Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
There was a problem hiding this comment.
Pull request overview
Bumps the MCP server/package version and updates core/dev dependencies, alongside minor documentation adjustments, to keep the Next2D development MCP server current and aligned with release metadata.
Changes:
- Bump package/server version from
0.0.1to0.0.2(package + runtime server metadata). - Update dependency versions (notably
@modelcontextprotocol/sdk, TypeScript, ESLint, and Node types) and regenerate lockfile. - Add a basic
SECURITY.mdand remove the “Supported Platforms” section from the README.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/index.ts | Updates the MCP server-reported version string to 0.0.2. |
| package.json | Bumps package version and updates dependency/devDependency versions. |
| package-lock.json | Lockfile updates reflecting the dependency bumps. |
| SECURITY.md | Adds an initial security reporting policy document. |
| README.md | Removes the supported platforms section from documentation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const server = new McpServer({ | ||
| "name": "next2d-development-mcp", | ||
| "version": "0.0.1" | ||
| "version": "0.0.2" | ||
| }); |
There was a problem hiding this comment.
The McpServer version string is manually duplicated here and in package.json; this can easily drift on future releases. Consider reading the version from package.json at runtime/build time (or injecting it during the build) so there is a single source of truth.
| "devDependencies": { | ||
| "@eslint/js": "^10.0.1", | ||
| "@types/node": "^22.15.0", | ||
| "@types/node": "^25.3.0", |
There was a problem hiding this comment.
The project declares Node >=22 in engines, but @types/node is bumped to a much newer major version. This can allow using Node APIs that are not available on the minimum supported runtime (22.x) and lead to runtime failures that TypeScript won’t catch. Consider pinning @types/node to the same major as the minimum supported Node version (or raising the engines.node range accordingly).
| "@types/node": "^25.3.0", | |
| "@types/node": "^22.0.0", |
| @@ -0,0 +1,3 @@ | |||
| # Reporting Security Issues | |||
|
|
|||
| If you believe you have found a security vulnerability in Next2D, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. | |||
There was a problem hiding this comment.
This security policy doesn’t include any actual reporting channel (e.g., a security email address, GitHub Security Advisories link, or a private issue form). As written, reporters are told to “let us know” but aren’t told how. Please add the preferred contact method and any expectations (what info to include, response SLA, PGP key if applicable).
| If you believe you have found a security vulnerability in Next2D, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. | |
| If you believe you have found a security vulnerability in Next2D, we encourage you to let us know right away by contacting us through one of the following private channels: | |
| - Email: **security@next2d.dev** | |
| - GitHub Security Advisories (preferred for GitHub users): https://github.com/OWNER/REPO/security/advisories/new | |
| When reporting a vulnerability, please include, to the extent possible: | |
| - A clear description of the issue and its potential impact | |
| - Steps to reproduce the vulnerability (proof-of-concept code, test case, or screenshots, if available) | |
| - Any known affected versions, configurations, or environments | |
| - Your contact information so we can follow up with questions, if needed | |
| We will investigate all legitimate reports and do our best to quickly fix the problem. We aim to acknowledge receipt of your report within **5 business days** and will provide further updates as we progress toward a fix and coordinated disclosure. |
| | **API リファレンス** | Player API, Framework 仕様, 開発テンプレート仕様の提供 | | ||
| | **開発ガイド** | 画面追加手順, コーディング規約, デバッグガイドの提供 | | ||
|
|
||
| ### 対応プラットフォーム / Supported Platforms | ||
|
|
||
| Web / Steam (Windows・macOS・Linux) / iOS / Android | ||
|
|
||
| --- | ||
|
|
||
| ## 必要な環境 / Requirements |
There was a problem hiding this comment.
The README no longer documents supported platforms, and there doesn’t appear to be an alternative mention elsewhere in the docs. If platform support is still relevant for users, consider restoring this section or replacing it with an updated statement (even a short line in the Overview/Requirements).
1 participant
No description provided.