Skip to content

v0.1.10: list_terms and filter fixes; js-yaml security patch

Choose a tag to compare

@cyanheads cyanheads released this 04 Jul 19:29
v0.1.10
d3f1695

list_terms and filter fixes; js-yaml security patch

Fixes three tracked issues — list_terms upstream shape, filter vocabulary, and an enrichment-schema crash — and patches a moderate js-yaml DoS advisory.

Dependency bumps:

  • @cyanheads/mcp-ts-core ^0.10.9 → ^0.10.10
  • @biomejs/biome ^2.5.0 → ^2.5.2
  • @types/node ^26.0.0 → ^26.1.0
  • tsc-alias ^1.8.17 → ^1.9.0
  • js-yaml 3.14.2 → 3.15.0 (transitive)

Changed:

  • smithsonian_list_terms output reshaped terms from {value, count} objects to a plain string[] — upstream has no per-term counts, and the tool previously errored on every call, so no working consumer received the old shape.

Fixed:

  • smithsonian_list_terms parses the real upstream shape (bare string[], no counts, no rowCount); pagination moved client-side. field enum narrowed to unit_code, culture, place, date, online_media_type. (#7)
  • Filter example values corrected to the Smithsonian controlled vocabulary; a filtered zero-result now throws invalid_filter with recovery pointing at smithsonian_list_terms. (#8)
  • truncated/shown/cap made optional in the enrichment block of all four affected tools — the effective output schema threw on every non-truncated result. (#13)

Security:

  • js-yaml fix clears GHSA-h67p-54hq-rp68 (CVE-2026-53550), a moderate quadratic-complexity DoS in merge-key handling via repeated aliases. bun audit: 1 moderate → 0.

74 tests pass; bun run devcheck clean.