Skip to content

line/line-bot-mcp-server

v0.5.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 5d MCP Browser & Automation
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

line linebot mcp mcp-server

Affected surfaces

rce_ssrf breaking_upgrade

ReleasePort's take

Moderate signal
editorial:auto 5d

Upgrade @line/bot-sdk to v11.0.1 immediately to block a path traversal flaw.

Why it matters: A critical severity (severity 90) vulnerability enables arbitrary file access via the @line/bot-sdk dependency; upgrade before deployment.

Summary

AI summary

Updates Dependency updates, deps, and Other Changes across a mixed release.

Changes in this release

Security Critical

Upgrade @line/bot-sdk to v11.0.1 to prevent path traversal vulnerability.

Upgrade @line/bot-sdk to v11.0.1 to prevent path traversal vulnerability.

Source: llm_adapter@2026-05-29

Confidence: high
Breaking High

Drop support for Node.js 20; require Node.js 26 or later.

Drop support for Node.js 20; require Node.js 26 or later.

Source: llm_adapter@2026-05-29

Confidence: high
Feature Medium

Add get_follower_ids tool (premium LINE Official Account feature).

Add get_follower_ids tool (premium LINE Official Account feature).

Source: llm_adapter@2026-05-29

Confidence: high
Feature Medium

Add tool annotations for improved LLM understanding.

Add tool annotations for improved LLM understanding.

Source: llm_adapter@2026-05-29

Confidence: high
Feature Low

Add support for auto‑updating version in manifest.json.

Add support for auto‑updating version in manifest.json.

Source: llm_adapter@2026-05-29

Confidence: high
Deprecation Medium

Deprecate McpServer#tool; use McpServer#registerTool instead.

Deprecate McpServer#tool; use McpServer#registerTool instead.

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Medium

Fix flex message schema definition.

Fix flex message schema definition.

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Medium

Improve error message handling and reporting.

Improve error message handling and reporting.

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Low

Run npm audit fix --force to remediate vulnerable libraries.

Run npm audit fix --force to remediate vulnerable libraries.

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Low

Update vulnerable libraries to patched versions.

Update vulnerable libraries to patched versions.

Source: llm_adapter@2026-05-29

Confidence: high
Full changelog

What's Changed

  1. feat: add get_follower_ids tool by @yasumorishima in https://github.com/line/line-bot-mcp-server/pull/369
    • Note your LINE Official Account must be registered as premium account. Getting follow is premium feature, you must pay for it in advance.
  2. feat: Add tool annotations for improved LLM tool understanding by @bryankthompson in https://github.com/line/line-bot-mcp-server/pull/366

Fix bugs

  • Fix flex message schema by @habara-k in https://github.com/line/line-bot-mcp-server/pull/335
  • Fix error message and error handling by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/398
  • Upgrade @line/bot-sdk to v11.0.1 to prevent path traversal by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/468
  • Sync manifest and README.ja.md tool definitions by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/443

Node.js support

  • Support Node.js 26 and Drop Node.js 20 support by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/442
    • Node.js 20 got EOL.

