chore: bump the patch-updates group across 1 directory with 5 updates

[dependabot]

Bumps the patch-updates group with 5 updates in the / directory:

Package	From	To
rapidfuzz	3.14.3	3.14.5
fastmcp	3.2.0	3.2.4
mypy	1.20.0	1.20.1
ruff	0.15.9	0.15.10
commitizen	4.13.9	4.13.10

Updates rapidfuzz from 3.14.3 to 3.14.5

Release notes

Sourced from rapidfuzz's releases.

Release 3.14.5

Fixed

• fix release ci attempting to upload a pyodide wheel

Release 3.14.4

Added

• add risc64 wheels
• add support for taskflow 4.0.0

Changed

• upgrade to Cython==3.2.4.

Fixed

• fix type hints for extractOne when no score_cutoff is provided

Changelog

Sourced from rapidfuzz's changelog.

Changelog

[3.14.5] - 2026-08-07 ^^^^^^^^^^^^^^^^^^^^^ Fixed

* fix release ci attempting to upload a pyodide wheel
[3.14.4] - 2026-04-06
^^^^^^^^^^^^^^^^^^^^^
Added

• add risc64 wheels
• add support for taskflow 4.0.0

Changed

* upgrade to ``Cython==3.2.4``.
Fixed
* fix type hints for extractOne when no score_cutoff is provided
[3.14.3] - 2025-11-01

^^^^^^^^^^^^^^^^^^^^^

Fixed



add missing pypy and freethreaded linux wheels

Removed

• drop s390x and ppc64le wheels since they are virtually unused and require extremly long to build under emulation

[3.14.2] - 2025-10-30 ^^^^^^^^^^^^^^^^^^^^^ Changed

* upgrade to ``Cython==3.1.6``
* enable free threading
[3.14.1] - 2025-09-08
^^^^^^^^^^^^^^^^^^^^^
Fixed
* Fully disable line tracing in release builds
[3.14.0] - 2025-08-27

^^^^^^^^^^^^^^^^^^^^^

Changed

</tr></table>

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/edf9f3c2d016c878dae1511301f8b4a501bba871&quot;&gt;&lt;code&gt;edf9f3c&lt;/code&gt;&lt;/a> fix release ci</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/3d8470bf60062dda5c200517f61a8ff43e3e9ef2&quot;&gt;&lt;code&gt;3d8470b&lt;/code&gt;&lt;/a> enable verbose publish</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/7fd4ee202b5e3cc9f158f505a33d934a68c14148&quot;&gt;&lt;code&gt;7fd4ee2&lt;/code&gt;&lt;/a> Bump the github-actions group across 1 directory with 3 updates</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/9691cf1bf985eaf59f6c968f3d7cd8e59054ebaa&quot;&gt;&lt;code&gt;9691cf1&lt;/code&gt;&lt;/a> tag release</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/fd16748843be7d1a4842604fa3429e3943e80e5c&quot;&gt;&lt;code&gt;fd16748&lt;/code&gt;&lt;/a> ci: switch riscv64 from QEMU to native RISE runner</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/7f7d58b91a2716eaaec939a72b476ab1bf1ead1b&quot;&gt;&lt;code&gt;7f7d58b&lt;/code&gt;&lt;/a> ci: add riscv64 wheel builds via QEMU</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/f4b56942bdbbb99bba556656ea8a0aef1e8c12f0&quot;&gt;&lt;code&gt;f4b5694&lt;/code&gt;&lt;/a> Bump pypa/cibuildwheel from 3.3.1 to 3.4.0 in the github-actions group</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/f2873ce9868285eca1d05d8645791d76a2b545fe&quot;&gt;&lt;code&gt;f2873ce&lt;/code&gt;&lt;/a> Bump the github-actions group across 1 directory with 3 updates</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/4e48509d858454ea994521f90ae8c5d66eb15073&quot;&gt;&lt;code&gt;4e48509&lt;/code&gt;&lt;/a> support Taskflow 4.0.0</li>

<li><a href="https://github.com/rapidfuzz/RapidFuzz/commit/70480396a66fadabd897407ce289978dec2c13c0&quot;&gt;&lt;code&gt;7048039&lt;/code&gt;&lt;/a> Bump the github-actions group across 1 directory with 4 updates</li>

<li>Additional commits viewable in <a href="https://github.com/rapidfuzz/RapidFuzz/compare/v3.14.3...v3.14.5&quot;&gt;compare view</a></li>

</ul>

</details>
<br />

Updates fastmcp from 3.2.0 to 3.2.4

Release notes
Sourced from fastmcp's releases.

v3.2.4: Patch Me If You Can
A grab bag of fixes, hardening, and polish.
The headline behavior change: background tasks are now scoped to the authorization context rather than the MCP session, so a task kicked off by an authenticated user survives session churn and stays tied to who started it. This is a breaking change for anyone relying on the old session-scoped semantics.
Security got three meaningful upgrades. FileUpload now validates actual decoded base64 size instead of trusting the client-reported number, so an attacker can't claim "10 bytes" and deliver 10MB. The proxy client stops forwarding inbound HTTP headers to unrelated remote servers — previously a header meant for server A could leak to server B. And AuthKit now auto-binds token audience to the resource URL per RFC 8707, closing a token-reuse gap across MCP resources.
Schema handling had a rough-edges pass. json_schema_to_type no longer crashes on Python keywords, boolean schemas, empty enums, or name collisions, and we added a 232K-schema crash test from APIs.guru to keep it honest. Gemini 2.5 Flash compatibility is fixed by stripping title fields the model rejects. Parameter descriptions are now extracted from docstrings automatically, so your tool signatures document themselves.
Plus a Keycloak OAuth provider for enterprise auth, improvements to ctx.elicit() (new response_title/response_description, deprecation warning when called without response_type), and dozens of smaller fixes across transforms, retry middleware, resource templates, and client disconnect handling.

