Skip to content

Bump @modelcontextprotocol/server from 2.0.0-alpha.2 to 2.0.0-beta.2#107

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/modelcontextprotocol/server-2.0.0-beta.2
Open

Bump @modelcontextprotocol/server from 2.0.0-alpha.2 to 2.0.0-beta.2#107
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/modelcontextprotocol/server-2.0.0-beta.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps @modelcontextprotocol/server from 2.0.0-alpha.2 to 2.0.0-beta.2.

Release notes

Sourced from @​modelcontextprotocol/server's releases.

@​modelcontextprotocol/server-legacy@​2.0.0-beta.2

Patch Changes

  • #2405 f172626 Thanks @​mattzcarey! - Ship CommonJS builds alongside ESM. Each package now emits both .mjs/.d.mts and .cjs/.d.cts (via tsdown format: ['esm', 'cjs']), and its exports map adds a require condition so require('@modelcontextprotocol/…') works from CommonJS consumers. Output extensions are normalized across all packages (@modelcontextprotocol/core moves from .js/.d.ts to .mjs/.d.mts); the public import paths are unchanged.

@​modelcontextprotocol/server@​2.0.0-beta.2

Patch Changes

  • #2405 f172626 Thanks @​mattzcarey! - Ship CommonJS builds alongside ESM. Each package now emits both .mjs/.d.mts and .cjs/.d.cts (via tsdown format: ['esm', 'cjs']), and its exports map adds a require condition so require('@modelcontextprotocol/…') works from CommonJS consumers. Output extensions are normalized across all packages (@modelcontextprotocol/core moves from .js/.d.ts to .mjs/.d.mts); the public import paths are unchanged.

  • #2399 3c7ddaf Thanks @​felixweinberger! - Return HTTP 400 for a MissingRequiredClientCapabilityError (-32021) produced after dispatch. The spec mandates 400 Bad Request for this error with no condition on where it arose, but only the pre-dispatch capability gate honored that; the post-handler emission — the input_required gate rejecting an embedded request whose required capability the caller did not declare — surfaced in-band on HTTP 200. The JSON-RPC error body is unchanged, every other error code (including a handler relaying a downstream peer's -32020/-32022) keeps the origin-keyed in-band behavior, and the mapping only applies while the response is uncommitted: an exchange that already streamed — or one hosted with responseMode: 'sse', which opens its stream at dispatch end — keeps its committed 200 and carries the error in-stream.

@​modelcontextprotocol/server-legacy@​2.0.0-beta.1

Patch Changes

  • #2402 a400259 Thanks @​felixweinberger! - First beta release of SDK v2 with support for the MCP 2026-07-28 specification revision. See the migration guides for upgrading from v1 (docs/migration/upgrade-to-v2.md) and adopting the 2026-07-28 revision (docs/migration/support-2026-07-28.md).

@​modelcontextprotocol/server@​2.0.0-beta.1

Patch Changes

  • #2402 a400259 Thanks @​felixweinberger! - First beta release of SDK v2 with support for the MCP 2026-07-28 specification revision. See the migration guides for upgrading from v1 (docs/migration/upgrade-to-v2.md) and adopting the 2026-07-28 revision (docs/migration/support-2026-07-28.md).

@​modelcontextprotocol/server-legacy@​2.0.0-alpha.4

Minor Changes

  • #2286 1823aae Thanks @​felixweinberger! - SEP-2468 follow-up: transport.finishAuth() gains a URLSearchParams overload (preferred) that extracts code/iss, validates iss first, and on mismatch throws a sanitized IssuerMismatchError (no callback error_description text); callers remain responsible for state. Behavior change for @modelcontextprotocol/server-legacy: mcpAuthRouter now advertises authorization_response_iss_parameter_supported (default true; ProxyOAuthServerProvider reports false) and the bundled authorize handler appends iss (RFC 9207) to every res.redirect(...) your OAuthServerProvider.authorize() issues to the client's redirect_uri. If your provider redirects another way (res.writeHead, a separate consent-page response, or a standalone authorizationHandler({provider}) without issuerUrl), append params.issuer as iss yourself or set authorizationResponseIssParameterSupported: false — otherwise RFC 9207-compliant clients (including this SDK) will reject the callback.

@​modelcontextprotocol/server@​2.0.0-alpha.4

Major Changes

  • #2286 1823aae Thanks @​felixweinberger! - Split the wire layer into per-era codecs and make protocol-revision deletions physical. Deliberate wire/schema behavior changes (see docs/migration/support-2026-07-28.md "Per-era wire codecs"):
    • resultType is no longer modeled by any neutral wire schema: EmptyResultSchema (strict) now rejects {resultType} bodies; on 2025-era connections a foreign resultType is stripped before validation instead of rejected; the member exists only inside the 2026-era codec, which requires it.
    • CallToolResult.content / ToolResultContent.content are required at the wire boundary (content.default([]) removed): handler results without content are rejected with -32602 instead of silently defaulted, and content-less wire results fail the client parse loudly.
    • Custom (3-arg) handlers now receive _meta minus the reserved envelope keys instead of having it deleted before params validation.

... (truncated)

Commits
  • 35f6856 Version Packages (beta) (#2416)
  • 3c7ddaf test(conformance): bump referee to 0.2.0-alpha.9; arm SEP-2575 diagnostic fix...
  • 1ea960b chore(examples): bump better-auth to ^1.6.2 (#2415)
  • eacf2e5 Add --protocol-version flag to cli-client example (#2406)
  • 448ba0f chore: drop duplicate CommonJS changeset (#2414)
  • ef120b2 chore: add missing changesets for CommonJS builds and codemod iterations (#2412)
  • d000de8 Update README.md (#2411)
  • 1772473 codemod iterations 5 (#2398)
  • ebca273 docs: generate llms.txt, llms-full.txt, and markdown page renditions (#2407)
  • f172626 feat(packaging): ship CommonJS builds alongside ESM for v2 packages (#2405)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@modelcontextprotocol/server](https://github.com/modelcontextprotocol/typescript-sdk) from 2.0.0-alpha.2 to 2.0.0-beta.2.
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](https://github.com/modelcontextprotocol/typescript-sdk/compare/@modelcontextprotocol/server@2.0.0-alpha.2...@modelcontextprotocol/server@2.0.0-beta.2)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/server"
  dependency-version: 2.0.0-beta.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants