fix(deps): update dependency fastmcp to v3#13839
fix(deps): update dependency fastmcp to v3#13839renovate-bot wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
Conversation
Summary of ChangesHello @renovate-bot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request updates the Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request updates the fastmcp dependency from version 2.13.0 to 3.0.0. This is a major version upgrade that brings significant architectural improvements, including a new provider/transform architecture, automatic threadpooling for synchronous tools, and enhanced observability with OpenTelemetry. Crucially, it includes security fixes by dropping the diskcache dependency (addressing CVE-2025-69872) and updating other sub-dependencies. The existing server and test code remain compatible with the v3 API, and the uv.lock file correctly reflects the streamlined dependency tree, which now includes uvicorn and watchfiles to support the new development features like hot-reloading.
This PR contains the following updates:
==2.13.0→==3.0.0Release Notes
PrefectHQ/fastmcp (fastmcp)
v3.0.0: : Three at LastCompare Source
FastMCP 3.0 is stable. Two betas, two release candidates, 21 new contributors, and more than 100,000 daily pre-release installs later — the architecture held up, the upgrade path was smooth, and we're shipping it.
The surface API is largely unchanged —
@mcp.tool()still works exactly as before. What changed is everything underneath: a provider/transform architecture that makes FastMCP extensible, observable, and composable in ways v2 couldn't support. If we did our jobs right, you'll barely notice the redesign. You'll just notice that more is possible.This is also the release where FastMCP moves from jlowin/fastmcp to PrefectHQ/fastmcp. GitHub forwards all links, PyPI is the same, imports are the same. A major version felt like the right moment to make it official.
Build servers from anything
🔌 Components no longer have to live in one file with one server.
FileSystemProviderdiscovers tools from directories with hot-reload.OpenAPIProviderwraps REST APIs.ProxyProviderproxies remote MCP servers.SkillsProviderdelivers agent skills as resources. Write your own provider for whatever source makes sense. Compose multiple providers into one server, share one across many, or chain them with transforms that rename, namespace, filter, version, and secure components as they flow to clients.ResourcesAsToolsandPromptsAsToolsexpose non-tool components to tool-only clients.Ship to production
🔐 Component versioning: serve
@tool(version="2.0")alongside older versions from one codebase. Granular authorization on individual components with async auth checks, server-wide policies viaAuthMiddleware, and scope-based access control. OAuth gets CIMD, Static Client Registration, Azure OBO via dependency injection, JWT audience validation, and confused-deputy protections. OpenTelemetry tracing with MCP semantic conventions. Response size limiting. Background tasks with distributed Redis notification andctx.elicit()relay. Security fixes include droppingdiskcache(CVE-2025-69872) and upgradingpython-multipartandprotobuffor additional CVEs.Adapt per session
💾 Session state persists across requests via
ctx.set_state()/ctx.get_state().ctx.enable_components()andctx.disable_components()let servers adapt dynamically per client — show admin tools after authentication, progressively reveal capabilities, or scope access by role.Develop faster
⚡
--reloadauto-restarts on file changes. Standalone decorators return the original function, so decorated tools stay callable in tests and non-MCP contexts. Sync functions auto-dispatch to a threadpool. Tool timeouts, MCP-compliant pagination, composable lifespans,PingMiddlewarefor keepalive, and concurrent tool execution when the LLM returns multiple calls in one response.Use FastMCP as a CLI
🖥️
fastmcp listandfastmcp callquery and invoke tools on any server from a terminal.fastmcp discoverscans your editor configs (Claude Desktop, Cursor, Goose, Gemini CLI) and finds configured servers by name.fastmcp generate-cliwrites a standalone typed CLI where every tool is a subcommand.fastmcp installregisters your server with Claude Desktop, Cursor, or Goose in one command.Build apps (3.1 preview)
📱 Spec-level support for MCP Apps is in:
ui://resource scheme, typed UI metadata viaAppConfig, extension negotiation, and runtime detection. The full Apps experience lands in 3.1.If you hit 3.0 because you didn't pin your dependencies and something breaks — the upgrade guides will get you sorted. We minimized breaking changes, but a major version is a major version.
📖 Documentation
🚀 Upgrade from FastMCP v2
🔀 Upgrade from MCP Python SDK
📰 What's New in FastMCP 3.0
What's Changed
New Features 🎉
fastmcp listandfastmcp callCLI commands by @jlowin in #3054fastmcp generate-clicommand by @jlowin in #3065Enhancements 🔧
fastmcp install stdiocommand by @jlowin in #3032fastmcp discoverand name-based server resolution by @jlowin in #3055Fixes 🐞
openapi_versionCheck So 3.1 Is Included by @deeleeramone in #2768Breaking Changes 🛫
fastmcp devtofastmcp dev inspectorby @jlowin in #3188Docs 📚
McpErrorexceptions by @ivanbelenky in #2656Dependencies 📦
Other Changes 🦾
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.