[pull] main from modelcontextprotocol:main

package.json

@@ -23,5 +23,9 @@
     "@modelcontextprotocol/server-memory": "*",
     "@modelcontextprotocol/server-filesystem": "*",
     "@modelcontextprotocol/server-sequential-thinking": "*"
+  },
+  "overrides": {
+    "qs": ">=6.15.2",
+    "hono": ">=4.12.21"
   }
 }

src/everything/package.json

@@ -39,10 +39,10 @@
   "devDependencies": {
     "@types/cors": "^2.8.19",
     "@types/express": "^5.0.6",
-    "@vitest/coverage-v8": "^2.1.8",
+    "@vitest/coverage-v8": "^4.1.8",
     "prettier": "^2.8.8",
     "shx": "^0.3.4",
     "typescript": "^5.6.2",
-    "vitest": "^2.1.8"
+    "vitest": "^4.1.8"
   }
 }

src/filesystem/package.json

@@ -34,9 +34,9 @@
     "@types/diff": "^5.0.9",
     "@types/minimatch": "^5.1.2",
     "@types/node": "^22",
-    "@vitest/coverage-v8": "^2.1.8",
+    "@vitest/coverage-v8": "^4.1.8",
     "shx": "^0.3.4",
     "typescript": "^5.8.2",
-    "vitest": "^2.1.8"
+    "vitest": "^4.1.8"
   }
 }

src/git/src/mcp_server_git/server.py

@@ -133,6 +133,21 @@ def git_add(repo: git.Repo, files: list[str]) -> str:
     if files == ["."]:
         repo.git.add(".")
     else:
+        # Defense in depth: validate each path resolves within the repository
+        # working tree to prevent path traversal (e.g. '../../etc/passwd' or an
+        # absolute path) from staging files outside repository boundaries.
+        repo_root = Path(repo.working_dir).resolve()
+        for f in files:
+            try:
+                resolved = (repo_root / f).resolve()
+            except (OSError, RuntimeError):
+                raise ValueError(f"Invalid path: '{f}'")
+            try:
+                resolved.relative_to(repo_root)
+            except ValueError:
+                raise ValueError(
+                    f"Path '{f}' is outside the repository '{repo_root}'"
+                )
         # Use '--' to prevent files starting with '-' from being interpreted as options
         repo.git.add("--", *files)
     return "Files staged successfully"

src/git/tests/test_server.py

@@ -109,6 +109,32 @@ def test_git_add_specific_files(test_repository):
     assert "file2.txt" not in staged_files
     assert result == "Files staged successfully"
 
+def test_git_add_rejects_path_traversal(test_repository):
+    # Security invariant (CVE-2026-27735): a relative path escaping the
+    # repository must never be staged. Accept rejection from either the
+    # defense-in-depth validation (ValueError) or the underlying git CLI
+    # (GitCommandError) so the test asserts the property, not the layer.
+    outside = Path(test_repository.working_dir).parent / "outside.txt"
+    outside.write_text("secret")
+
+    with pytest.raises((ValueError, git.GitCommandError)):
+        git_add(test_repository, ["../outside.txt"])
+
+    staged = [path for path, _stage in test_repository.index.entries]
+    assert "../outside.txt" not in staged
+    assert "outside.txt" not in staged
+
+def test_git_add_rejects_absolute_path_outside(test_repository):
+    # An absolute path outside the repository must never be staged.
+    outside = Path(test_repository.working_dir).parent / "abs_outside.txt"
+    outside.write_text("secret")
+
+    with pytest.raises((ValueError, git.GitCommandError)):
+        git_add(test_repository, [str(outside)])
+
+    staged = [path for path, _stage in test_repository.index.entries]
+    assert "abs_outside.txt" not in staged
+
 def test_git_status(test_repository):
     result = git_status(test_repository)
 

src/memory/package.json

@@ -29,9 +29,9 @@
   },
   "devDependencies": {
     "@types/node": "^22",
-    "@vitest/coverage-v8": "^2.1.8",
+    "@vitest/coverage-v8": "^4.1.8",
     "shx": "^0.3.4",
     "typescript": "^5.6.2",
-    "vitest": "^2.1.8"
+    "vitest": "^4.1.8"
   }
 }

src/sequentialthinking/package.json

@@ -32,9 +32,9 @@
   "devDependencies": {
     "@types/node": "^22",
     "@types/yargs": "^17.0.32",
-    "@vitest/coverage-v8": "^2.1.8",
+    "@vitest/coverage-v8": "^4.1.8",
     "shx": "^0.3.4",
     "typescript": "^5.3.3",
-    "vitest": "^2.1.8"
+    "vitest": "^4.1.8"
   }
 }