Skip to content

chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates #2982

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates #2982

dependabot wants to merge 1 commit into from
+212 −265

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 24, 2026
edited
Loading

Bumps the npm_and_yarn group with 3 updates in the / directory: @modelcontextprotocol/sdk, better-auth and js-yaml.
Bumps the npm_and_yarn group with 3 updates in the /apps/sim directory: @modelcontextprotocol/sdk, better-auth and js-yaml.
Bumps the npm_and_yarn group with 1 update in the /scripts directory: glob.

Updates @modelcontextprotocol/sdk from 1.20.2 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.3...1.25.0

1.24.3

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.


Updates better-auth from 1.3.12 to 1.4.5

Release notes

Sourced from better-auth's releases.

v1.4.5-beta.2

   🐞 Bug Fixes

    View changes on GitHub

v1.4.4

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v1.4.4-beta.3

   🚀 Features

   🐞 Bug Fixes

... (truncated)

Commits
  • 2000fd6 chore: release v1.4.5
  • fcab5a8 fix: add helper types to exports (#6479)
  • c666670 chore: release v1.4.5-beta.1
  • fd72560 fix(db-adapter): string[] and number[] fieldTypes incorrectly parsed for plug...
  • 189dedd chore: release v1.4.4-beta.3
  • 6269a33 chore: release v1.4.4-beta.2
  • 52c15d4 chore: fix validation errors in unit tests (#6466)
  • a25fb65 fix: preserve user ID in cookie cache during stateless sessions (#6452)
  • 5cbe0a5 chore: enforce imports to use node: protocol (#6461)
  • fbe51c8 chore: add spell checker (#6319)
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates @modelcontextprotocol/sdk from 1.20.2 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.3...1.25.0

1.24.3

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @​modelcontextprotocol/sdk since your current version.


Updates better-auth from 1.3.12 to 1.4.5

Release notes

Sourced from better-auth's releases.

v1.4.5-beta.2

   🐞 Bug Fixes

    View changes on GitHub

v1.4.4

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v1.4.4-beta.3

   🚀 Features

   🐞 Bug Fixes

... (truncated)

Commits
  • 2000fd6 chore: release v1.4.5
  • fcab5a8 fix: add helper types to exports (#6479)
  • c666670 chore: release v1.4.5-beta.1
  • fd72560 fix(db-adapter): string[] and number[] fieldTypes incorrectly parsed for plug...
  • 189dedd chore: release v1.4.4-beta.3
  • 6269a33 chore: release v1.4.4-beta.2
  • 52c15d4 chore: fix validation errors in unit tests (#6466)
  • a25fb65 fix: preserve user ID in cookie cache during stateless sessions (#6452)
  • 5cbe0a5 chore: enforce imports to use node: protocol (#6461)
  • fbe51c8 chore: add spell checker (#6319)
  • Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates @modelcontextprotocol/sdk from 1.20.2 to 1.25.2

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.25.2

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@1.24.3...1.25.0

1.24.3

What's Changed

... (truncated)

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 24, 2026
@vercel
Copy link

vercel bot commented Jan 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
docs Ready Ready Preview, Comment Jan 25, 2026 5:00am

Request Review

@dependabot dependabot bot mentioned this pull request Jan 24, 2026
Closed
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 24, 2026

Greptile Summary

Automated dependency updates from Dependabot bumping four npm packages across the monorepo. The main application received three critical updates:

  • @modelcontextprotocol/sdk (1.20.2 → 1.25.2): Important security fix preventing ReDoS in UriTemplate regex patterns, plus backwards compatibility improvements and spec compliance enhancements
  • better-auth (1.3.12 → 1.4.5): Multiple bug fixes including cookie chunking for size limits, rate limit configuration improvements, and multi-session handling fixes
  • js-yaml (4.1.0 → 4.1.1): Critical security patch fixing prototype pollution vulnerability in YAML merge operator

The scripts directory received a minor glob update (11.0.3 → 11.1.0) for the documentation generator.

All changes are non-breaking patch/minor version updates that improve security and fix bugs. The lock file changes are automated and match the version bumps.

Confidence Score: 5/5

  • Safe to merge - automated security and bug fix updates with no breaking changes
  • This is a standard Dependabot PR updating four dependencies with security fixes and bug patches. All updates are within semantic versioning ranges (patches and minor versions), and the changes address known security vulnerabilities (js-yaml prototype pollution, MCP SDK ReDoS). No code changes beyond version numbers in package.json files.
  • No files require special attention - all changes are automated dependency version bumps

Important Files Changed

Filename Overview
apps/sim/package.json Updated @modelcontextprotocol/sdk (1.20.2→1.25.2), better-auth (1.3.12→1.4.5), and js-yaml (4.1.0→4.1.1) - all security/bug fix updates
scripts/package.json Updated glob (11.0.3→11.1.0) - minor version bump for documentation generation script

Sequence Diagram

sequenceDiagram
    participant D as Dependabot
    participant R as Repository
    participant A as apps/sim
    participant S as scripts
    
    D->>R: Scan for outdated dependencies
    D->>A: Update @modelcontextprotocol/sdk (1.20.2→1.25.2)
    Note over A: Fix ReDoS vulnerability<br/>Improve spec compliance
    D->>A: Update better-auth (1.3.12→1.4.5)
    Note over A: Fix cookie chunking<br/>Fix multi-session handling
    D->>A: Update js-yaml (4.1.0→4.1.1)
    Note over A: Fix prototype pollution<br/>Security patch
    D->>S: Update glob (11.0.3→11.1.0)
    Note over S: Minor version bump<br/>Documentation generator
    S->>S: Update package-lock.json
    Note over S: Lock transitive dependencies
    D->>R: Create PR #2982
Loading

@dependabot
chore(deps): bump the npm_and_yarn group across 3 directories with 4 …
0bb2e28 
…updates

Bumps the npm_and_yarn group with 3 updates in the / directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) and [js-yaml](https://github.com/nodeca/js-yaml).
Bumps the npm_and_yarn group with 3 updates in the /apps/sim directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk), [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) and [js-yaml](https://github.com/nodeca/js-yaml).
Bumps the npm_and_yarn group with 1 update in the /scripts directory: [glob](https://github.com/isaacs/node-glob).


Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.25.2
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.25.2)

Updates `better-auth` from 1.3.12 to 1.4.5
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.4.5/packages/better-auth)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.25.2
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.25.2)

Updates `better-auth` from 1.3.12 to 1.4.5
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.4.5/packages/better-auth)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.25.2
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.25.2)

Updates `better-auth` from 1.3.12 to 1.4.5
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.4.5/packages/better-auth)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.25.2
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.25.2)

Updates `better-auth` from 1.3.12 to 1.4.5
- [Release notes](https://github.com/better-auth/better-auth/releases)
- [Commits](https://github.com/better-auth/better-auth/commits/v1.4.5/packages/better-auth)

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `glob` from 11.0.2 to 11.1.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v11.0.2...v11.1.0)

Updates `glob` from 11.0.2 to 11.1.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v11.0.2...v11.1.0)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.25.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: better-auth
  dependency-version: 1.4.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.25.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: better-auth
  dependency-version: 1.4.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.25.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: better-auth
  dependency-version: 1.4.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.25.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: better-auth
  dependency-version: 1.4.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-ae354da9f7 branch from 9a5cade to 0bb2e28 Compare January 25, 2026 04:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant