.1.5` | Updates `@airweave/sdk` from 0.9.44 to 0.9.62 - [Release notes](https://github.com/airweave-ai/typescript-sdk/releases) - [Commits](airweave-ai/typescript-sdk@v0.9.44...v0.9.62) Updates `@modelcontextprotocol/sdk` from 1.27.1 to 1.29.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.29.0) Updates `express` from 4.22.1 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v4.22.1...v5.2.1) Updates `@types/express` from 4.17.23 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `ioredis` from 5.10.0 to 5.10.1 - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md) - [Commits](redis/ioredis@v5.10.0...v5.10.1) Updates `jose` from 6.1.3 to 6.2.3 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](panva/jose@v6.1.3...v6.2.3) Updates `posthog-node` from 5.24.11 to 5.32.0 - [Release notes](https://github.com/PostHog/posthog-js/releases) - [Changelog](https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md) - [Commits](https://github.com/PostHog/posthog-js/commits/posthog-node@5.32.0/packages/node) Updates `zod` from 3.25.28 to 4.4.1 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.28...v4.4.1) Updates `@types/express` from 4.17.23 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `@types/node` from 22.15.21 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@vitest/coverage-v8` from 2.1.9 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8) Updates `supertest` from 7.1.4 to 7.2.2 - [Release notes](https://github.com/ladjs/supertest/releases) - [Commits](forwardemail/supertest@v7.1.4...v7.2.2) Updates `@types/supertest` from 6.0.3 to 7.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/supertest) Updates `typescript` from 5.8.3 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.8.3...v6.0.3) Updates `vitest` from 2.1.9 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@airweave/sdk" dependency-version: 0.9.60 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-mcp - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-mcp - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: "@types/node" dependency-version: 25.5.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: "@types/supertest" dependency-version: 7.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: ioredis dependency-version: 5.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-mcp - dependency-name: jose dependency-version: 6.2.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-mcp - dependency-name: posthog-node dependency-version: 5.28.9 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-mcp - dependency-name: supertest dependency-version: 7.2.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-mcp - dependency-name: typescript dependency-version: 6.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: vitest dependency-version: 4.1.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-mcp - dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-mcp ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added area:mcp Model Context Protocol server chore Routine maintenance, dependency updates, or tooling deps:javascript JavaScript package updates (npm) labels Apr 1, 2026

dependabot Bot had a problem deploying to dev April 1, 2026 10:26 Failure

cubic-dev-ai Bot reviewed Apr 1, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/npm_and_yarn/mcp/npm-mcp-715e127a2f branch from 1d6df12 to 042f079 Compare May 1, 2026 10:33

dependabot Bot had a problem deploying to dev May 1, 2026 10:33 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm-mcp group across 1 directory with 14 updates#1742

chore(deps): bump the npm-mcp group across 1 directory with 14 updates#1742
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/mcp/npm-mcp-715e127a2f

dependabot Bot commented on behalf of github Apr 1, 2026 •

edited

Loading

Uh oh!

cubic-dev-ai Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.29.0

What's Changed

New Contributors

v1.28.0

What's Changed

New Contributors

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

5.10.1 (2026-03-19)

Bug Fixes

v6.2.3

Refactor

v6.2.2

Fixes

v6.2.1

Refactor

v6.2.0

Features

Documentation

6.2.3 (2026-04-27)

Refactor

6.2.2 (2026-03-18)

Fixes

6.2.1 (2026-03-09)

Refactor

6.2.0 (2026-03-05)

Features

Documentation

posthog-node@5.32.0

5.32.0

Minor Changes

posthog-node@5.31.0

5.31.0

Minor Changes

posthog-node@5.30.8

5.30.8

Patch Changes

posthog-node@5.30.7

5.30.7

Patch Changes

posthog-node@5.30.6

5.30.6

Patch Changes

posthog-node@5.30.5

5.30.5

Patch Changes

posthog-node@5.30.4

5.30.4

5.32.0

Minor Changes

5.31.0

Minor Changes

5.30.8

Patch Changes

5.30.7

Patch Changes

5.30.6

Patch Changes

5.30.5

Patch Changes

5.30.4

Patch Changes

5.30.3

v4.4.1

Commits:

v4.4.0

dependabot Bot commented on behalf of github Apr 1, 2026 •

edited

Loading