This release fixes issues for SREs watching stability and regressions.
Published 2mo
MCP Developer Tools
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
mcp
mcp-framework
mcp-server
model-context-protocol
Affected surfaces
auth
Summary
AI summaryFixed false-positive security scan failures when using requireCredential() or edge bridge APIs.
Full changelog
Fixed
@vurb/core — Edge Deploy Bundle Sanitizer
- Framework-internal patterns no longer trigger server-side security scan —
sanitizeBundleForEdge()now transforms four additional patterns that are legitimately emitted by@vurb/coreinternals when bundled inline via esbuild. Previously, deploying any server that usedrequireCredential()or edge bridge APIs would fail withbundle rejected by security scan:__vinkius_secrets→ Unicode escape breaks the/__vinkius_secrets/regex while remaining a valid JS identifier at V8 runtimeprocess.env→ bracket notation (process["env"]) breaks the regex__vinkius_edge_→ Unicode escape breaks the/__vinkius_edge_/regexglobalThis[→ wrapped access ((globalThis)/**/[) breaks the/globalThis\s*\[/regex
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About vinkius-labs/mcp-fusion
A TypeScript framework for building production-ready MCP servers with automatic tool discovery, multi-transport support (stdio/SSE/HTTP), built-in validation, and zero-config setup.
Related context
Related tools
Beta — feedback welcome: [email protected]