[Snyk] Security upgrade @modelcontextprotocol/sdk from 1.15.0 to 1.21.0

[Krosebrook]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• js/plugins/mcp/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	803

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

Low Risk
As provided, the PR diff is effectively empty (no code or dependency updates), so functional risk is low. The main risk is process-related: the intended dependency upgrade/vulnerability fix is not actually applied/locked.

Overview
This PR, as represented by the provided diff, contains no effective changes (the diff only shows +++ /dev/null and does not update js/plugins/mcp/package.json or any lockfile).

If the intent was to upgrade @modelcontextprotocol/sdk to remediate the reported vulnerability, those updates are not present in this snapshot and would need to be re-generated before review/merge.

^{Written by Cursor Bugbot for commit 29de8c2. This will update automatically on new commits. Configure here.}

---

Summary by cubic

Upgrade @modelcontextprotocol/sdk in js/plugins/mcp from 1.15.0 to 1.21.0 to fix a high-severity AJV ReDoS and harden the MCP plugin runtime.

• Dependencies

  • Bump @modelcontextprotocol/sdk 1.15.0 → 1.21.0.
  • Fixes SNYK-JS-AJV-15274295 via AJV.

• Migration

  • Run pnpm install to update pnpm-lock.yaml.
  • Verify MCP plugin builds and tests pass.

^{Written for commit 29de8c2. Summary will update on new commits.}

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[Copilot]

Copilot wasn't able to review any files in this pull request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-94574ccb5d8673e7fd9932e01f07626d

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}