Skip to content

fix(security): upgrade @modelcontextprotocol/sdk to 1.26.0 to resolve data-leak advisory#43

Open
shwetanaren wants to merge 1 commit intoexcalidraw:mainfrom
shwetanaren:fix/security-mcp-sdk-1.26.0
Open

fix(security): upgrade @modelcontextprotocol/sdk to 1.26.0 to resolve data-leak advisory#43
shwetanaren wants to merge 1 commit intoexcalidraw:mainfrom
shwetanaren:fix/security-mcp-sdk-1.26.0

Conversation

@shwetanaren
Copy link
Copy Markdown

@shwetanaren shwetanaren commented Feb 23, 2026

PR description
This PR upgrades @modelcontextprotocol/sdk from 1.25.2 to 1.26.0 to address the high-severity advisory
GHSA-345p-7cg4-v4c7 (cross-client data leak via shared transport/server instance reuse).
Why
pnpm audit reported a High vulnerability affecting the current version.
The issue is resolved in @modelcontextprotocol/sdk >= 1.26.0.
Changes
Bumped SDK version in package.json
Updated pnpm-lock.yaml
Verification
pnpm install
pnpm audit --audit-level high → no High vulnerabilities
pnpm run build → successful
No functional code changes; dependency security update only.

@vercel
Copy link
Copy Markdown

vercel Bot commented Feb 23, 2026

@shwetanaren is attempting to deploy a commit to the Excalidraw Team on Vercel.

A member of the Team first needs to authorize it.

@shwetanaren
Copy link
Copy Markdown
Author

shwetanaren commented Feb 23, 2026

Hi team
This PR is a dependency-only security update addressing a high-severity advisory in @modelcontextprotocol/sdk.
Please feel free to authorize the deployment if appropriate, or let me know if there’s any additional verification you’d prefer before proceeding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shwetanaren