deps(python): bump the python-minor group with 4 updates

[dependabot]

Bumps the python-minor group with 4 updates: fastapi, fastmcp, anthropic and ruff.

Updates fastapi from 0.128.0 to 0.128.6

Release notes

Sourced from fastapi's releases.

0.128.6

Fixes

• 🐛 Fix on_startup and on_shutdown parameters of APIRouter. PR #14873 by @​YuriiMotov.

Translations

• 🌐 Update translations for zh (update-outdated). PR #14843 by @​tiangolo.

Internal

• ✅ Fix parameterized tests with snapshots. PR #14875 by @​YuriiMotov.

0.128.5

Refactors

• ♻️ Refactor and simplify Pydantic v2 (and v1) compatibility internal utils. PR #14862 by @​tiangolo.

Internal

• ✅ Add inline snapshot tests for OpenAPI before changes from Pydantic v2. PR #14864 by @​tiangolo.

0.128.4

Refactors

• ♻️ Refactor internals, simplify Pydantic v2/v1 utils, create_model_field, better types for lenient_issubclass. PR #14860 by @​tiangolo.
• ♻️ Simplify internals, remove Pydantic v1 only logic, no longer needed. PR #14857 by @​tiangolo.
• ♻️ Refactor internals, cleanup unneeded Pydantic v1 specific logic. PR #14856 by @​tiangolo.

Translations

• 🌐 Update translations for fr (outdated pages). PR #14839 by @​YuriiMotov.
• 🌐 Update translations for tr (outdated and missing). PR #14838 by @​YuriiMotov.

Internal

• ⬆️ Upgrade development dependencies. PR #14854 by @​tiangolo.

0.128.3

Refactors

• ♻️ Re-implement on_event in FastAPI for compatibility with the next Starlette, while keeping backwards compatibility. PR #14851 by @​tiangolo.

Upgrades

• ⬆️ Upgrade Starlette supported version range to starlette>=0.40.0,<1.0.0. PR #14853 by @​tiangolo.

Translations

• 🌐 Update translations for ru (update-outdated). PR #14834 by @​tiangolo.

... (truncated)

Commits

• fbca586 📝 Update release notes
• 4e87979 📝 Update release notes
• 0a4033a 🔖 Release version 0.128.6
• ed2512a 🐛 Fix on_startup and on_shutdown parameters of APIRouter (#14873)
• 0c0f633 📝 Update release notes
• 227cb85 ✅ Fix parameterized tests with snapshots (#14875)
• cd31576 📝 Update release notes
• 376e108 🌐 Update translations for zh (update-outdated) (#14843)
• dedf140 🔖 Release version 0.128.5
• 79d4dfb 📝 Update release notes
• Additional commits viewable in compare view

Updates fastmcp from 2.14.4 to 2.14.5

Release notes

Sourced from fastmcp's releases.

v2.14.5: Sealed Docket

Fixes a memory leak in the memory:// docket broker where cancelled tasks accumulated instead of being cleaned up. Bumps pydocket to ≥0.17.2.

What's Changed

Enhancements 🔧

• Bump pydocket to 0.17.2 (memory leak fix) by @​chrisguidry in jlowin/fastmcp#2992

Docs 📚

• Add release notes for v2.14.4 and v2.14.5 by @​jlowin in jlowin/fastmcp#3063

Full Changelog: PrefectHQ/fastmcp@v2.14.4...v2.14.5

Changelog

Sourced from fastmcp's changelog.

---

title: "Changelog" icon: "list-check" rss: true

v3.0.0b1: This Beta Work

FastMCP 3.0 rebuilds the framework around three primitives: components, providers, and transforms. Providers source components dynamically—from decorators, filesystems, OpenAPI specs, remote servers, or anywhere else. Transforms modify components as they flow to clients—renaming, namespacing, filtering, securing. The features that required specialized subsystems in v2 now compose naturally from these building blocks.

🔌 Provider Architecture unifies how components are sourced. FileSystemProvider discovers decorated functions from directories with optional hot-reload. SkillsProvider exposes agent skill files as MCP resources. OpenAPIProvider and ProxyProvider get cleaner integrations. Providers are composable—share one across servers, or attach many to one server.

