iaptic/mcp-server-iaptic

v1.2.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Data & Storage

✓ No known CVEs patched

This release patches 1 known CVE

Affected surfaces

deps

Summary

AI summary

Bumped axios floor from ^1.13.6 to ^1.15.2 resolving 13 Dependabot alerts.

Full changelog

Resolves 13 open Dependabot alerts (1 high, 12 moderate) via transitive dependency updates and an axios version floor bump.

Bumped axios floor from ^1.13.6 to ^1.15.2
npm audit fix resolved transitives: hono, @hono/node-server, path-to-regexp, follow-redirects
npm audit now reports 0 vulnerabilities

All 13 alerts were effectively unreachable in this project:

This is a stdio-only MCP server — the vulnerable hono / @hono/node-server / path-to-regexp paths live in the MCP SDK's optional HTTP transport, which is never instantiated here.
The axios SSRF alerts require proxy env vars plus attacker-controlled URLs; this client only calls the hard-coded https://validator.iaptic.com/v3 endpoint.

Patching anyway for hygiene and to keep downstream consumers' audit logs clean.

Full Changelog: https://github.com/iaptic/mcp-server-iaptic/compare/v1.2.0...v1.2.1

Bumped axios minimum version to ^1.15.2 resolving high (1) and moderate (12) Dependabot alerts

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track iaptic/mcp-server-iaptic

Get notified when new releases ship.

About iaptic/mcp-server-iaptic

Connect with iaptic to ask about your Customer Purchases, Transaction data and App Revenue statistics.