From fa4b370b3c5998b8c7b3474c931e2f0210ad19dd Mon Sep 17 00:00:00 2001 From: byteworthy Date: Thu, 14 May 2026 18:20:28 -0500 Subject: [PATCH] fix(deps): bump fast-uri (HIGH CVE) + document get_aba_session_tracker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit npm audit fix bumped fast-uri from <=3.1.1, clearing two HIGH advisories (GHSA-q3j6-qgpj-74h6 path-traversal + GHSA-v39h-62p7-jpjc host-confusion). Transitive through @modelcontextprotocol/sdk → ajv. Build + 9 tests pass. Also documented get_aba_session_tracker in README (Specialty workflows). Implementation already existed; just missing from the public tool table. upstream-mcp now has 0 npm audit findings. Co-Authored-By: Claude Opus 4.7 (1M context) --- README.md | 1 + package-lock.json | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 18fde73..e7b1485 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,7 @@ Free API key (500 calls per month, no credit card): [upstream.cx/developers/keys | Tool | Tier | What it does | |---|---|---| | `get_authorization_status` | `[Paid]` | Authorization state for a patient. Hours or units authorized, used, remaining, expiry date, and renewal urgency (red, amber, green). Routes per specialty (ABA session units, SNF stay days, dental procedure caps, PT/OT visit limits, imaging procedure approvals, dialysis treatment authorizations). | +| `get_aba_session_tracker` | `[Paid]` | ABA session authorization status by patient reference: authorized hours, sessions used, hours remaining, expiry date, risk level (red / amber / green), renewal urgency. Use in ABA billing workflows. Patient reference is the anonymized token from your Upstream dashboard — never PHI. | | `get_patient_propensity` | `[Paid]` | Patient collectibility score from 0 to 100 with collection probability and recommended approach. Powered by Upstream's propensity model. | --- diff --git a/package-lock.json b/package-lock.json index aac24ea..b601b4d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1003,9 +1003,9 @@ "license": "MIT" }, "node_modules/fast-uri": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", - "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "funding": [ { "type": "github",