🔄 Transforms add middleware for components. Namespace mounted servers, rename verbose tools, filter by version, control visibility—all without touching source code. ResourcesAsTools and PromptsAsTools expose non-tool components to tool-only clients.

📋 Component Versioning lets you register @tool(version="2.0") alongside older versions. Clients see the highest version by default but can request specific versions. VersionFilter serves different API versions from one codebase.

💾 Session-Scoped State persists across requests. await ctx.set_state() and await ctx.get_state() now survive the full session. Per-session visibility via ctx.enable_components() lets servers adapt dynamically to each client.

⚡ DX Improvements include --reload for auto-restart during development, automatic threadpool dispatch for sync functions, tool timeouts, pagination for large component lists, and OpenTelemetry tracing.

🔐 Component Authorization via @tool(auth=require_scopes("admin")) and AuthMiddleware for server-wide policies.

Breaking changes are minimal: for most servers, updating the import statement is all you need. See the migration guide for details.

What's Changed

New Features 🎉

• Refactor resource behavior and add meta support by @​jlowin in #2611
• Refactor prompt behavior and add meta support by @​jlowin in #2610
• feat: Provider abstraction for dynamic MCP components by @​jlowin in #2622
• Unify component storage in LocalProvider by @​jlowin in #2680
• Introduce ResourceResult as canonical resource return type by @​jlowin in #2734
• Introduce Message and PromptResult as canonical prompt types by @​jlowin in #2738
• Add --reload flag for auto-restart on file changes by @​jlowin in #2816
• Add FileSystemProvider for filesystem-based component discovery by @​jlowin in #2823
• Add standalone decorators and eliminate fastmcp.fs module by @​jlowin in #2832
• Add authorization checks to components and servers by @​jlowin in #2855
• Decorators return functions instead of component objects by @​jlowin in #2856
• Add transform system for modifying components in provider chains by @​jlowin in #2836
• Add OpenTelemetry tracing support by @​chrisguidry in #2869
• Add component versioning and VersionFilter transform by @​jlowin in #2894
• Add version discovery and calling a certain version for components by @​jlowin in #2897
• Refactor visibility to mark-based enabled system by @​jlowin in #2912
• Add session-specific visibility control via Context by @​jlowin in #2917
• Add Skills Provider for exposing agent skills as MCP resources by @​jlowin in #2944

Enhancements 🔧

• Convert mounted servers to MountedProvider by @​jlowin in #2635
• Simplify .key as computed property by @​jlowin in #2648
• Refactor MountedProvider into FastMCPProvider + TransformingProvider by @​jlowin in #2653

... (truncated)

Commits

• 21221b4 Add release notes for v2.14.4 and v2.14.5 (#3063)
• 7d32409 Merge pull request #2992 from jlowin/pydocket-github-validation
• 65d6f06 Bump pydocket to >=0.17.2
• 5f68078 Bump pydocket to >=0.17.2b3
• 0afa029 Make read_resource test flexible for MCP version differences
• 7ad97d9 Update test snapshot for MCP 1.26.0 serialization change
• cd0274c Bump pydocket to >=0.17.2b2
• f1a89eb Bump pydocket to >=0.17.2b1
• c9ed36e Point to fix-cancellation-handling branch
• 8cec853 Point to fix-redis-connection-guards branch
• Additional commits viewable in compare view

Updates anthropic from 0.77.0 to 0.79.0

Release notes

Sourced from anthropic's releases.

v0.79.0

0.79.0 (2026-02-07)

Full Changelog: v0.78.0...v0.79.0

Features

• api: enabling fast-mode in claude-opus-4-6 (5953ba7)

Bug Fixes

• pass speed parameter through in sync beta count_tokens (1dd6119)

v0.78.0

0.78.0 (2026-02-05)

Full Changelog: v0.77.1...v0.78.0

Features

• api: Release Claude Opus 4.6, adaptive thinking, and other features (3ef1529)

v0.77.1

0.77.1 (2026-02-03)

Full Changelog: v0.77.0...v0.77.1

Bug Fixes

• structured outputs: send structured output beta header when format is omitted (#1158) (258494e)

Chores

• remove claude-code-review workflow (#1338) (aec4512)

Changelog

Sourced from anthropic's changelog.

