feat(mcp): bump fastmcp minimum to 3.2.4 for security fixes#39349
feat(mcp): bump fastmcp minimum to 3.2.4 for security fixes#39349aminghadersohi wants to merge 3 commits intoapache:masterfrom
Conversation
Bumps the lower bound of the fastmcp optional dependency from >=3.1.0 to >=3.2.4. The 3.2.1-3.2.4 releases include: - Security: FileUpload size validation bypass, proxy header leak fix, AuthKit audience binding per RFC 8707 - Bug fixes: json_schema_to_type crashes on Python keywords/boolean schemas/empty enums, Gemini 2.5 Flash compatibility - Auth improvements: Better JWT rejection logging, consent cookie LRU cap at 25, upstream_claims propagation in OAuthProxy
Code Review Agent Run #d81bafActionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
Run uv-pip-compile to update resolved dependency versions after bumping fastmcp lower bound to >=3.2.4.
![codeant-ai-for-open-source[bot]](https://avatars.githubusercontent.com/u/151810221?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the optional fastmcp dependency minimum version to pull in upstream security fixes, and regenerates pinned requirement files using a Python 3.11 solve.
Changes:
- Bump
fastmcpoptional extra lower bound from>=3.1.0to>=3.2.4. - Refresh pinned dependency sets in
requirements/*.txt, including new/removed transitive pins. - Update the recorded
uv pip compilecommands to include--python-version 3.11.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| requirements/translations.txt | Regenerated lock header to indicate a Python 3.11 compile. |
| requirements/development.txt | Pins fastmcp==3.2.4 and refreshes transitive dev dependencies. |
| requirements/base.txt | Updates compile header and adjusts pinned transitive dependency annotations. |
| pyproject.toml | Raises fastmcp extra minimum version to 3.2.4. |
Re-run scripts/uv-pip-compile.sh inside Docker (Python 3.11 on Linux) to produce lockfiles consistent with CI. Previous local compile on macOS missed Linux-only deps (secretstorage, jeepney) and included Python <3.11 deps (async-timeout, tomli) that don't apply.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #39349 +/- ##
=======================================
Coverage 64.45% 64.45%
=======================================
Files 2555 2555
Lines 132721 132721
Branches 30802 30802
=======================================
Hits 85539 85539
Misses 45696 45696
Partials 1486 1486
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Code Review Agent Run #3338f0Actionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
SUMMARY
Bumps the lower bound of the
fastmcpoptional dependency from>=3.1.0to>=3.2.4and regenerates pinned requirements viascripts/uv-pip-compile.sh.The 3.2.1–3.2.4 releases include:
json_schema_to_typecrashes on Python keywords/boolean schemas/empty enums, Gemini 2.5 Flash compatibility restoredLockfile changes: Running
uv-pip-compile.shbumpsfastmcpfrom 3.1.0 to 3.2.4 indevelopment.txtand adds its new transitive dependencygriffelib. Other minor comment-level changes in the lockfiles are from the resolver re-evaluating dependency annotations.BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A — dependency version bump only.
TESTING INSTRUCTIONS
pip install "apache-superset[fastmcp]"fastmcp>=3.2.4is installedADDITIONAL INFORMATION