github vercel/ai @ai-sdk/mcp@0.0.19
on GitHub

latest releases: @ai-sdk/react@4.0.0-canary.177, @ai-sdk/mcp@2.0.0-canary.65, @ai-sdk/fireworks@2.0.56...
11 hours ago

Patch Changes

  • d872a7a: fix(mcp): lock first sse endpoint received via event

  • f4cd468: fix(mcp): prevent prototype-named tools from bypassing the schemas allowlist

    When using client.tools({ schemas }) to expose only an explicitly allowed
    subset of an MCP server's tools, the allowlist check used the in operator,
    which also matches inherited Object.prototype properties. A server-advertised
    tool named constructor, toString, __proto__, etc. would pass the check
    even though the developer never defined it in schemas, and was then exposed to
    the model and executable. The check now uses Object.hasOwn, so only
    explicitly defined tools are returned.

  • Updated dependencies [9f67efe]

  • Updated dependencies [eea9166]

    • @ai-sdk/provider-utils@3.0.26
Check out latest releases or
releases around vercel/ai @ai-sdk/mcp@0.0.19

Don't miss a new ai release

NewReleases is sending notifications on new releases.

Get notifications