0.79.0 (2026-02-07)

Full Changelog: v0.78.0...v0.79.0

Features

• api: enabling fast-mode in claude-opus-4-6 (5953ba7)

Bug Fixes

• pass speed parameter through in sync beta count_tokens (1dd6119)

0.78.0 (2026-02-05)

Full Changelog: v0.77.1...v0.78.0

Features

• api: Release Claude Opus 4.6, adaptive thinking, and other features (3ef1529)

0.77.1 (2026-02-03)

Full Changelog: v0.77.0...v0.77.1

Bug Fixes

• structured outputs: send structured output beta header when format is omitted (#1158) (258494e)

Chores

• remove claude-code-review workflow (#1338) (aec4512)

Commits

• cd1b39b release: 0.79.0
• fb52a6a fix: pass speed parameter through in sync beta count_tokens
• b7c2df2 feat(api): enabling fast-mode in claude-opus-4-6
• 7c42e4b Update CHANGELOG.md (#1163)
• f2b61ed release: 0.78.0
• a4a29ca feat(api): manual updates
• 3955600 release: 0.77.1
• eca8ddf fix(structured outputs): send structured output beta header when format is om...
• ee44c52 chore: remove claude-code-review workflow (#1338)
• See full diff in compare view

Updates ruff from 0.14.14 to 0.15.0

Release notes

Sourced from ruff's releases.

0.15.0

Release Notes

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)
• missing-maxsplit-arg (PLC0207)
• unnecessary-lambda (PLW0108)
• unnecessary-empty-iterable-within-deque-call (RUF037)
• in-empty-collection (RUF060)
• legacy-form-pytest-raises (RUF061)
• non-octal-permissions (RUF064)

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.0

Released on 2026-02-03.

Check out the blog post for a migration guide and overview of the changes!

Breaking changes

• Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post for a detailed list of changes.

• The linter now supports block suppression comments. For example, to suppress N803 for all parameters in this function:

  # ruff: disable[N803]
  def foo(
      legacyArg1,
      legacyArg2,
      legacyArg3,
      legacyArg4,
  ): ...
  # ruff: enable[N803]

  See the documentation for more details.

• The ruff:alpine Docker image is now based on Alpine 3.23 (up from 3.21).

• The ruff:debian and ruff:debian-slim Docker images are now based on Debian 13 "Trixie" instead of Debian 12 "Bookworm."

• Binaries for the ppc64 (64-bit big-endian PowerPC) architecture are no longer included in our releases. It should still be possible to build Ruff manually for this platform, if needed.

• Ruff now resolves all extended configuration files before falling back on a default Python version.

Stabilization

The following rules have been stabilized and are no longer in preview:

• blocking-http-call-httpx-in-async-function (ASYNC212)
• blocking-path-method-in-async-function (ASYNC240)
• blocking-input-in-async-function (ASYNC250)
• map-without-explicit-strict (B912)
• if-exp-instead-of-or-operator (FURB110)
• single-item-membership-test (FURB171)

... (truncated)

Commits

• ce5f7b6 Bump 0.15.0 (#23055)
• b4e40f5 [ty] Fix __contains__ to respect descriptors (#23056)
• 848cb72 [ty] Fix narrowing of nonlocal variables with conditional assignments (#22966)
• da7f33a [ty] Add a diagnostic for Final without assignment (#23001)
• e65f9a6 Document markdown formatting feature (#22990)
• c0c1b98 Format markdown code blocks with line-by-line regex parse (#22996)
• 9f8f3e1 Allow positional-only params with defaults in method overrides (#23037)
• ef83810 [ty] ecosystem-analyzer: Support bare git repositories (#23054)
• 54dfee4 Customize where the fix_title sub-diagnostic appears (#23044)
• b534607 2026 Ruff Formatter Style (#22735)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions