Skip to content

fix: update dependencies, add tests, and improve validation #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 4, 2025
Merged

fix: update dependencies, add tests, and improve validation #58

merged 5 commits into from
Nov 4, 2025
+3,880 −472

Conversation

@27Bslash6
Copy link
Contributor

@27Bslash6 27Bslash6 commented Oct 30, 2025
edited
Loading

Changes

Dependency Updates

  • @modelcontextprotocol/sdk: 1.0.1 → 1.20.2 (critical updates, 20 versions behind)
  • axios: removed (unused dependency)
  • dotenv: 16.3.1 → 16.6.1
  • shx: 0.3.4 → 0.4.0
  • typescript: 5.6.2 → 5.9.3
  • vitest: 4.0.5 (new, for testing)

Resolves:

Bug Fixes

  • Add validation for API response structure (prevents null pointer crashes)
  • Add message structure validation in all tool handlers (zero-trust validation)
  • Fix timeout handling to read env var dynamically (was stale at module load)
  • Export functions for proper testing

Testing

  • 47 tests total (31 unit + 16 integration)
  • Coverage: API responses, error handling, edge cases, concurrency, all 4 tool types
  • Test configuration with proper env vars

Code Quality

  • Extract validation helper to eliminate duplication (DRY)
  • Follows MCP security best practices for input validation

Test Results

Test Files  2 passed (2)
      Tests  47 passed (47)
  Duration  447ms

Build: ✓ Clean
Security: ✓ 0 vulnerabilities
MCP: ✓ All tools functional

Breaking Changes

None. All changes are backward compatible.

@27Bslash6
update dependencies to resolve deprecations and security issues
5968215 
- update @modelcontextprotocol/sdk 1.0.1 → 1.20.2
- update axios 1.6.2 → 1.13.1
- update dotenv 16.3.1 → 16.6.1
- update shx 0.3.4 → 0.4.0
- update typescript 5.6.2 → 5.9.3
- add vitest 4.0.5 for testing

resolves npm warnings for deprecated [email protected] and [email protected]
fixes 5 moderate severity vulnerabilities in vitest dependency chain
@27Bslash6
add validation for API responses and message structure
45e06cb 
- validate choices array exists and is non-empty
- validate message content is string type
- add message structure validation in tool handlers
- export functions for testing

prevents null pointer crashes on malformed API responses
follows MCP security best practices for zero-trust validation
@27Bslash6
add comprehensive test suite with 47 tests
c9e9d59 
unit tests:
- formatSearchResults edge cases
- performChatCompletion success and error paths
- performSearch parameter handling
- API response validation
- timeout and error handling
- concurrent requests
- special characters and long content

integration tests:
- all four tool types (ask, research, reason, search)
- real-world scenarios
- multi-turn conversations
- performance and reliability

tests run against actual implementation via imports
vitest configured with proper env vars and exclusions
@27Bslash6 27Bslash6 marked this pull request as draft October 30, 2025 12:23
@27Bslash6 27Bslash6 force-pushed the fix/deps-security-tests branch from 08f5599 to c9e9d59 Compare October 30, 2025 12:24
@27Bslash6
Enhance testing capabilities and coverage reporting
e49497e 
- Add coverage configuration to vitest for improved test reporting
- Introduce a new GitHub Actions workflow for automated testing on push and pull requests
- Update .gitignore to exclude coverage directory
- Add @vitest/coverage-v8 as a development dependency for coverage analysis
- Introduce a new test command for coverage reporting in package.json
@27Bslash6 27Bslash6 marked this pull request as ready for review October 30, 2025 12:28
@kesku
Copy link
Contributor

kesku commented Nov 4, 2025
edited
Loading

Awesome work! Thank you very much, will include in next release

@kesku kesku merged commit d0b358a into perplexityai:main Nov 4, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kesku kesku kesku approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@27Bslash6 @kesku