doobidoo/mcp-memory-service v10.21.1

v10.21.1 — Resolve 5 CodeQL Code Scanning Alerts

on GitHub

Security

This patch release resolves 5 CodeQL code scanning alerts that were introduced in recent development work.

CodeQL Alerts Resolved

py/unused-import — alerts #359, #360, #361

• Removed unused os import from src/mcp_memory_service/mcp_server.py
• Removed unused platform import from src/mcp_memory_service/web/api/health.py
• Removed unused Path import from src/mcp_memory_service/utils/http_server_manager.py

py/empty-except — alert #358

• Fixed bare pass in an except block in src/mcp_memory_service/web/api/consolidation.py
• Replaced with an explanatory comment (# ignore unexpected non-list responses from LLM — continue processing) that documents the intentional decision and satisfies CodeQL

py/stack-trace-exposure — alert #357

• In src/mcp_memory_service/web/api/consolidation.py, non-string reason values from consolidation recommendations are now wrapped with repr() before being embedded in HTTP responses
• Previously, a raw exception object passed as reason would have serialised a full Python traceback into the API response body, leaking internal implementation details to API callers
• repr() produces a safe, bounded representation without stack frames

Upgrade

No configuration changes required. Drop-in replacement for v10.21.0.

pip install --upgrade mcp-memory-service
# or
uvx mcp-memory-service@10.21.1

Changelog

Full details: CHANGELOG.md — v10.21.1