Bump @upstash/context7-mcp from 2.2.4 to 3.1.0

[dependabot]

Bumps @upstash/context7-mcp from 2.2.4 to 3.1.0.

Changelog

Sourced from @​upstash/context7-mcp's changelog.

3.1.0

Minor Changes

• 1fb2d42: Add multi-tenant Microsoft Entra ID validation for MCP tokens. The server now detects inbound Entra v2 tokens by issuer pattern, fetches per-teamspace configuration (tenantId, audience, requiredScope) from the Context7 app, and verifies the token against the matching tenant's JWKS, enforcing the required scope claim when configured. User resolution happens downstream in the Context7 app against a pre-provisioned user mapping table — the MCP server only validates. Per-tenant JWKS cache and a 5-minute in-memory config cache keyed by JWT audience reduce overhead under load.

3.0.0

Major Changes

• af6a7b5: Convert the stateless MCP implementation to a stateful one using Redis for session management.

Patch Changes

• 3d73145: Reduce Redis writes on refresh by checking the remaining TTL first and only issuing EXPIRE when the session is within one day of expiry.

2.3.0

Minor Changes

• 34fda7d: Prompt anonymous users to sign in. After the backend signals (via the X-Context7-Auth-Prompt: 1 response header on /v2/libs/search or /v2/context) that an anonymous client has crossed the per-IP threshold, the MCP server appends a one-time sign-in invitation to the tool result.
  • Both stdio and HTTP transports surface the same nudge: a tool-result notice asking the assistant to run npx ctx7 setup --<client> --mcp -y (with --stdio appended when the MCP server is running on stdio) after explicit user confirmation. The CLI handles OAuth and writes credentials into the MCP client's config; the user restarts their MCP server / editor to pick up the new credentials.
  • Detects the calling client from X-Context7-Client-IDE / User-Agent and selects the matching CLI flag (--cursor, --claude, --codex, --opencode, --gemini); falls back to interactive setup when unknown.
  • HTTP transport remains stateless — the threshold is tracked by the backend (per-IP, 24h TTL), the MCP server only reacts to the signal.

2.2.5

Patch Changes

• 187287c: Accept hallucinated argument names on tools/call requests by rewriting them to the canonical names before validation. userQuery and question are mapped to query on either tool; on query-docs, context7CompatibleLibraryID, libraryID, and libraryName are mapped to libraryId. Some LLM clients produce these alternative names — likely echoing phrasing from each tool's description — and previously triggered Invalid input: expected string, received undefined errors. libraryName is only rewritten on query-docs calls because it is the canonical arg for resolve-library-id. Tool input schemas published via tools/list are unchanged: canonical names remain the documented required fields, the rewrite is purely a server-side compatibility shim that runs only on tools/call and only when the canonical key is absent.
• 78b9826: Exit the stdio MCP server when the parent process closes its stdio. Previously, if the parent (e.g. Claude Code) was force-killed shortly after a tool call, an idle undici keep-alive socket to the Context7 API would keep libuv's event loop alive past stdin EOF, leaving an orphaned node process that consumed memory until the kernel tore the socket down (which on Cloudflare-fronted endpoints can take hours). The server now listens for end/close on stdin and SIGHUP and exits cleanly. Fixes #2542.

Commits

• 801e112 chore(release): version packages (#2698)
• 1fb2d42 feat(mcp): multi-tenant Entra ID validation (#2629)
• ee0bb7a chore(release): version packages (#2660)
• 3d73145 feat(session): enhance session refresh logic to extend TTL conditionally (#2667)
• af6a7b5 feat: add sessions to MCP server (#2655)
• 1ed71d7 chore(release): version packages (#2605)
• 34fda7d feat(mcp): prompt anonymous users to sign in (#2604)
• 13f3ef0 chore(release): version packages (#2576)
• e8b5a61 feat: add more renamed variables to mcp (#2599)
• 187287c fix(mcp): rewrite hallucinated tools/call argument names (#2598)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #9.