Skip to content

chore(deps): update dependency @upstash/context7-mcp to v2 #274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rdimitrov merged 2 commits into from
Jan 15, 2026
Merged

chore(deps): update dependency @upstash/context7-mcp to v2 #274

rdimitrov merged 2 commits into from
Jan 15, 2026

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 29, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@upstash/context7-mcp (source) 1.0.332.1.0 age confidence

Release Notes

upstash/context7 (@​upstash/context7-mcp)

v2.1.0

Compare Source

Minor Changes
  • ef82f30: Add OAuth 2.0 authentication support for MCP server
    • Add new /mcp/oauth endpoint requiring JWT authentication
    • Implement JWT validation against authorization server JWKS
    • Add OAuth Protected Resource Metadata endpoint (RFC 9728) at /.well-known/oauth-protected-resource
    • Include WWW-Authenticate header for OAuth discovery

v2.0.2

Compare Source

Patch Changes
  • 368b143: Collect client and server version metrics

v2.0.1

Compare Source

Patch Changes
  • 93a2d5b: Adds MCP tool annotations (readOnlyHint) to all tools to help MCP clients better understand tool behavior and make safer decisions about tool execution.

v2.0.0

Compare Source

Major Changes

  • 66ea0d6: Upgrade MCP server to v2.0.0 with intelligent query-based architecture

    Breaking Changes

    • Removed get-library-docs tool, replaced with new query-docs tool
    • resolve-library-id now requires both query and libraryName parameters
    • Removed mode, topic, page, and limit parameters from documentation fetching
    • Renamed context7CompatibleLibraryID parameter to libraryId

    New Features

    • Intelligent reranked and deduplicated library selection based on user intent
    • Smart snippet selection with relevance-based ranking for documentation retrieval
    • Query-driven context fetching that understands what the user is trying to accomplish
    • Added security warnings for sensitive data in query parameters
    • Added tool call limits (max 3 calls per question) to prevent excessive context window usage

    Improvements

    • Simplified API key header extraction (removed redundant case variants)
    • Removed unused actualPort variable and dead code
    • Cleaner type definitions with new ContextRequest and ContextResponse types
    • Better error messages for library search failures

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Dec 29, 2025
edited
Loading

🔒 MCP Security Scan Results

✅ context7

  • Status: Passed
  • Tools scanned: 2
  • Result: No security issues detected

Summary: Scanned 1 MCP server(s), all passed security checks. ✅

@renovate renovate bot force-pushed the renovate/upstash-context7-mcp-2.x branch 2 times, most recently from 86fe5ae to f4118e7 Compare January 2, 2026 17:36
@renovate renovate bot force-pushed the renovate/upstash-context7-mcp-2.x branch from f4118e7 to 7ab4f53 Compare January 8, 2026 19:50
renovate bot and others added 2 commits January 15, 2026 12:20
@renovate @JAORMX
chore(deps): update dependency @upstash/context7-mcp to v2
64a0b2c
@JAORMX @claude
chore(context7): add W001 security allowlist for false positive
6993cc8 
The v2.0.0 release added security warnings in tool descriptions
instructing users NOT to include sensitive data (API keys, passwords,
credentials) in queries. The mcp-scan W001 check flags these keywords
without understanding the semantic context - the words appear in a
defensive "Do not include..." instruction, not a prompt injection attack.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@JAORMX JAORMX force-pushed the renovate/upstash-context7-mcp-2.x branch from 7ab4f53 to 6993cc8 Compare January 15, 2026 10:21
@rdimitrov rdimitrov merged commit bd3266d into main Jan 15, 2026
13 checks passed
@rdimitrov rdimitrov deleted the renovate/upstash-context7-mcp-2.x branch January 15, 2026 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JAORMX JAORMX JAORMX approved these changes

@rdimitrov rdimitrov rdimitrov approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JAORMX @rdimitrov