v1.7.3 - Trading API, Security Hardening & Dependency Updates
What's New in v1.7.3
π New Features
eBay Trading API Support
Full listing management via the eBay Trading API is now supported:
- AddItem β create new listings
- ReviseItem β update existing listings
- EndItem β end active listings early
- GetMyeBaySelling β retrieve your active/sold/unsold listings
- GetItem β fetch full item details by ID
- Unit tests and live smoke tests added for all 6 Trading API tools
dotenv-stringify
Added dotenv-stringify for reliable serialization of .env variables.
π Security & Bug Fixes
- Hardened environment security β tightened runtime env variable handling
- Fixed
.envtoken truncation β token values containing#are now properly quoted, preventing silent truncation - XML parse error wrapping β XML errors are now wrapped with context;
Ack=Warningresponses are now logged explicitly - 3 bug fixes from code review (confidence-reviewed)
- Fixed broken GitHub Discussions link in README
βοΈ CI / Automation
- Added auto-merge workflow for Dependabot PRs β dependency updates now merge automatically when CI passes
- CI now runs on the
devbranch in addition tomain - API status sync schedule changed from daily β weekly to reduce noise
π¦ Dependency Updates
| Package | From | To | Notes |
|---|---|---|---|
@modelcontextprotocol/sdk |
1.26.0 | 1.27.1 | Security fix (command injection in URL opening), improved onerror handling |
ajv |
6.12.6 | 6.14.0 | Fixes $data RegExp exploit (CVE) |
hono |
4.11.9 | 4.12.2 | Fixes X-Forwarded-For bypass in AWS Lambda/ALB |
fast-xml-parser |
5.3.6 | 5.3.8 | Adds maxNestedTags, improved preserveOrder handling |
rollup |
4.55.1 | 4.59.0 | Validates bundle output stays within outDir |
axios |
β | latest | Routine patch |
qs |
β | latest | Routine patch |
dotenv |
17.2.4 | 17.3.1 | Docs update |
minimatch |
3.1.2 | 3.1.5 | Fixes globstar partial matching, limits recursion |
Full Changelog: 1.7.2...v1.7.3