security: dependabot alert triage (#2768)

nicktrn · web-flow · commit 66c6da711474 · 2025-12-08T21:02:13.000Z
- Upgrade @modelcontextprotocol/sdk to 1.24.3
- Override jws to 3.2.3
diff --git a/.changeset/ninety-cougars-remember.md b/.changeset/ninety-cougars-remember.md
@@ -0,0 +1,5 @@
+---
+"trigger.dev": patch
+---
+
+Upgrade @modelcontextprotocol/sdk to 1.24.3
diff --git a/package.json b/package.json
@@ -90,7 +90,8 @@
       "form-data@^4": "4.0.4",
       "axios@1.9.0": ">=1.12.0",
       "js-yaml@>=3.0.0 <3.14.2": "3.14.2",
-      "js-yaml@>=4.0.0 <4.1.1": "4.1.1"
+      "js-yaml@>=4.0.0 <4.1.1": "4.1.1",
+      "jws@<3.2.3": "3.2.3"
     },
     "onlyBuiltDependencies": [
       "@depot/cli",
diff --git a/packages/cli-v3/package.json b/packages/cli-v3/package.json
@@ -83,7 +83,7 @@
   "dependencies": {
     "@clack/prompts": "0.11.0",
     "@depot/cli": "0.0.1-cli.2.80.0",
-    "@modelcontextprotocol/sdk": "^1.17.0",
+    "@modelcontextprotocol/sdk": "^1.24.0",
     "@opentelemetry/api": "1.9.0",
     "@opentelemetry/api-logs": "0.203.0",
     "@opentelemetry/exporter-trace-otlp-http": "0.203.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"trigger.dev": patch
 +---
++
 +Upgrade @modelcontextprotocol/sdk to 1.24.3