Skip to content

DigiCatalyst-Systems/dep-diff-mcp

v0.1.1 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 1mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

changelog cve dependabot dependency-management mcp model-context-protocol
+4 more
npm pypi security typescript

Summary

AI summary

Added mcpName field for MCP Registry listing and enabled npm provenance attestations on tarballs.

Full changelog

Added

  • mcpName field in package.json and a root-level server.json so the package can be listed on the official MCP Registry (io.github.digicatalyst-systems/dep-diff-mcp).

Changed

  • First release published through CI via the publish GitHub Actions workflow using npm Trusted Publisher / OIDC. Tarballs now carry an npm provenance attestation.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track DigiCatalyst-Systems/dep-diff-mcp

Get notified when new releases ship.

Sign up free

About DigiCatalyst-Systems/dep-diff-mcp

Translates a lockfile diff (npm, PyPI) into a human-readable upgrade plan. Point it at a Dependabot PR and get back semver classification, breaking changes from GitHub release notes, CVEs fixed in range, migration links, and a per-package recommendation. Bulk tool ranks up to 50 changes by risk (security > caution > review > likely-safe > safe)

All releases →

Related context

Beta — feedback welcome: [email protected]