Skip to content

Update dependency fastmcp to v3.4.2#233

Open
renovate-rancher[bot] wants to merge 4 commits into
mainfrom
renovate/fastmcp-3.x
Open

Update dependency fastmcp to v3.4.2#233
renovate-rancher[bot] wants to merge 4 commits into
mainfrom
renovate/fastmcp-3.x

Conversation

@renovate-rancher

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
fastmcp ==3.2.0==3.4.2 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

PrefectHQ/fastmcp (fastmcp)

v3.4.2: : Heads Up

Compare Source

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞
Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: : Floor It

Compare Source

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨
  • Log refresh-token misses in OAuthProxy instead of failing silently by @​jlowin in #​4276
Security 🔒
Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

v3.4.0: : Remote Control

Compare Source

FastMCP 3.4 is about reaching servers that live somewhere else. The headline is fastmcp-remote, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, this release hardens the proxy layer those remote connections depend on — making bridges fail loudly instead of silently, and keeping authenticated sessions alive across the long idle periods that remote clients are prone to.

fastmcp-remote

Some MCP hosts still insist on launching a local stdio command, even when the server you want is already running over HTTP. FastMCP could already proxy a remote URL through fastmcp run, but that pulls in the full server-runner surface. fastmcp-remote is the small, single-purpose version: one URL in, one local stdio proxy out.

{
  "mcpServers": {
    "linear": {
      "command": "uvx",
      "args": ["fastmcp-remote", "https://mcp.linear.app/mcp"]
    }
  }
}

OAuth is enabled automatically for HTTPS servers, with support for explicit bearer tokens and custom headers when you need them. The implementation stays on FastMCP primitives — Client, OAuth, create_proxy, and stdio — and credits the original npm mcp-remote project for the command shape.

Bridges That Fail Loudly

Proxies are lazy bridges: they don't touch the upstream server during construction, but they do forward real MCP requests once a client connects. As of 3.4, initialize is part of that forwarded surface — so a proxy only reports a successful handshake after the upstream server initializes too. A missing backend, a wrong URL (the server root instead of /mcp), denied upstream auth, or a non-MCP upstream now fails the downstream initialize instead of producing a "connected" proxy whose capability fetches quietly come back empty. The proxy also forwards ping upstream now.

This is an intentional behavior change from 3.3, and the reason bridge callers like fastmcp-remote surface real upstream failures instead of degrading into empty tool lists.

Auth That Survives Idle Time

Remote sessions sit idle, and short-lived upstream tokens punish that. fastmcp_access_token_expiry_seconds decouples the FastMCP-issued token's lifetime from the upstream expires_in — the FastMCP token is just a reference into proxy storage, re-validated and transparently refreshed on every request, so it can safely outlive a 5-minute upstream token without forcing a full OAuth flow after every idle period. When the upstream issues no refresh token, the lifetime is capped to match.

from fastmcp.server.auth.providers.github import GitHubProvider

auth = GitHubProvider(
    client_id="...",
    client_secret="...",
    base_url="https://your-server.com",
    fastmcp_access_token_expiry_seconds=60 * 60 * 24,  # 24h client-facing token
)

Alongside it, token_expiry_threshold_seconds treats tokens as expired N seconds early to close refresh races, and WorkOSProvider gains valid_scopes and extra_authorize_params.

Returnable Tool Errors

A tool could previously only signal an error by raising, which flattens to a text-only result and discards structured content. ToolResult now accepts is_error, mapping to CallToolResult.isError so a tool can hand back a rich error the model can see and act on. The proxy uses this to forward upstream tool errors intact instead of collapsing them.

@​mcp.tool
def lookup(id: str) -> ToolResult:
    if not found(id):
        return ToolResult(
            content="not found",
            structured_content={"code": 404, "id": id},
            is_error=True,
        )
    ...

Code Mode: Safe by Default

MontySandboxProvider() now applies a conservative baseline when constructed without limits — 30s duration, 100 MB memory — and CodeMode caps tool calls at 50 per execute block. Both remain explicitly opt-out (limits=None, max_tool_calls=None), so the safe configuration is the default instead of something you had to remember to turn on.

