chore(deps): update dependency @notionhq/notion-mcp-server to v1.9.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@notionhq/notion-mcp-server	1.9.0 -> 1.9.1

---

Release Notes

makenotion/notion-mcp-server (@​notionhq/notion-mcp-server)

v1.9.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🔒 MCP Security Scan Results

❌ notion

• Status: Failed
• Tools scanned: 19
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 _(Allowed: Data leak toxic flow is expected for a Notion integration server. Notion MCP server:
• Reads private Notion workspace data including pages, databases, and user information (private data access)
• Processes user-generated content from various Notion sources and external integrations (untrusted content)
• Exports and shares Notion data through search, fetch, and analysis operations (public sink)
  This combination is essential for the Notion MCP server to function effectively,
  allowing agents to access, analyze, and work with Notion workspace content and data.
  )_
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 _(Allowed: Destructive toxic flow is expected and required for Notion content management. The server includes:
• Tools to delete, update, and move Notion pages, databases, and other content (destructive operations)
• Tools that process user-generated content from Notion workspaces and external sources (untrusted content)
  These capabilities are essential for proper Notion workspace management,
  allowing agents to create, modify, organize, and maintain Notion content effectively.
  )_

---

Summary: Scanned 1 MCP server(s), found 1 security issue(s).

⚠️ Action Required: Security issues were detected. Please review and address them before merging.