This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
Affected surfaces
Summary
AI summaryDependency update includes security fix GHSA-345p-7cg4-v4c7 in @modelcontextprotocol/sdk.
Full changelog
What's Changed
Dependency updates via Dependabot:
Production
@modelcontextprotocol/sdk1.25.3 → 1.26.0 (includes security fix for GHSA-345p-7cg4-v4c7)zod4.3.5 → 4.3.6globals17.0.0 → 17.3.0typescript-eslint8.53.1 → 8.54.0
Dev
@types/bun1.3.6 → 1.3.8@types/node25.0.10 → 25.2.0
Full Changelog: https://github.com/ignaciohermosillacornejo/copilot-money-mcp/compare/v1.2.2...v1.2.3
What's Changed
- Add Cursor installation instructions to README by @ignaciohermosillacornejo in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/97
- Security: Lock down repository for public release by @ignaciohermosillacornejo in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/98
- chore(ci): bump actions/checkout from 4 to 6 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/101
- chore(ci): bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/99
- chore(ci): bump actions/download-artifact from 4 to 7 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/100
- chore(ci): bump 1password/load-secrets-action from 2 to 3 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/102
- chore(ci): bump actions/setup-node from 4 to 6 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/110
- chore(deps)(deps): bump the production-dependencies group with 2 updates by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/103
- chore(deps)(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/104
- chore(deps)(deps-dev): bump @types/node from 20.19.28 to 25.0.10 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/105
- chore(deps)(deps-dev): bump globals from 16.5.0 to 17.0.0 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/109
- chore(deps)(deps): bump zod from 3.25.76 to 4.3.5 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/106
- chore(deps)(deps): bump classic-level from 1.4.1 to 3.0.0 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/108
- chore(deps)(deps): bump protobufjs from 7.5.4 to 8.0.0 by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/107
- chore(deps)(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/112
- chore(deps)(deps): bump the production-dependencies group across 1 directory with 4 updates by @dependabot[bot] in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/113
New Contributors
- @dependabot[bot] made their first contribution in https://github.com/ignaciohermosillacornejo/copilot-money-mcp/pull/101
Full Changelog: https://github.com/ignaciohermosillacornejo/copilot-money-mcp/compare/v1.2.2...v1.2.3
Security Fixes
- dep: GHSA-345p-7cg4-v4c7 — security fix in @modelcontextprotocol/sdk version bump to 1.26.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About ignaciohermosillacornejo/copilot-money-mcp
Read and manage Copilot Money personal finance data — 30 tools for transactions, budgets, accounts, recurring charges, investments, and goals. Reads are 100% local from the Firestore cache; opt-in writes (`--write`) go directly to Copilot's GraphQL API.
Related context
Beta — feedback welcome: [email protected]