This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+4 more
Summary
AI summaryAdded tool safety annotations and two new server prompts.
Full changelog
Added
- Tool annotations on both tools (
readOnlyHint,destructiveHint,idempotentHint,openWorldHint) — lets clients + catalogs like Smithery reason about tool safety without invoking them. - Two prompts registered on the server:
review_dependabot_pr: takes an ecosystem + line-separated list ofname from -> tochanges, returns a user message that drives the model to callanalyze_packages_bulk.explain_package_upgrade: takes{ecosystem, name, fromVersion, toVersion}, returns a user message for a single-package analysis.
/.well-known/mcp/server-card.jsonnow advertises the annotations and prompts so Smithery's quality scorer picks them up without live scanning.
Changed
- Smithery quality score: 68 → target ~97 with annotations (7pt) and prompts (5pt) covered by this release. Description, Homepage, and Icon (27pt) still need to be set in the Smithery dashboard UI.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About DigiCatalyst-Systems/dep-diff-mcp
Translates a lockfile diff (npm, PyPI) into a human-readable upgrade plan. Point it at a Dependabot PR and get back semver classification, breaking changes from GitHub release notes, CVEs fixed in range, migration links, and a per-package recommendation. Bulk tool ranks up to 50 changes by risk (security > caution > review > likely-safe > safe)
Related context
Beta — feedback welcome: [email protected]