Skip to content

chore: include cli and ws extras in dev environment #1905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Kludex merged 2 commits into from
Jan 19, 2026
Merged

chore: include cli and ws extras in dev environment #1905

Kludex merged 2 commits into from
Jan 19, 2026

Conversation

@RinZ27
Copy link
Contributor

@RinZ27 RinZ27 commented Jan 17, 2026
edited
Loading

I've updated the dev dependency group to reference the project's own cli and ws extras. This ensures that the test environment is complete for local development without duplicating package entries.

Also, I've reverted the starlette version bump based on the feedback that the constraint change wasn't necessary in this context.

Let me know if this revised approach looks good to you.

@RinZ27 RinZ27 force-pushed the fix/bump-starlette branch 2 times, most recently from d48df76 to 0863e2d Compare January 18, 2026 13:04
Kludex
Kludex reviewed Jan 18, 2026
View reviewed changes
@Kludex
Copy link
Member

Kludex commented Jan 18, 2026

Dropping the constraints is not necessary. This is not a vulnerability here.

@RinZ27 RinZ27 force-pushed the fix/bump-starlette branch from 0863e2d to b66941b Compare January 18, 2026 14:49
@RinZ27 RinZ27 changed the title [Security] Bump starlette to >=0.40.0 to fix CVE-2024-47874 chore: include cli and ws extras in dev environment Jan 18, 2026
@RinZ27
Copy link
Contributor Author

RinZ27 commented Jan 18, 2026

I've updated the PR to address your feedback.

Specifically, I've replaced the manual typer and websockets entries with a reference to the project's own extras (mcp[cli,ws]) in the dev group. This ensures the test environment is complete while keeping everything in sync.

I've also reverted the starlette version change as it wasn't necessary for this project's context. Let me know if you think this revised version is worth merging.

Kludex
Kludex reviewed Jan 18, 2026
View reviewed changes
@RinZ27
Copy link
Contributor Author

RinZ27 commented Jan 19, 2026
edited
Loading

@Kludex I've moved mcp[cli,ws] to the top of the dev group and added the note for uv sync as suggested. Thanks!

@RinZ27 RinZ27 force-pushed the fix/bump-starlette branch from 8ef7b94 to 0379ba0 Compare January 19, 2026 08:38
Kludex
Kludex reviewed Jan 19, 2026
View reviewed changes
@RinZ27 RinZ27 force-pushed the fix/bump-starlette branch from 0379ba0 to 1420c68 Compare January 19, 2026 10:25
@RinZ27
Copy link
Contributor Author

RinZ27 commented Jan 19, 2026

Just noticed some weird Unicode sequences (\u003e=) crept into pyproject.toml during the last update—looks like my editor had a stroke while I was copy-pasting from a JSON diff. Fixed the characters and forced a clean push. Everything should be readable now!

@Kludex Kludex enabled auto-merge (squash) January 19, 2026 13:48
@Kludex Kludex merged commit 0f9a41d into modelcontextprotocol:main Jan 19, 2026
23 checks passed
@RinZ27 RinZ27 deleted the fix/bump-starlette branch January 19, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kludex Kludex Kludex approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RinZ27 @Kludex