v0.1.4: region coverage bounds, ClinVar ENSG guidance, js-yaml DoS cleared
region coverage bounds, ClinVar ENSG guidance, js-yaml DoS cleared
Two fixes plus a security-bearing framework bump.
Fixed:
- gnomad_get_coverage: region coverage bounded to the requested start..stop span; gnomAD's
151 bp padded window no longer leaks ±75 bp of neighboring bases into the summary (single-position region → one bin). Gene/transcript coverage unchanged. (#8) - gnomad_search_clinvar: an Ensembl gene ID (ENSG…) returns a targeted notice pointing to ensembl_lookup_gene and short-circuits before the NCBI query, instead of a bare empty result; the gene input description carries the HGNC-only constraint. (#9)
Changed:
- @cyanheads/mcp-ts-core ^0.10.9 → ^0.10.10
Security:
- Transitive js-yaml (via the depcheck dev dependency) resolved to 3.15.0, clearing GHSA-h67p-54hq-rp68 / CVE-2026-53550 — a quadratic-complexity DoS in YAML merge-key handling via repeated aliases. bun audit: one moderate advisory → zero.
105 tests pass; bun run devcheck clean.