Update dependency fastmcp to v3.4.2#233
Conversation
|
@copilot resolve the merge conflicts in this pull request |
Resolved the merge conflicts in |
|
@copilot resolve the merge conflicts in this pull request |
|
@copilot resolve the merge conflicts in this pull request |
Resolved the merge conflicts in |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
This PR contains the following updates:
==3.2.0→==3.4.2Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
PrefectHQ/fastmcp (fastmcp)
v3.4.2: : Heads UpCompare Source
FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as
catwithout being rejected before signature and claim validation, while unsupported critical headers are still rejected.What's Changed
Fixes 🐞
Docs 📚
Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2
v3.4.1: : Floor ItCompare Source
FastMCP 3.4.1 floors Starlette at
>=1.0.1so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively throughmcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.What's Changed
Enhancements ✨
Security 🔒
Docs 📚
Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1
v3.4.0: : Remote ControlCompare Source
FastMCP 3.4 is about reaching servers that live somewhere else. The headline is
fastmcp-remote, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, this release hardens the proxy layer those remote connections depend on — making bridges fail loudly instead of silently, and keeping authenticated sessions alive across the long idle periods that remote clients are prone to.fastmcp-remote
Some MCP hosts still insist on launching a local stdio command, even when the server you want is already running over HTTP. FastMCP could already proxy a remote URL through
fastmcp run, but that pulls in the full server-runner surface.fastmcp-remoteis the small, single-purpose version: one URL in, one local stdio proxy out.{ "mcpServers": { "linear": { "command": "uvx", "args": ["fastmcp-remote", "https://mcp.linear.app/mcp"] } } }OAuth is enabled automatically for HTTPS servers, with support for explicit bearer tokens and custom headers when you need them. The implementation stays on FastMCP primitives —
Client, OAuth,create_proxy, and stdio — and credits the original npmmcp-remoteproject for the command shape.Bridges That Fail Loudly
Proxies are lazy bridges: they don't touch the upstream server during construction, but they do forward real MCP requests once a client connects. As of 3.4,
initializeis part of that forwarded surface — so a proxy only reports a successful handshake after the upstream server initializes too. A missing backend, a wrong URL (the server root instead of/mcp), denied upstream auth, or a non-MCP upstream now fails the downstreaminitializeinstead of producing a "connected" proxy whose capability fetches quietly come back empty. The proxy also forwardspingupstream now.This is an intentional behavior change from 3.3, and the reason bridge callers like
fastmcp-remotesurface real upstream failures instead of degrading into empty tool lists.Auth That Survives Idle Time
Remote sessions sit idle, and short-lived upstream tokens punish that.
fastmcp_access_token_expiry_secondsdecouples the FastMCP-issued token's lifetime from the upstreamexpires_in— the FastMCP token is just a reference into proxy storage, re-validated and transparently refreshed on every request, so it can safely outlive a 5-minute upstream token without forcing a full OAuth flow after every idle period. When the upstream issues no refresh token, the lifetime is capped to match.Alongside it,
token_expiry_threshold_secondstreats tokens as expired N seconds early to close refresh races, andWorkOSProvidergainsvalid_scopesandextra_authorize_params.Returnable Tool Errors
A tool could previously only signal an error by raising, which flattens to a text-only result and discards structured content.
ToolResultnow acceptsis_error, mapping toCallToolResult.isErrorso a tool can hand back a rich error the model can see and act on. The proxy uses this to forward upstream tool errors intact instead of collapsing them.Code Mode: Safe by Default
MontySandboxProvider()now applies a conservative baseline when constructed without limits — 30s duration, 100 MB memory — andCodeModecaps tool calls at 50 perexecuteblock. Both remain explicitly opt-out (limits=None,max_tool_calls=None), so the safe configuration is the default instead of something you had to remember to turn on.Under the Hood
The auth stack migrated its JWT handling to
joserfc. Thefastmcpdev CLI gains--hostand--log-panel/--no-log-panel. Resources created from templates now preserve annotations, meta, title, and icons; resource templates with query params work on proxied servers; OTEL spans cover the sampling step and tool execution; MCP config files are read as UTF-8; and the OAuth server metadata endpoint now answers at the/.well-known/openid-configurationalias.8 new contributors this release.
What's Changed
New Features 🎉
Breaking Changes⚠️
Enhancements ✨
Security 🔒
Fixes 🐞
Docs 📚
Dependencies 📦
Other Changes 🦾
New Contributors
Full Changelog: PrefectHQ/fastmcp@v3.3.1...v3.4.0
v3.3.1: : Loop There It IsCompare Source
FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like
from fastmcp.tools import toolbecause component modules reached auth and task primitives throughfastmcp.server, pulling in the server/provider stack and exposing a circular import.Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightweight, existing server-facing imports continue to work, and the release also includes small docs corrections from the 3.3 rollout.
