[Snyk] Security upgrade @modelcontextprotocol/sdk from 1.25.2 to 1.26.0

[MightyPrytanis]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• Cyrano/package.json
• Cyrano/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Race Condition SNYK-JS-MODELCONTEXTPROTOCOLSDK-15208843	641

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Race Condition

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (2)

• WIP
• DO NOT REVIEW

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-8f907a0481105b877db81983a5523d3a

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates Cyrano’s MCP SDK dependency to address a Snyk-reported vulnerability (race condition) by upgrading @modelcontextprotocol/sdk from 1.25.2 to 1.26.0, with the corresponding lockfile updates.

Changes:

• Bump @modelcontextprotocol/sdk to ^1.26.0 in Cyrano/package.json.
• Update Cyrano/package-lock.json to resolve @modelcontextprotocol/sdk@1.26.0 and refresh related transitive dependencies (notably including updates to @hono/node-server, hono, and related dependency metadata).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
Cyrano/package.json	Upgrades @modelcontextprotocol/sdk to the fixed version (^1.26.0).
Cyrano/package-lock.json	Locks the SDK upgrade and updates transitive dependency resolutions accordingly.

Files not reviewed (1)

• Cyrano/package-lock.json: Language not supported