feat: security fix + golden-standard README

* fix: Dockerfile CMD path and chown for Docker proxy support * chore: remove legacy codeql.yml (ADR-011 GHAS migration) * chore: remove legacy gitleaks.yml (ADR-011 GHAS migration) * docs: add TOOLS.md with tool documentation * fix(security): update lock file — hono 4.12.3 + SDK 1.27.1 (#4) Updated transitive deps to patched versions: - @modelcontextprotocol/sdk: 1.26.0 -> 1.27.1 (cross-client data leak via shared transport, affects 1.10.0-1.25.3, patched in 1.26.0) - hono: 4.12.0 -> 4.12.3 (authentication bypass via IP spoofing, patched in 4.12.3) No package.json change needed — existing semver ranges already allow the patched versions. * docs: golden-standard README (#5) Brings README to production golden standard following the Ansvar Law MCP template.
2026-03-02 21:25:22 +01:00
parent 000e6bf796
commit 86f610be05
2 changed files with 167 additions and 109 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -621,9 +621,9 @@
      }
    },
    "node_modules/@modelcontextprotocol/sdk": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.26.0.tgz",
-      "integrity": "sha512-Y5RmPncpiDtTXDbLKswIJzTqu2hyBKxTNsgKqKclDbhIgg1wgtf1fRuvxgTnRfcnxtvvgbIEcqUOzZrJ6iSReg==",
+      "version": "1.27.1",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.27.1.tgz",
+      "integrity": "sha512-sr6GbP+4edBwFndLbM60gf07z0FQ79gaExpnsjMGePXqFcSSb7t6iscpjk9DhFhwd+mTEQrzNafGP8/iGGFYaA==",
      "license": "MIT",
      "dependencies": {
        "@hono/node-server": "^1.19.9",
@@ -2615,9 +2615,9 @@
      }
    },
    "node_modules/hono": {
-      "version": "4.12.0",
-      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.0.tgz",
-      "integrity": "sha512-NekXntS5M94pUfiVZ8oXXK/kkri+5WpX2/Ik+LVsl+uvw+soj4roXIsPqO+XsWrAw20mOzaXOZf3Q7PfB9A/IA==",
+      "version": "4.12.3",
+      "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.3.tgz",
+      "integrity": "sha512-SFsVSjp8sj5UumXOOFlkZOG6XS9SJDKw0TbwFeV+AJ8xlST8kxK5Z/5EYa111UY8732lK2S/xB653ceuaoGwpg==",
      "license": "MIT",
      "engines": {
        "node": ">=16.9.0"