Under the Hood

The auth stack migrated its JWT handling to joserfc. The fastmcp dev CLI gains --host and --log-panel/--no-log-panel. Resources created from templates now preserve annotations, meta, title, and icons; resource templates with query params work on proxied servers; OTEL spans cover the sampling step and tool execution; MCP config files are read as UTF-8; and the OAuth server metadata endpoint now answers at the /.well-known/openid-configuration alias.

8 new contributors this release.

What's Changed

New Features 🎉
Breaking Changes ⚠️
Enhancements ✨
Security 🔒
Fixes 🐞
Docs 📚
Dependencies 📦
Other Changes 🦾

New Contributors

Full Changelog: PrefectHQ/fastmcp@v3.3.1...v3.4.0

v3.3.1: : Loop There It Is

Compare Source

FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like from fastmcp.tools import tool because component modules reached auth and task primitives through fastmcp.server, pulling in the server/provider stack and exposing a circular import.

Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightweight, existing server-facing imports continue to work, and the release also includes small docs corrections from the 3.3 rollout.

What's Changed

Fixes 🐞

Full Changelog: PrefectHQ/fastmcp@v3.3.0...v3.3.1

v3.3.0: : Slim Reaper

Compare Source

FastMCP 3.3 ships fastmcp-slim, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle.

fastmcp-slim

The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery — necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP. fastmcp-slim is a dependency-light distribution that ships the client and transport layer without any of that.

The import namespace is unchanged:

from fastmcp import Client

async with Client("https://example.com/mcp") as client:
    result = await client.call_tool("my_tool", {"arg": "value"})

Install fastmcp-slim[client] anywhere you want FastMCP's client without the server footprint — CI environments, lightweight agents, library dependencies that shouldn't force Uvicorn on downstream users.

Security

The OAuth proxy received three hardening upgrades. Silent consent is now guarded against AS-in-the-middle attacks — a malicious authorization server can no longer silently approve a consent it wasn't meant to handle. Redirect URI allowlist matching now rejects dot-segment paths (/../, /./) that could otherwise bypass prefix checks. And ResponseCachingMiddleware partitions its cache by access token, closing a gap where different users could see each other's cached responses.

Auth

AzureB2CProvider adds first-class support for Azure AD B2C user flows. The OCI provider is fixed for 3.x installs. And OAuthProxy gains a public update_scopes() API for updating the proxy's required scopes after initialization — useful for servers that determine scope requirements at runtime.

Observability

OTEL instrumentation is now fully compliant with MCP semantic conventions. List operations (list_tools, list_resources, list_prompts, list_resource_templates) are instrumented, and delegate spans on proxy servers are enriched with backend attributes.

Thread Affinity

Sync tools run in a thread pool by default. If your tool holds thread-local state or is bound to a specific thread (UI frameworks, some database drivers), you can now opt out:

@​mcp.tool(run_in_thread=False)
def my_tool() -> str:
    ...

Under the Hood

Docket is now reentrant, and mounted servers enter their own lifespan — so a server with startup/shutdown logic works correctly when composed into a larger server. The FastMCP constructor accepts experimental_capabilities for passing raw capability flags. Tool errors accept a log_level parameter to control how they're logged. FormInput supports a default prefill value.

Fixes: ping loop now exits cleanly when a stream closes; sampling from background tasks works correctly; Windows startup no longer crashes on non-UTF-8 console output; blank query string values are preserved in OpenAPI routing; $defs introduced by ArgTransform are hoisted to the schema root; HTTP transports are terminated before lifespan shutdown.

13 new contributors this release.

What's Changed

New Features 🎉
Enhancements ✨
Security 🔒
Fixes 🐞
Docs 📚
Dependencies 📦
Other Changes 🦾

New Contributors

Full Changelog: PrefectHQ/fastmcp@v3.2.4...v3.3.0

v3.2.4: : Patch Me If You Can

Compare Source

A grab bag of fixes, hardening, and polish.

The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics.

Security got three meaningful upgrades. FileUpload now validates actual decoded base64 size instead of trusting the client-reported number, so an attacker can't claim "10 bytes" and deliver 10MB. The proxy client stops forwarding inbound HTTP headers to unrelated remote servers — previously a header meant for server A could leak to server B. And AuthKit now auto-binds token audience to the resource URL per RFC 8707, closing a token-reuse gap across MCP resources.

