Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

deps(deps): bump the minor-and-patch group with 4 updates

Open
Number: #3
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 1
Created: September 11, 2025 at 09:08 AM UTC
(23 days ago)
Updated: September 11, 2025 at 09:08 AM UTC
(23 days ago)
Description:

Bumps the minor-and-patch group with 4 updates: @modelcontextprotocol/sdk, shx, tsx and typescript.

Updates @modelcontextprotocol/sdk from 1.13.3 to 1.17.5

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

1.17.5

What's Changed

Full Changelog: https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.4...1.17.5

1.17.4

What's Changed

Full Changelog: https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.3...1.17.4

1.17.3

What's Changed

New Contributors

Full Changelog: https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.2...1.17.3

1.17.2

What's Changed

Full Changelog: https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.1...1.17.2

1.17.1

What's Changed

Full Changelog: https://github.com/modelcontextprotocol/typescript-sdk/compare/1.17.0...1.17.1

... (truncated)

Commits
  • bf81793 bump version (#913)
  • 3dd074f Fix the SDK vs Spec types test that is breaking CI (#908)
  • 79d11dc Automatic handling of logging level (#882)
  • 3bc2235 chore: bump version to 1.17.4 (#894)
  • 1f5950b [auth] OAuth protected-resource-metadata: fallback on 4xx not just 404 (#879)
  • 64f7cdd restrict url schemes allowed in oauth metadata (#877)
  • abb2f0a feature(middleware): Composable fetch middleware for auth and cross‑cutting c...
  • 4a63974 version: patch to 0.17.3 (#878)
  • 65119eb docs: correct parameter schema key in Dynamic Servers documentation (#789)
  • aad33a1 fix: pass fetchfn parameter to registerClient and refreshAuthorizatio… (#850)
  • Additional commits viewable in compare view

Updates shx from 0.3.4 to 0.4.0

Release notes

Sourced from shx's releases.

v0.4.0

✨ Highlighted changes

  • This is based on ShellJS v0.9! This means we bumped the minimum node version to >= v18.
  • Small bash compatibility change to shx sed. Now if you invoke shx sed -i, this will not print any output to stdout (this is for consistency with unix sed). Using shx sed without the -i flag will still print to stdout as before.

What's Changed

New Contributors

Full Changelog: https://github.com/shelljs/shx/compare/v0.3.4...v0.4.0

Commits
  • 8886c3e 0.4.0
  • e8db3bc refactor: code cleanup for the --negate flag
  • 6184003 Adding a global --negate flag (#189)
  • b3d5b80 fix: add back ShellJS version in --version
  • 5106c6b chore: update dependencies
  • e8bb9f8 chore: drop some dependencies and simplify
  • 3bb21d9 chore: drop non-LTS node versions
  • b70e666 chore: update shelljs and drop old node support
  • f8b0b37 doc: Fix typo in README
  • 03c2964 chore(dependencies): update js-yaml
  • Additional commits viewable in compare view

Updates tsx from 4.20.3 to 4.20.5

Release notes

Sourced from tsx's releases.

v4.20.5

4.20.5 (2025-08-24)

Bug Fixes

  • handle ambiguous packages (796053a)

This release is also available on:

v4.20.4

4.20.4 (2025-08-12)

Bug Fixes

This release is also available on:

Commits
  • e6d1a47 docs: obfuscate aside classname
  • de2719d style: remove unused variable
  • 13f2954 chore: upgrade docs deps
  • 0504525 chore: upgrade manten
  • 132fdd8 test: assert require.cache
  • f057e7d test: require loop
  • a6f8f9f refactor: getFormat to handle all formats
  • 796053a fix: handle ambiguous packages
  • 471997a test: CJS & ESM race condition
  • a639836 fix: override Node's native TS formats (#733)
  • Additional commits viewable in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

Downloads are available on:

TypeScript 5.9 RC

For release notes, check out the release announcement

Downloads are available on:

TypeScript 5.9 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • be86783 Give more specific errors for verbatimModuleSyntax (#62113)
  • 22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
  • d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
  • f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
  • 2778e84 Restore AbortSignal.abort (#62086)
  • 65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
  • 9e20e03 Clear out checker-level stacks on pop (#62016)
  • 87740bc Fix for Issue 61081 (#61221)
  • 833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
  • 0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Pull Request Statistics
Commits:
1
Files Changed:
2
Additions:
+211
Deletions:
-64
Package Dependencies
Package:
typescript
Ecosystem:
npm
Version Change:
5.8.3 → 5.9.2
Update Type:
Minor
Package:
tsx
Ecosystem:
npm
Version Change:
4.20.3 → 4.20.5
Update Type:
Patch
Package:
shx
Ecosystem:
npm
Version Change:
0.3.4 → 0.4.0
Update Type:
Minor
Package:
@modelcontextprotocol/sdk
Ecosystem:
npm
Version Change:
1.13.3 → 1.17.5
Update Type:
Minor
Security Advisories
Prototype Pollution in minimist
GHSA-xvch-5gv4-984h CVE-2021-44906 CRITICAL
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file `index.js`, function `setKey()` (lines 69-95).
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 7546094
UUID: 2818307039
Node ID: PR_kwDOPt4HVc6n-_Pf
Host: GitHub
Repository: vltansky/cursor-user-commands
Merge State: Unknown