v0.8.1
·
5 commits
to main
since this release
Immutable
release. Only release title and notes can be modified.
What's Changed
Security
- fix(security): close MCP-surface secret-leak gaps from post-ship review (H1/M1/M3/L1) by @m1ngshum in #65
Other Changes
- fix(deps): bump vitest to v4.1 to resolve GHSA-5xrq-8626-4rwp by @m1ngshum in #56
- ci: bump GitHub Actions off deprecated Node 20 by @m1ngshum in #58
- chore(deps): bump actions/checkout from 5.0.1 to 6.0.3 by @dependabot[bot] in #34
- chore(deps): bump actions/setup-node from 5.0.0 to 6.4.0 by @dependabot[bot] in #35
- chore(deps): bump zod from 3.25.76 to 4.4.3 by @dependabot[bot] in #39
- chore(deps): bump commander from 14.0.3 to 15.0.0 by @dependabot[bot] in #40
- fix(security): harden MCP tool input schemas (#31) by @m1ngshum in #59
- fix(security): protect the secret store with an OS-keychain master key (#15) by @m1ngshum in #60
- fix(deps): bump hono override to ^4.12.21 to clear 4 Dependabot alerts by @m1ngshum in #62
- chore(deps): bump semver from 7.8.1 to 7.8.2 by @dependabot[bot] in #61
- docs: add rendered architecture diagrams (Mermaid) by @m1ngshum in #63
- fix(server): register the mcpm_up MCP tool so
mcpm serveexposes it by @m1ngshum in #64 - fix(security): harden remote-URL & runtime-arg validation; honest keychain notice (M4/M5/I1) by @m1ngshum in #66
- chore(release): v0.8.1 by @m1ngshum in #67
New Contributors
- @dependabot[bot] made their first contribution in #34
Full Changelog: v0.8.0...v0.8.1
Contributors
dependabot and m1ngshum