Schema handling had a rough-edges pass. json_schema_to_type no longer crashes on Python keywords, boolean schemas, empty enums, or name collisions, and we added a 232K-schema crash test from APIs.guru to keep it honest. Gemini 2.5 Flash compatibility is fixed by stripping title fields the model rejects. Parameter descriptions are now extracted from docstrings automatically, so your tool signatures document themselves.

Plus a Keycloak OAuth provider for enterprise auth, improvements to ctx.elicit() (new response_title/response_description, deprecation warning when called without response_type), and dozens of smaller fixes across transforms, retry middleware, resource templates, and client disconnect handling.

What's Changed

Breaking Changes ⚠️
Enhancements ✨
Security 🔒
Fixes 🐞
Docs 📚
Dependencies 📦

New Contributors

Full Changelog: PrefectHQ/fastmcp@v3.2.3...v3.2.4

v3.2.3: : Redis or Not

Compare Source

fakeredis 2.35.0 shipped an undocumented rename (FakeConnectionFakeAsyncRedisConnection) that broke pydocket's memory:// backend, causing fastmcp[tasks] installs to fail at startup with an ImportError. This pins fakeredis<2.35.0 in the tasks extra as a stopgap until a fixed pydocket ships.

What's Changed

Fixes 🐞
Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.2.2...v3.2.3

v3.2.2: : Audience Appreciation

Compare Source

The Azure audience fix in 3.2.1 overcorrected: it switched token validation from client_id to identifier_uri, which fixed custom Application ID URIs but broke the default case where Azure AD v2 tokens set aud to the bare client ID GUID. Both formats are now accepted.

What's Changed

Fixes 🐞
  • fix: accept both client_id and identifier_uri as Azure audience by @​jlowin in #​3797
Dependencies 📦

Full Changelog: PrefectHQ/fastmcp@v3.2.1...v3.2.2

v3.2.1: : Audience Participation

Compare Source

Most of the fixes in this patch are about auth providers getting audience validation wrong. Cognito token verification was checking the aud JWT claim, but Cognito access tokens don't include one; they use client_id instead. Azure was hardcoding the raw client ID as the expected audience, ignoring the identifier_uri parameter even though Entra v2.0 tokens use the Application ID URI as aud. Both now validate correctly without changing the provider API. Consent cookies also had an unbounded growth problem in high-DCR-client environments, eventually blowing past reverse proxy header limits; they're now capped as an LRU.

On the OpenAPI side, nullable: true fields from 3.0 specs were leaking into tool input schemas as-is instead of being converted to JSON Schema's type: ["string", "null"]. Server variable templates in base URLs (like https://{region}.api.example.com) were also being passed through raw instead of substituted with their defaults.

Smaller fixes: form submissions from Prefab UI now correctly handle unchecked boolean checkboxes, the client no longer crashes on error responses with empty or non-text content from third-party servers, and asyncio.iscoroutinefunction no longer emits deprecation warnings on Python 3.14.

What's Changed

Breaking Changes ⚠️
Enhancements ✨
  • [codex] Add FastMCP docs telemetry by @​aaazzam in #​3727
  • chore: split SDK navigation into standalone $ref file by [@​jlo

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@raulcabello

Copy link
Copy Markdown
Collaborator

@copilot resolve the merge conflicts in this pull request

Copilot AI commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved the merge conflicts in pyproject.toml and uv.lock by merging main into this branch. The resolution keeps fastmcp==3.4.2 (this PR's change) while taking langchain-aws==1.5.1, fastapi==0.136.3, and kopf==1.44.6 from main. Merge commit: 683b77a

Copilot AI requested a review from raulcabello June 15, 2026 07:18
@raulcabello

Copy link
Copy Markdown
Collaborator

@copilot resolve the merge conflicts in this pull request

@raulcabello

Copy link
Copy Markdown
Collaborator

@copilot resolve the merge conflicts in this pull request

Copilot AI commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved the merge conflicts in uv.lock by merging main into this branch. The resolution keeps fastmcp==3.4.2 while taking the numpy==2.4.6, testcontainers==4.14.2, and unused dependency removals (unstructured, langchain-chroma, griffelib, grpcio) from main. Merge commit: 0c230fc

Copilot AI commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved the merge conflicts by merging main into this branch. The resolution keeps fastmcp==3.4.2 while taking langchain-google-genai==4.2.5 from main. Merge commit: b1f8c95

@renovate-rancher

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants