Skip to content

[pull] main from modelcontextprotocol:main #304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 6 commits into from
Feb 11, 2026
Merged

[pull] main from modelcontextprotocol:main #304

pull merged 6 commits into from
Feb 11, 2026
+54 −7

Conversation

@pull
Copy link

@pull pull bot commented Feb 11, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

claude bot and others added 6 commits August 24, 2025 02:44
@claude @olaservo
fix: resolve relative paths against allowed directories instead of pr…
29c9f8c 
…ocess.cwd()

Fixes issue where relative paths were incorrectly resolved against process.cwd(),
causing "Access denied - path outside allowed directories" errors when the MCP
server's working directory was outside the configured allowed directories.

The fix implements intelligent path resolution that:
1. First tries to resolve relative paths against each allowed directory
2. Validates the resulting path is within allowed directories
3. Falls back to the first allowed directory if no valid resolution is found
4. Maintains backward compatibility by falling back to process.cwd() when no allowed directories are configured

Resolves #2526

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Ola Hungerford <olaservo@users.noreply.github.com>
@olaservo
Merge branch 'main' into claude/issue-2526-20250824-0240
39a1db9
@olaservo @claude
fix(filesystem): use vi.fn() instead of jest.fn() in test
dd6594c 
The project uses Vitest, not Jest. Replace jest.fn() with vi.fn()
to fix the ReferenceError in the relative path resolution test.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cliffhall
Merge branch 'main' into claude/issue-2526-20250824-0240
3921f5c
@olaservo @claude
fix(filesystem): run npm audit fix to resolve qs vulnerability
87a996b 
Fixes high-severity qs DoS vulnerability (GHSA-6rw7-vpxm-498p).
Remaining moderate-severity issues are in dev dependencies
(esbuild/vite/vitest) and require a breaking vitest v2->v4 upgrade.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@cliffhall
Merge pull request #2609 from modelcontextprotocol/claude/issue-2526-…
618cf48 
…20250824-0240

fix: resolve relative paths against allowed directories instead of process.cwd()
@pull pull bot locked and limited conversation to collaborators Feb 11, 2026
@pull pull bot added the ⤵️ pull label Feb 11, 2026
@pull pull bot merged commit 618cf48 into threatcode:main Feb 11, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@olaservo @cliffhall