Dependency updates

  • chore(deps): update dependency @types/node to v24.10.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/315
  • chore(deps): update dependency puppeteer to v24.30.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/316
  • chore(deps): update actions/checkout action to v5.0.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/317
  • chore(deps): update dependency puppeteer to v24.31.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/318
  • chore(deps): update actions/checkout action to v6 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/319
  • chore(deps): update dependency prettier to v3.7.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/322
  • chore(deps): update dependency prettier to v3.7.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/323
  • chore(deps): update dependency prettier to v3.7.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/325
  • chore(deps): update dependency prettier to v3.7.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/326
  • chore(deps): update dependency tsx to v4.21.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/327
  • chore(deps): update actions/checkout action to v6.0.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/328
  • chore(deps): update actions/setup-node action to v6.1.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/330
  • chore(deps): update actions/stale action to v10.1.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/329
  • chore(deps): update dependency prettier to v3.7.4 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/331
  • chore(deps): update dependency puppeteer to v24.32.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/332
  • chore(deps): update dependency puppeteer to v24.32.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/333
  • chore(deps): update dependency @types/node to v24.10.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/334
  • chore(deps): update dependency @types/node to v24.10.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/336
  • chore(deps): update dependency puppeteer to v24.33.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/337
  • chore(deps): update dependency @types/node to v24.10.4 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/339
  • chore(deps): update node.js to v24.12.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/342
  • chore(deps): update dependency puppeteer to v24.33.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/343
  • chore(deps): update dependency puppeteer to v24.34.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/344
  • chore(deps): update suzuki-shunsuke/pinact-action action to v1.0.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/345
  • chore(deps): update suzuki-shunsuke/pinact-action action to v1.1.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/346
  • chore(deps): update suzuki-shunsuke/pinact-action action to v1.2.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/347
  • chore(deps): update suzuki-shunsuke/pinact-action action to v1.3.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/348
  • chore(deps): update suzuki-shunsuke/pinact-action action to v1.3.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/349
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.25.2 [security] by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/320
  • chore(deps): update dependency @types/node to v24.10.6 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/351
  • chore(deps): update dependency @types/node to v24.10.7 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/352
  • chore(deps): update dependency puppeteer to v24.35.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/353
  • chore(deps): update dependency @types/node to v24.10.8 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/354
  • chore(deps): update dependency prettier to v3.8.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/355
  • chore(deps): update actions/setup-node action to v6.2.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/356
  • chore(deps): update node.js to v24.13.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/357
  • chore(deps): update actions/checkout action to v6.0.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/358
  • chore(deps): update dependency @types/node to v24.10.9 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/359
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.25.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/361
  • chore(deps): update dependency @line/bot-sdk to v10.6.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/363
  • chore(deps): update dependency prettier to v3.8.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/364
  • chore(deps): update dependency puppeteer to v24.36.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/365
  • chore(deps): update dependency puppeteer to v24.36.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/367
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.26.0 [security] by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/368
  • chore(deps): update suzuki-shunsuke/pinact-action action to v1.4.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/370
  • chore(deps): update dependency @types/node to v24.10.10 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/371
  • chore(deps): update dependency puppeteer to v24.37.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/372
  • chore(deps): update dependency @types/node to v24.10.11 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/373
  • chore(deps): update dependency puppeteer to v24.37.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/374
  • chore(deps): update dependency puppeteer to v24.37.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/375
  • chore(deps): update dependency @types/node to v24.10.12 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/377
  • chore(deps): update actions/stale action to v10.2.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/378
  • chore(deps): update dependency @types/node to v24.10.13 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/379
  • chore(deps): update dependency puppeteer to v24.37.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/380
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.27.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/381
  • chore(deps): update dependency puppeteer to v24.37.4 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/382
  • chore(deps): update dependency puppeteer to v24.37.5 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/383
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.27.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/384
  • chore(deps): update node.js to v24.14.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/385
  • chore(deps): update dependency @types/node to v24.10.14 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/386
  • chore(deps): update dependency @types/node to v24.10.15 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/387
  • chore(deps): update dependency @types/node to v24.11.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/388
  • chore(deps): update dependency @marp-team/marp-core to v4.3.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/389
  • chore(deps): update actions/setup-node action to v6.3.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/390
  • chore(deps): update dependency puppeteer to v24.38.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/391
  • chore(deps): update dependency @types/node to v24.11.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/392
  • chore(deps): update dependency @types/node to v24.12.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/393
  • chore(deps): update dependency puppeteer to v24.39.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/394
  • chore(deps): update dependency puppeteer to v24.39.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/399
  • chore(deps): update dependency @marp-team/marp-cli to v4.3.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/400
  • chore(deps): update dependency @marp-team/marp-cli to v4.3.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/401
  • chore(deps): update suzuki-shunsuke/pinact-action action to v2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/408
  • chore(deps): update dependency vitest to v4 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/405
  • chore(deps): update dependency puppeteer to v24.40.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/406
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.28.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/414
  • chore(deps): update dependency vitest to v4.1.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/415
  • chore(deps): update dependency @modelcontextprotocol/sdk to v1.29.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/419
  • Update dependency @types/node to v24.12.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/421
  • Update dependency @types/node to v24.12.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/422
  • Update dependency vitest to v4.1.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/423
  • Update dependency vitest to v4.1.4 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/424
  • Update actions/github-script action to v9 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/425
  • Update dependency prettier to v3.8.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/426
  • Update dependency prettier to v3.8.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/430
  • Update dependency puppeteer to v24.41.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/431
  • Update Node.js to v24.15.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/433
  • Update dependency typescript to v6.0.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/434
  • Update actions/setup-node action to v6.4.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/435
  • Update dependency puppeteer to v24.42.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/436
  • Update dependency vitest to v4.1.5 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/440
  • Update dependency publint to v0.3.19 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/445
  • Update npm tool constraint to v11.13.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/446
  • Update dependency puppeteer to v24.43.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/447
  • Update npm tool constraint to v11.14.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/449
  • Update dependency @marp-team/marp-cli to v4.4.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/448
  • Update dependency @types/node to v24.12.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/450
  • Update dependency publint to v0.3.20 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/451
  • Update npm tool constraint to v11.14.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/452
  • Update dependency puppeteer to v24.43.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/453
  • Update dependency vitest to v4.1.6 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/454
  • Update dependency @types/node to v24.12.4 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/455
  • Update dependency publint to v0.3.21 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/457
  • Update dependency tsx to v4.22.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/458
  • Update dependency tsx to v4.22.1 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/460
  • Update dependency tsx to v4.22.2 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/461
  • Update dependency tsx to v4.22.3 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/463
  • Update dependency vitest to v4.1.7 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/465
  • Update npm tool constraint to v11.15.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/466
  • Update actions/stale action to v10.3.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/467
  • Update Node.js to v24.16.0 by @renovate[bot] in https://github.com/line/line-bot-mcp-server/pull/469

