composio icon indicating copy to clipboard operation
composio copied to clipboard
Published 1 week ago verified publisher icon ComposioHQ

Fix typedocs and examples for toolkit version

Open haxzie opened this issue 1 month ago • 1 comments

[!NOTE] Align toolkit versioning across TS/Python, update docs/examples, add TS audit CI, and bump Python packages to 0.9.5 with minor type/util/test tweaks.

  • CI:
    • Add /.github/workflows/ts.audit.yml to run pnpm audit --prod and comment on PRs; simplify ts.test.yml by removing audit step and adding PR comment permissions.
  • TypeScript SDK:
    • Refine toolkit version types with zod schemas in ts/packages/core/src/types/tool.types.ts and update Composio config docs in ts/packages/core/src/composio.ts.
    • Docs updates: clarify version requirements in ts/docs/api/tools.md, triggers behavior in ts/docs/api/triggers.md, and rework toolkit version configuration in ts/docs/getting-started.md.
    • Dependency/catalog updates for @modelcontextprotocol/sdk to ^1.22.0; adjust examples to use catalog: and lockfile updates.
  • Python SDK:
    • Update toolkit version typing (ToolkitVersion as Union[Literal['latest'], str], ToolkitVersionParam), tweak get_toolkit_versions behavior and docstrings, and adjust SDK constructor docs.
    • Update README example to per-toolkit dict.
    • Tests updated to new types/util behavior.
    • Bump package versions to 0.9.5 across python/ core and providers.
  • Examples/Workspace:
    • Set @modelcontextprotocol/sdk to catalog: in ts/examples/*; add catalog entry in pnpm-workspace.yaml.

Written by Cursor Bugbot for commit 91b68b352803bd5ce38e9dd5c5dcef27192c3177. This will update automatically on new commits. Configure here.

haxzie avatar Nov 26 '25 10:11 haxzie

⚠️ Security Audit Failed

The pnpm audit --prod check found security vulnerabilities in production dependencies.

Please review and fix the vulnerabilities. You can try running:

pnpm audit --fix --prod
Audit output 
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate            │ body-parser is vulnerable to denial of service when    │
│                     │ url encoding is used                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ body-parser                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=2.2.0 <2.2.1                                         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=2.2.1                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ fern>supergateway>@modelcontextprotocol/               │
│                     │ sdk>express>body-parser                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-wqch-xfxh-vrr4      │
└─────────────────────┴────────────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 moderate

github-actions[bot] avatar Nov 27 '25 07:11 github-actions[bot]

⚠️ Security Audit Failed

The pnpm audit --prod check found security vulnerabilities in production dependencies.

Please review and fix the vulnerabilities. You can try running:

pnpm audit --fix --prod
Audit output 
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ critical            │ Next.js is vulnerable to RCE in React flight protocol  │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ next                                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=16.0.0-canary.0 <16.0.7                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=16.0.7                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ ts__examples__llamaindex>@llamaindex/                  │
│                     │ workflow>@llamaindex/workflow-core>next                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-9qr9-h5gf-34mp      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ Model Context Protocol (MCP) TypeScript SDK does not   │
│                     │ enable DNS rebinding protection by default             │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ @modelcontextprotocol/sdk                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <1.24.0                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=1.24.0                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ fern>supergateway>@modelcontextprotocol/sdk            │
│                     │                                                        │
│                     │ ts__examples__google>@modelcontextprotocol/sdk         │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-w48q-cv73-mx4w      │
└─────────────────────┴────────────────────────────────────────────────────────┘
3 vulnerabilities found
Severity: 2 high | 1 critical

github-actions[bot] avatar Dec 04 '25 10:12 github-actions[bot]