mcp-rubber-duck 1.9.3 → 1.9.4

package/.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://github.com/nesquikm/mcp-rubber-duck/blob/master/DONATE.md']

package/.github/workflows/security.yml

@@ -33,7 +33,7 @@ jobs:
           trivyignores: '.trivyignore'
 
       - name: 📤 Upload Trivy scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
@@ -54,7 +54,7 @@ jobs:
           trivyignores: '.trivyignore'
 
       - name: 📤 Upload Docker scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always() && github.event_name != 'schedule'
         with:
           sarif_file: 'trivy-docker-results.sarif'
@@ -71,7 +71,7 @@ jobs:
       - name: 📦 Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
 
       - name: 📥 Install dependencies
@@ -105,7 +105,7 @@ jobs:
           no-fail: true
 
       - name: 📤 Upload Dockerfile lint results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: hadolint-results.sarif
@@ -122,7 +122,7 @@ jobs:
       - name: 📦 Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
 
       - name: 📥 Install dependencies

package/.github/workflows/semantic-release.yml

@@ -31,7 +31,7 @@ jobs:
       - name: 📦 Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
 
       - name: 📥 Install dependencies
@@ -66,7 +66,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: 📤 Upload Trivy scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
@@ -84,7 +84,7 @@ jobs:
           output: 'trivy-docker-results.sarif'
 
       - name: 📤 Upload Docker scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: 'trivy-docker-results.sarif'
@@ -101,7 +101,7 @@ jobs:
       - name: 📦 Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
 
       - name: 📥 Install dependencies
@@ -135,7 +135,7 @@ jobs:
           no-fail: true
 
       - name: 📤 Upload Dockerfile lint results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: hadolint-results.sarif
@@ -159,7 +159,7 @@ jobs:
       - name: 📦 Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           cache: 'npm'
           registry-url: 'https://registry.npmjs.org'
 

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+## [1.9.4](https://github.com/nesquikm/mcp-rubber-duck/compare/v1.9.3...v1.9.4) (2026-01-26)
+
+
+### Bug Fixes
+
+* override lodash to 4.17.23 to address CVE-2025-13465 ([8cb5a3a](https://github.com/nesquikm/mcp-rubber-duck/commit/8cb5a3a0b3a644b2ed368537412cda32b8a333f2))
+
 ## [1.9.3](https://github.com/nesquikm/mcp-rubber-duck/compare/v1.9.2...v1.9.3) (2026-01-19)
 
 

package/DONATE.md

@@ -0,0 +1,30 @@
+# 🦆 Feed the Ducks
+
+```
+     __
+   <(o )___
+    ( ._> /
+     `---'  Quack! Spare some crypto?
+```
+
+Enjoying the duck pond? Toss us some digital bread crumbs to keep the ducks quacking!
+
+## Bitcoin (BTC)
+
+`bc1qlq3dl8pca5q27qz5zk2jm6qqf6xgt6lvh4yrxs`
+
+## Ethereum (ETH, USDT, USDC)
+
+`0x41341d35Ee5C02DdD4255113E58e32Ba024754e9`
+
+## Solana (SOL, USDT, USDC)
+
+`C2JuPcbcVQEfYwzDtbF3iwbhbjFzdJLqjYxzhPxNZQH6`
+
+## Tron (TRX, USDT, USDC)
+
+`TBi9y3fEUJLAX7DSGK6pVPB7TUW9ymFRJ8`
+
+---
+
+🦆 Every satoshi helps keep our ducks debugging! Thank you!

package/audit-ci.json

@@ -7,6 +7,8 @@
   "allowlist": [
     "GHSA-5j98-mcp5-4vw2",
     "GHSA-73rr-hh4g-fpgx",
-    "GHSA-8qq5-rm4j-mr97"
+    "GHSA-8qq5-rm4j-mr97",
+    "GHSA-g9mf-h72j-4rw9",
+    "GHSA-r6q2-hw4h-h46w"
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-rubber-duck",
-  "version": "1.9.3",
+  "version": "1.9.4",
   "description": "An MCP server that bridges to multiple OpenAI-compatible LLMs - your AI rubber duck debugging panel",
   "main": "dist/index.js",
   "type": "module",
@@ -43,6 +43,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.24.0",
+    "@semantic-release/npm": "^13.1.3",
     "ajv": "^8.17.1",
     "dotenv": "^16.4.0",
     "node-cache": "^5.1.2",
@@ -61,12 +62,14 @@
     "eslint": "^8.0.0",
     "jest": "^29.0.0",
     "prettier": "^3.0.0",
-    "semantic-release": "^24.2.8",
+    "semantic-release": "^25.0.2",
     "ts-jest": "^29.0.0",
     "tsx": "^4.0.0",
     "typescript": "^5.0.0"
   },
   "overrides": {
-    "js-yaml": "^4.1.1"
+    "js-yaml": "^4.1.1",
+    "lodash": "^4.17.23",
+    "lodash-es": "^4.17.23"
   }
 }