v0.1.10: list_terms and filter fixes; js-yaml security patch
list_terms and filter fixes; js-yaml security patch
Fixes three tracked issues — list_terms upstream shape, filter vocabulary, and an enrichment-schema crash — and patches a moderate js-yaml DoS advisory.
Dependency bumps:
@cyanheads/mcp-ts-core^0.10.9 → ^0.10.10@biomejs/biome^2.5.0 → ^2.5.2@types/node^26.0.0 → ^26.1.0tsc-alias^1.8.17 → ^1.9.0js-yaml3.14.2 → 3.15.0 (transitive)
Changed:
smithsonian_list_termsoutput reshapedtermsfrom{value, count}objects to a plainstring[]— upstream has no per-term counts, and the tool previously errored on every call, so no working consumer received the old shape.
Fixed:
smithsonian_list_termsparses the real upstream shape (barestring[], no counts, norowCount); pagination moved client-side.fieldenum narrowed to unit_code, culture, place, date, online_media_type. (#7)- Filter example values corrected to the Smithsonian controlled vocabulary; a filtered zero-result now throws
invalid_filterwith recovery pointing atsmithsonian_list_terms. (#8) truncated/shown/capmade optional in the enrichment block of all four affected tools — the effective output schema threw on every non-truncated result. (#13)
Security:
js-yamlfix clears GHSA-h67p-54hq-rp68 (CVE-2026-53550), a moderate quadratic-complexity DoS in merge-key handling via repeated aliases.bun audit: 1 moderate → 0.
74 tests pass; bun run devcheck clean.