npm audit reports an issue #146
Description
npm audit report
@modelcontextprotocol/sdk 1.10.0 - 1.25.3
Severity: high
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse - https://github.com/advisories/GHSA-345p-7cg4-v4c7
fix available via `npm audit fix --force`
Will install mcp-handler@1.0.6, which is a breaking change
node_modules/@modelcontextprotocol/sdk
mcp-handler <=0.0.0-7a941a0f-20260220182431 || >=1.0.7
Depends on vulnerable versions of @modelcontextprotocol/sdk
node_modules/mcp-handler
2 high severity vulnerabilities
--
My understanding is that mcp-handler should upgrade to the latest modelcontextprotocol/sdk