This release includes 2 breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+4 more
Summary
AI summarySplit server construction from transport binding to enable shared implementation.
Full changelog
Changed
- Split server construction from transport binding.
src/index.tsnow exports acreateMcpServer(token)factory and a Smithery-compatible default export (configSchema+default function({config})).src/server.tsbecomes a thin stdio launcher that calls the factory and bindsStdioServerTransport. package.jsongains amodulefield pointing todist/index.jsso Smithery's bundler can locate the streamable-http entry.
Why
- Smithery deploys wrap MCP servers in a streamable-HTTP transport and need an exported factory, not a self-wiring stdio entry. The factory split lets both transports share one implementation without duplication.
Breaking Changes
- Removed self-wiring stdio entry in `src/server.ts`; now a thin launcher calling the new factory.
- Exported `createMcpServer(token)` factory from `src/index.ts` replaces previous direct server construction.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About DigiCatalyst-Systems/dep-diff-mcp
Translates a lockfile diff (npm, PyPI) into a human-readable upgrade plan. Point it at a Dependabot PR and get back semver classification, breaking changes from GitHub release notes, CVEs fixed in range, migration links, and a per-package recommendation. Bulk tool ranks up to 50 changes by risk (security > caution > review > likely-safe > safe)
Related context
Beta — feedback welcome: [email protected]