What's Changed
Fixes 🐞
Full Changelog: PrefectHQ/fastmcp@v3.3.0...v3.3.1
v3.3.0: : Slim ReaperCompare Source
FastMCP 3.3 ships
fastmcp-slim, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle.fastmcp-slim
The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery — necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP.
fastmcp-slimis a dependency-light distribution that ships the client and transport layer without any of that.The import namespace is unchanged:
Install
fastmcp-slim[client]anywhere you want FastMCP's client without the server footprint — CI environments, lightweight agents, library dependencies that shouldn't force Uvicorn on downstream users.Security
The OAuth proxy received three hardening upgrades. Silent consent is now guarded against AS-in-the-middle attacks — a malicious authorization server can no longer silently approve a consent it wasn't meant to handle. Redirect URI allowlist matching now rejects dot-segment paths (
/../,/./) that could otherwise bypass prefix checks. AndResponseCachingMiddlewarepartitions its cache by access token, closing a gap where different users could see each other's cached responses.Auth
AzureB2CProvideradds first-class support for Azure AD B2C user flows. The OCI provider is fixed for 3.x installs. AndOAuthProxygains a publicupdate_scopes()API for updating the proxy's required scopes after initialization — useful for servers that determine scope requirements at runtime.Observability
OTEL instrumentation is now fully compliant with MCP semantic conventions. List operations (
list_tools,list_resources,list_prompts,list_resource_templates) are instrumented, and delegate spans on proxy servers are enriched with backend attributes.Thread Affinity
Sync tools run in a thread pool by default. If your tool holds thread-local state or is bound to a specific thread (UI frameworks, some database drivers), you can now opt out:
Under the Hood
Docket is now reentrant, and mounted servers enter their own lifespan — so a server with startup/shutdown logic works correctly when composed into a larger server. The
FastMCPconstructor acceptsexperimental_capabilitiesfor passing raw capability flags. Tool errors accept alog_levelparameter to control how they're logged.FormInputsupports a default prefill value.Fixes: ping loop now exits cleanly when a stream closes; sampling from background tasks works correctly; Windows startup no longer crashes on non-UTF-8 console output; blank query string values are preserved in OpenAPI routing;
$defsintroduced byArgTransformare hoisted to the schema root; HTTP transports are terminated before lifespan shutdown.13 new contributors this release.
What's Changed
New Features 🎉
Enhancements ✨
Security 🔒
Fixes 🐞
Docs 📚
Dependencies 📦
Other Changes 🦾
New Contributors
Full Changelog: PrefectHQ/fastmcp@v3.2.4...v3.3.0
v3.2.4: : Patch Me If You CanCompare Source
A grab bag of fixes, hardening, and polish.
The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics.
Security got three meaningful upgrades.
FileUploadnow validates actual decoded base64 size instead of trusting the client-reported number, so an attacker can't claim "10 bytes" and deliver 10MB. The proxy client stops forwarding inbound HTTP headers to unrelated remote servers — previously a header meant for server A could leak to server B. And AuthKit now auto-binds token audience to the resource URL per RFC 8707, closing a token-reuse gap across MCP resources.Schema handling had a rough-edges pass.
json_schema_to_typeno longer crashes on Python keywords, boolean schemas, empty enums, or name collisions, and we added a 232K-schema crash test from APIs.guru to keep it honest. Gemini 2.5 Flash compatibility is fixed by strippingtitlefields the model rejects. Parameter descriptions are now extracted from docstrings automatically, so your tool signatures document themselves.Plus a Keycloak OAuth provider for enterprise auth, improvements to
ctx.elicit()(newresponse_title/response_description, deprecation warning when called withoutresponse_type), and dozens of smaller fixes across transforms, retry middleware, resource templates, and client disconnect handling.What's Changed
Breaking Changes⚠️
Enhancements ✨
Security 🔒
Fixes 🐞
orwithis not Nonechecks for config/override merging by @strawgate in #3833Docs 📚
Dependencies 📦
New Contributors
Full Changelog: PrefectHQ/fastmcp@v3.2.3...v3.2.4
v3.2.3: : Redis or NotCompare Source
fakeredis 2.35.0 shipped an undocumented rename (
FakeConnection→FakeAsyncRedisConnection) that broke pydocket'smemory://backend, causingfastmcp[tasks]installs to fail at startup with anImportError. This pinsfakeredis<2.35.0in thetasksextra as a stopgap until a fixed pydocket ships.What's Changed
Fixes 🐞
Docs 📚
Full Changelog: PrefectHQ/fastmcp@v3.2.2...v3.2.3
v3.2.2: : Audience AppreciationCompare Source
The Azure audience fix in 3.2.1 overcorrected: it switched token validation from
client_idtoidentifier_uri, which fixed custom Application ID URIs but broke the default case where Azure AD v2 tokens setaudto the bare client ID GUID. Both formats are now accepted.What's Changed
Fixes 🐞
Dependencies 📦
Full Changelog: PrefectHQ/fastmcp@v3.2.1...v3.2.2
v3.2.1: : Audience ParticipationCompare Source
Most of the fixes in this patch are about auth providers getting audience validation wrong. Cognito token verification was checking the
audJWT claim, but Cognito access tokens don't include one; they useclient_idinstead. Azure was hardcoding the raw client ID as the expected audience, ignoring theidentifier_uriparameter even though Entra v2.0 tokens use the Application ID URI asaud. Both now validate correctly without changing the provider API. Consent cookies also had an unbounded growth problem in high-DCR-client environments, eventually blowing past reverse proxy header limits; they're now capped as an LRU.On the OpenAPI side,
nullable: truefields from 3.0 specs were leaking into tool input schemas as-is instead of being converted to JSON Schema'stype: ["string", "null"]. Server variable templates in base URLs (likehttps://{region}.api.example.com) were also being passed through raw instead of substituted with their defaults.Smaller fixes: form submissions from Prefab UI now correctly handle unchecked boolean checkboxes, the client no longer crashes on error responses with empty or non-text content from third-party servers, and
asyncio.iscoroutinefunctionno longer emits deprecation warnings on Python 3.14.What's Changed
Breaking Changes⚠️
Enhancements ✨
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.