Security: Update dependencies and fix vulnerabilities

[Nemo64]

Summary

This PR updates critical dependencies to address multiple security vulnerabilities and improves the security posture of the project.

Key Changes

• Updated @modelcontextprotocol/sdk from 1.15.1 to 1.27.1 to fix CVE-2025-66414, CVE-2026-0621, and CVE-2026-25536
• Updated undici from ^7.16.0 to ^7.24.4 to address security issues
• Fixed transitive vulnerabilities in minimatch, qs, ajv, and diff via npm audit fix

Notable Details

• The @modelcontextprotocol/sdk dependency now uses a caret range (^1.27.1) instead of a pinned version, allowing for future patch and minor updates
• All updates are security-focused with no breaking changes to the application code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c0bfb0e287

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Align zod range with upgraded SDK peer requirement

Updating @modelcontextprotocol/sdk to ^1.27.1 introduces a zod peer requirement of ^3.25 || ^4.0 (as reflected in the updated lockfile), but this package still declares zod as ^3.24.2. While the current lockfile resolves to a compatible 3.25.x, consumers installing from the published package.json with pinned zod@3.24.x (or with strict peer-dependency enforcement) can hit peer conflicts during install. The manifest should be updated so the declared zod range is compatible with the new SDK requirement.

Useful? React with 👍 / 👎.