Bump @modelcontextprotocol/sdk from 1.20.1 to 1.22.0

[dependabot]

Bumps @modelcontextprotocol/sdk from 1.20.1 to 1.22.0.

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

1.22.0

What's Changed

• registerTool: accept ZodType for input and output schema by @​ksinder in modelcontextprotocol/typescript-sdk#816
• SEP-1319: Decouple Request Payloads, Remove passthrough iteration, Typecheck fixes by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1086
• add pkg-pr-new bot by @​pcarleton in modelcontextprotocol/typescript-sdk#1088
• Upgrade to Node LTS by @​mattzcarey in modelcontextprotocol/typescript-sdk#1072
• change step name by @​pcarleton in modelcontextprotocol/typescript-sdk#1089
• SEP-1034: Default values for Elicitation Schemas by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1096
• SEP-1330: Compatibility with SEP-1034 by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1100
• Implementation of SEP-986: Specify Format for Tool Names by @​kentcdodds in modelcontextprotocol/typescript-sdk#900
• [auth] Fix march spec fallback for metadata discovery by @​pcarleton in modelcontextprotocol/typescript-sdk#1108
• chore: bump version for release by @​felixweinberger in modelcontextprotocol/typescript-sdk#1110

New Contributors

• @​ksinder made their first contribution in modelcontextprotocol/typescript-sdk#816

Full Changelog: modelcontextprotocol/typescript-sdk@1.21.1...1.22.0

1.21.2

What's changed

This is a patch release for a regression highlighted by #1103

This patch contains only the cherry picked fix in #1108

Full Changelog: modelcontextprotocol/typescript-sdk@1.21.1...1.21.2

1.21.1

What's Changed

• Only use path-based discovery URLs from the authorization server to discover metadata by @​roadmapper in modelcontextprotocol/typescript-sdk#1070
• Add @​deprecated annotations to legacy APIs by @​domdomegg in modelcontextprotocol/typescript-sdk#1018
• fix: Support WWW-Authenticate scope param for SEP-835 by @​chipgpt in modelcontextprotocol/typescript-sdk#983
• move CLI script to dedicated scripts directory by @​mattzcarey in modelcontextprotocol/typescript-sdk#1073
• Check script which typechecks using Typescripts new Go port by @​mattzcarey in modelcontextprotocol/typescript-sdk#1075
• FIX: use a nightly spec.types.ts by @​mattzcarey in modelcontextprotocol/typescript-sdk#1087
• chore: bump version for release by @​felixweinberger in modelcontextprotocol/typescript-sdk#1085

New Contributors

• @​roadmapper made their first contribution in modelcontextprotocol/typescript-sdk#1070

Full Changelog: modelcontextprotocol/typescript-sdk@1.21.0...1.21.1

1.21.0

What's Changed

• feat: pluggable JSON schema validator providers by @​mattzcarey in modelcontextprotocol/typescript-sdk#1012
• Update metadata.ts by @​pcarleton in modelcontextprotocol/typescript-sdk#1010
• fix: Prefer the token_endpoint_auth_method response from DCR registration by @​chipgpt in modelcontextprotocol/typescript-sdk#1022
• Fix: Non-existent tool, disabled tool and inputSchema validation return MCP protocol level instead of CallToolResult with isError: true by @​KKonstantinov in modelcontextprotocol/typescript-sdk#1044
• chore: bump version to 1.21.0 for release by @​felixweinberger in modelcontextprotocol/typescript-sdk#1062

New Contributors

... (truncated)

Commits

• 324d471 chore: bump version for release (#1110)
• 8019972 [auth] Fix march spec fallback for metadata discovery (#1108)
• 29cb080 Implementation of SEP-986: Specify Format for Tool Names (#900)
• 9f06b6b SEP-1330: Compatibility with SEP-1034 (#1100)
• ce420f8 DRAFT: SEP-1034: Default values for Elicitation Schemas (#1096)
• 2da89db change step name (#1089)
• 6f20663 Upgrade to Node LTS (#1072)
• 5e735c1 add pkg-pr-new bot (#1088)
• f59996a SEP-1319: Decouple Request Payloads, Remove passthrough iteration, Typecheck ...
• 806d7cf registerTool: accept ZodType<object> for input and output schema (#816)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security-staging]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​modelcontextprotocol/​sdk@​1.20.1 ⏵ 1.22.0	-4			+3

View full report

[socket-security-staging]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Publisher changed: npm @modelcontextprotocol/sdk is now published by pcarleton Author: pcarleton From: package-lock.json → npm/@modelcontextprotocol/sdk@1.22.0 ℹ Read more on: This package | This alert | What is unstable ownership? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@modelcontextprotocol/sdk@1.22.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​modelcontextprotocol/​sdk@​1.20.1 ⏵ 1.22.0	-4			+1

View full report