Update zod to fix MCP function access

[Tanmaymundra]

Description

Updated the package for Zod due to which we were not able to access the mcp functions

Type of Change

• Bug fix (non-breaking change which fixes an issue)

Test Scenarios

Check if you were able to create a issue using mcp server

References

Solves #47

---

Note

Upgrades zod and refreshes the lockfile, updating MCP SDK, ESLint/TypeScript, and numerous transitive dependencies.

• Dependencies:
  • Bump zod to ^3.25.76 in package.json.
  • Update lockfile with major upgrades:
    • @modelcontextprotocol/sdk to 1.22.0 (adds ajv, ajv-formats, eventsource-parser).
    • ESLint toolchain: eslint 9.39.1, @eslint/*, @typescript-eslint/* 8.47.0.
    • typescript 5.9.3, prettier 3.6.2.
    • Various transitive bumps (Babel, debug, eventsource, mime-types, semver, etc.).

^{Written by Cursor Bugbot for commit 86d4f00. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• Chores
  • Updated development dependencies to latest compatible versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The zod development dependency is updated from version ^3.24.2 to ^3.25.76 in package.json. No code changes are introduced; only the version constraint is modified.

Changes

Cohort / File(s)	Change Summary
Dependency Version Update package.json	Updated zod devDependency from ^3.24.2 to ^3.25.76

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• This is a straightforward dependency version bump with no functional code changes.

Poem

🐰 A little hop, a version new,
Zod's grown from twenty-four to seventy-two!
No code was bent, no logic bent,
Just dependencies all content! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately reflects the main change: updating the zod dependency to fix MCP function access issues.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cf7bb8c and 86d4f00.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for direct imports of zod in source code (TypeScript/JavaScript)
echo "=== Searching for zod imports in source code ==="
rg -n "from\s+['\"]zod['\"]|import\s+.*from\s+['\"]zod['\"]" --type=ts --type=js

echo ""
echo "=== Alternative search patterns for zod usage ==="
rg -n "require\(['\"]zod['\"]" --type=ts --type=js

Repository: makeplane/plane-mcp-server

Length of output: 607

---

🌐 Web query:

zod changelog breaking changes between version 3.24.2 and 3.25.76

💡 Result:

Short answer — two notable breaking/regression items between zod 3.24.2 and 3.25.76:

1. 3.24.2 introduced an inadvertent TypeScript-breaking regression in the public schema types (caused excessive/infinitely-deep type instantiations / assignment failures between minor versions). See the GitHub issue reporting the bug. [1]

2. By 3.25.76 the package started shipping Zod v4 sources/exports alongside v3 (v4 was accessible via subpaths and the package exports include v4). That change led to ecosystem/TS breakages for some consumers (tooling/type errors, doubling package size, and import/resolution problems discussed by users). The project notes that v4 was published and available during the 3.25.x window. See the release/notes and package.json exports. [2][3]

Sources:

• Report of the 3.24.2 breaking regression. [1]
• Release/announcement notes about Zod 4 being published / transition (no code diffs between 3.25.x and 4.0.0). [2]
• Example package.json showing v3/v4 subpath exports in 3.25.76. [3]

---

Critical issue: zod must be moved to dependencies (not devDependencies) since it's imported in 9 source files. Additionally, the target version 3.25.76 introduces known ecosystem/TypeScript breakages (Zod v4 exports alongside v3 causing resolution and type errors for consumers). While 3.24.2 has its own regression, upgrading to 3.25.76 may introduce new problems rather than resolve issue #47.

Recommendations:

• Move zod from devDependencies to dependencies
• Verify that 3.25.76 specifically resolves issue MCP issue creation not working in self-hosted Community Edition #47 despite its known ecosystem issues, or consider a more stable intermediate version that fixes the root cause without introducing v4/ecosystem conflicts

🤖 Prompt for AI Agents

In package.json at line 53, zod is currently listed in devDependencies and must
be moved to dependencies because it is imported by nine source files at runtime;
update package.json to remove zod from devDependencies and add it under
dependencies, then choose a safer version than 3.25.76 (either confirm 3.25.76
truly resolves issue #47 without introducing v4 export/type conflicts or pick a
more stable intermediate patch that avoids v4 ecosystem breakage), run npm/yarn
install to update the lockfile, and run the test suite and a type-check build to
verify no resolution or TypeScript errors occur.