Other Changes

  • Run npm audit fix --force by @habara-k in https://github.com/line/line-bot-mcp-server/pull/350
  • Use McpServer#registerTool instead of deprecated McpServer#tool by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/397
  • Add tests for tools by @eucyt in https://github.com/line/line-bot-mcp-server/pull/396
  • Add support for auto-updating version in manifest.json by @eucyt in https://github.com/line/line-bot-mcp-server/pull/402
  • Update vulnerable libraries by @eucyt in https://github.com/line/line-bot-mcp-server/pull/404
  • Update typescript to v6 by @eucyt in https://github.com/line/line-bot-mcp-server/pull/409
  • Add tests for all tools by @eucyt in https://github.com/line/line-bot-mcp-server/pull/410
  • Disable lifecycle script to avoid supply chain attack by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/413
  • Upgrade @line/bot-sdk to v11 by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/417
  • Add test using dist/index.js by @Yang-33 in https://github.com/line/line-bot-mcp-server/pull/418

New Contributors

Thanks!

  • @habara-k made their first contribution in https://github.com/line/line-bot-mcp-server/pull/335
  • @bryankthompson made their first contribution in https://github.com/line/line-bot-mcp-server/pull/366
  • @yasumorishima made their first contribution in https://github.com/line/line-bot-mcp-server/pull/369

Full Changelog: https://github.com/line/line-bot-mcp-server/compare/v0.4.2...v0.5.0

This release is prepared by @Yang-33

Breaking Changes

  • Drop support for Node.js 20 (EOL).

Security Fixes

  • dep: @modelcontextprotocol/sdk upgraded to v1.25.2 and later versions addressing security vulnerabilities.
  • Upgraded @line/bot-sdk to v11.0.1 (and later v10.6.0, then v11) to prevent path traversal.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track line/line-bot-mcp-server

Get notified when new releases ship.

Sign up free

About line/line-bot-mcp-server

MCP Server for Integrating LINE Official Account

All releases →

Related context

Beta — feedback welcome: [email protected]