Skip to content

nikolai-vysotskyi/trace-mcp

v1.32.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents claude claude-ai claude-code claude-code-plugin claude-code-skill
+14 more
claude-desktop claude-skill claude-skills code-intelligence codex codex-skill developer-tools knowledge-graph mcp mcp-server llm token token-savings tokens

Affected surfaces

deps

Summary

AI summary

Bump electron to 41.3.0 and upgrade TypeScript to 6.0.3.

Full changelog

1.32.0 (2026-04-28)

Features

  • docs: full SEO meta, favicon set from electron tray icon, PWA manifest (7217e11)
  • homepage: mobile above-the-fold CTA, trust badges, red primary CTA (8b6a897)
  • init: add AMP, Warp, Factory Droid MCP clients (#111) (9235afb)
  • recomputation narrative + knowledge-graph markdown indexing (#112) (b68f61f)

Bug Fixes

  • homepage: eliminate horizontal scroll on mobile (c97eab0)
  • landing: collapse hero to single column on mobile (af7bb71)
  • landing: mobile hero — make 40–50% the lead metric with a value-prop label (589393f)
  • landing: mobile hero — promote 99% as the single hero metric (3a6475a)
  • landing: mobile overflow on use cases grid and install terminal (bb588cd)
  • landing: split 'up to' off the giant Doto numeral on mobile (fbce556)
  • merge: drop duplicate imports + restore missing path import (#113) (d06e42d)

Documentation

  • homepage: restructure around "code intelligence layer for AI agents" positioning (a99118d)
  • landing: drop pilot CTAs, send users straight to install/repo (6c44b7c)
  • positioning: reframe as optimization layer for LLM apps, honest token numbers (3b552c3)
  • readme: add Star History chart (614cf32)

Chores

  • ci: hold off on electron major bumps (861c75a)
  • ci: hold off on vite + plugin-react major bumps in app (02cafac)
  • ci: hold off on web-tree-sitter minor/major bumps (45b303f)
  • ci: ignore major bumps for @types/node (20702a3)
  • ci: include chore/ci/build in release-please changelog (135e1ce)
  • deps: bump typescript to 6.0.3 (root + app) (#103) (836d4cf)
  • deps: bump zod from 3.24 to 4.3.6 (#105) (3e774ac)
  • security: bump electron to 41.3.0, drop stale pnpm-lock (#109) (4b45f87)
  • tooling: introduce Biome as formatter (root) (#110) (7149fa5)

CI/CD

  • release: sign Electron release artifacts with SLSA provenance (#108) (1ac88ec)
  • security: add CodeQL, Semgrep, OSSF Scorecard, Dependabot (f252ce2)
  • security: pin all GitHub Actions by SHA, add top-level read perms (71253c0)

Upgrade

npm install -g trace-mcp@latest
trace-mcp init

Breaking Changes

  • Minimum electron version raised to 41.3.0 (runtime bump).

Security Fixes

  • Bump electron to 41.3.0 (addresses security vulnerabilities in older versions).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track nikolai-vysotskyi/trace-mcp

Get notified when new releases ship.

Sign up free

About nikolai-vysotskyi/trace-mcp

Framework-aware code intelligence that indexes source code into a cross-language dependency graph. Understands framework semantics — routes, ORM relations, component rendering, DI trees — for navigation, impact analysis, call graphs, refactoring, security scanning, and cross-session memory.

All releases →

Related context

Earlier breaking changes

  • v1.41.1 Removes desktop app from core repository (phase E).

Beta — feedback welcome: [email protected]