Skip to content

v0.1.11: Rate-limit and null-data fixes, mcp-ts-core ^0.10.14, supply-chain hardening

Choose a tag to compare

@cyanheads cyanheads released this 13 Jul 03:46
v0.1.11
9cea826

Rate-limit and null-data fixes, mcp-ts-core ^0.10.14, supply-chain hardening

Bug fixes for arrivals rate-limiting and null-response crashes, plus routine framework and dependency maintenance.

Added:

  • Not-found discovery hints — data.recovery.hint names the tool to find a valid ID, keyed by contract reason (#17)
  • Supply-chain install guard — bunfig.toml 3-day release-age hold plus Socket security scanner on install
  • .github/SECURITY.md disclosure policy; .github/FUNDING.yml; .gitattributes LF/generated-file normalization

Changed:

  • Dockerfile pins oven/bun:1.3.14, adds BuildKit cache mounts, builds with --ignore-scripts
  • package.json author normalized; packageManager bun@1.3.2 → 1.3.14; LICENSE year 2025 → 2026

Fixed:

  • onebusaway_get_arrivals rate-limit retries now retryable: false — a single shared API key makes a 429 a global budget, not a per-caller quota (#16)
  • Null resp.data crashes across 8 ID-lookup methods now throw clean NotFound instead of falling through to ServiceUnavailable (#22)

Dependency bumps:

  • @cyanheads/mcp-ts-core ^0.10.9 → ^0.10.14
  • @socketsecurity/bun-security-scanner (new) ^1.1.2
  • js-yaml 3.14.2 → 3.15.0 (transitive) — clears GHSA-h67p-54hq-rp68
  • bun (packageManager) 1.3.2 → 1.3.14

265 tests pass; bun run devcheck clean.

CHANGELOG v0.1.11