Dependency Audit Report
Date: 2026-02-28
Auditor: Automated dependency audit
Ecosystem: Ruby (Gemfile + gemspec)
Major Version Bumps (Breaking Changes Likely)
| Package |
Pinned Range |
Locked Version |
Latest |
Notes |
rack |
~> 2.0 |
2.2.17 |
3.2.5 |
Major version behind — Rack 3 is a significant upgrade with breaking changes to the middleware API |
minitest |
~> 5.0 |
5.25.5 |
6.0.2 |
Major version bump |
Minor/Patch Updates
| Package |
Locked Version |
Latest |
standard |
1.50.0 |
1.54.0 |
rake |
13.3.0 |
13.3.1 |
Unstable Dependencies
| Package |
Source |
Concern |
mcp |
Git branch main (pinned to commit db98dbc) |
Using a git source with branch tracking — no stable release. This could break on any upstream push. Consider pinning to a released version when available. |
Recommended Actions
- High Priority: Evaluate
rack ~> 3.0 migration — Rack 3 has been stable for a while. The ~> 2.0 constraint is blocking the upgrade. Review if the server's Rack middleware is compatible.
- Medium Priority: Pin the
mcp gem to a stable release (if one exists) rather than tracking main branch
- Low Priority: Bump
minitest to 6.x, update standard to 1.54.0
- Bundler: The lockfile requires Bundler 2.5.11 — ensure CI/CD matches
Dependency Audit Report
Date: 2026-02-28
Auditor: Automated dependency audit
Ecosystem: Ruby (Gemfile + gemspec)
Major Version Bumps (Breaking Changes Likely)
rackminitestMinor/Patch Updates
standardrakeUnstable Dependencies
mcpmain(pinned to commitdb98dbc)Recommended Actions
rack~> 3.0 migration — Rack 3 has been stable for a while. The~> 2.0constraint is blocking the upgrade. Review if the server's Rack middleware is compatible.mcpgem to a stable release (if one exists) rather than trackingmainbranchminitestto 6.x, updatestandardto 1.54.0