Skip to content

Upgrade @modelcontextprotocol/sdk from 1.0.1 to ^1.17.2

John Haleyrequested to merge
fix/issue-20-sdk-upgrade into main

Summary

This MR upgrades the @modelcontextprotocol/sdk dependency in the template from version 1.0.1 to ^1.17.2, bringing 17 minor versions of improvements to all generated MCP servers.

Closes #20 (closed)

Changes

  • Updated SDK version in templates/package.json from 1.0.1 to ^1.17.2
  • Added comprehensive test suite to validate SDK upgrade
  • Verified generated projects build and run with new SDK
  • Tested MCP protocol compatibility
  • Updated CHANGELOG.md

Benefits

This upgrade brings significant improvements to all generated MCP servers:

🔒 Security Enhancements

  • OIDC Support: OpenID Connect discovery and ID token support (v1.16.0+)
  • OAuth Improvements: Enhanced OAuth token exchange and authentication (v1.15.1, v1.17.0)
  • DNS Rebinding Protection: Security protections against DNS rebinding attacks (v1.13.3)
  • Credential Management: invalidateCredentials() method for better session handling (v1.16.0)

Performance & Reliability

  • Debounced Notifications: Improved network efficiency with notification debouncing (v1.16.0)
  • Transport Reliability: Fixed issues with responses being sent to wrong clients (v1.17.1)
  • Retry Logic: Added retry mechanisms for CORS errors during auth discovery (v1.17.2)

🛠️ Developer Experience

  • Enhanced Type Safety: Improved type compatibility for tool output schemas (v1.13.3+)
  • Custom Fetch Support: Allow custom fetch implementations in transport classes (v1.15.0)
  • Type Compatibility: Added compatibility tests to prevent regression (v1.16.0)

Breaking Changes

Only one breaking change was identified across all versions:

  • v1.14.0: Renamed "reject" to "decline" in the API

Impact Assessment: No impact - Our template doesn't use the reject/decline API

Testing

All tests pass successfully:

✓ SDK version is updated to ^1.17.2 in template
✓ Generated projects install SDK 1.17.2 or higher
✓ Generated projects build successfully with new SDK
✓ Generated project tests pass with new SDK
✓ Server starts and responds to MCP protocol
✓ No references to deprecated "reject" API
✓ Compatible with new SDK type definitions

Test Plan

  • Run npm test to verify all tests pass
  • Generate a new project and verify it works with new SDK
  • Build and test the generated project
  • Verify MCP protocol compatibility
  • Monitor CI pipeline for successful completion
Edited by John Haley

Merge request reports