What's Changed
Breaking Changes ⚠️

Scope tasks to authorization context, not session by @​chrisguidry in PrefectHQ/fastmcp#3800

Enhancements ✨

Bump pydocket>=0.19.0, drop fakeredis pin by @​chrisguidry in PrefectHQ/fastmcp#3822
Add real-world schema crash test (232K schemas from APIs.guru) by @​strawgate in PrefectHQ/fastmcp#3826
Enable 7 zero-violation ruff rules by @​strawgate in PrefectHQ/fastmcp#3841
Promote 7 ty rules from ignore to warn by @​strawgate in PrefectHQ/fastmcp#3852
Replace ___ with hash-based backend tool routing and per-tool prefab resources by @​jlowin in PrefectHQ/fastmcp#3824
Enable 4 ruff rules (DTZ, ERA, ISC, INP) and fix 9 violations by @​strawgate in PrefectHQ/fastmcp#3842
Extract parameter descriptions from docstrings by @​jlowin in PrefectHQ/fastmcp#3872
ci: speed up schema crash test (CSafeLoader + xdist-safe aggregation) by @​jlowin in PrefectHQ/fastmcp#3873
test: bump OpenAPI init perf threshold to 200ms for Windows CI by @​jlowin in PrefectHQ/fastmcp#3879
refactor: unify object-schema conversion through _object_schema_to_type by @​jlowin in PrefectHQ/fastmcp#3884
Add Keycloak OAuth Provider for Enterprise Authentication and local dev by @​stephaneberle9 in PrefectHQ/fastmcp#1937
Allow auth providers to override protected resource base URLs by @​aaazzam in PrefectHQ/fastmcp#3900
Enable PERF and T20 ruff rules by @​strawgate in PrefectHQ/fastmcp#3845
Add response_title and response_description to ctx.elicit() by @​jlowin in PrefectHQ/fastmcp#3912
Deprecate ctx.elicit() without response_type by @​jlowin in PrefectHQ/fastmcp#3916

Security 🔒

Validate actual base64 data size in FileUpload, not client-reported size by @​strawgate in PrefectHQ/fastmcp#3816
Stop forwarding inbound HTTP headers to unrelated remote servers by @​jlowin in PrefectHQ/fastmcp#3837
AuthKit: auto-bind token audience to resource URL (RFC 8707) by @​jlowin in PrefectHQ/fastmcp#3905

Fixes 🐞

Version-check is_docket_available() to avoid transitive pydocket crash by @​jlowin in PrefectHQ/fastmcp#3807
fix: materialize generators before result conversion, handle bytes gracefully by @​strawgate in PrefectHQ/fastmcp#3830
Fix json_schema_to_type crashes on keywords, boolean schemas, empty enums, and name collisions by @​strawgate in PrefectHQ/fastmcp#3818
fix: replace or with is not None checks for config/override merging by @​strawgate in PrefectHQ/fastmcp#3833
fix: TransformedTool sync fn crash and schema mutation by @​strawgate in PrefectHQ/fastmcp#3823
fix: cross-provider duplicate detection, error visibility, mask propagation by @​strawgate in PrefectHQ/fastmcp#3827
fix: don't pass HTTP kwargs when transport is unspecified by @​strawgate in PrefectHQ/fastmcp#3838
fix: strip title fields from tool schemas for Gemini 2.5 Flash compatibility by @​strawgate in PrefectHQ/fastmcp#3861
fix: retry when LLM returns text instead of calling final_response by @​strawgate in PrefectHQ/fastmcp#3850
Raise on unhandled content types in sampling handler dispatch chains by @​strawgate in PrefectHQ/fastmcp#3857
Fix broken code examples in docs by @​strawgate in PrefectHQ/fastmcp#3869
fix: GoogleGenaiSamplingHandler leaks thought parts and gives unhelpful errors on empty responses by @​strawgate in PrefectHQ/fastmcp#3849



... (truncated)


Commits

7d76074 Stop pydantic 2.13 from leaking _WrappedResult docstring into tool output sch...
b732a4a Overhaul apps docs (#3915)
5c2ff1b chore: Update SDK documentation (#3914)
f4f2ec0 Deprecate ctx.elicit() without response_type (#3916)
338b80c chore(deps): bump the uv group across 2 directories with 1 update (#3913)
110cd3a Add response_title and response_description to ctx.elicit() (#3912)
3117846 chore: Update SDK documentation (#3909)
031c7e0 Fix RetryMiddleware not retrying tool errors (#3858)
200d79e Enable PERF and T20 ruff rules (#3845)
82f310f AuthKit: auto-bind token audience to resource URL (RFC 8707) (#3905)
Additional commits viewable in compare view




Updates mypy from 1.20.0 to 1.20.1

Changelog
Sourced from mypy's changelog.

Mypy 1.20.1

Always disable sync in SQLite cache (Ivan Levkivskyi, PR 21184)
Temporarily skip few base64 tests (Ivan Levkivskyi, PR 21193)
Revert dict.__or__ typeshed change (Ivan Levkivskyi, PR 21186)
Fix narrowing for match case with variadic tuples (Shantanu, PR 21192)
Avoid narrowing type[T] in type calls (Shantanu, PR 21174)
Fix regression for catching empty tuple in except (Shantanu, PR 21153)
Fix reachability for frozenset and dict view narrowing (Shantanu, PR 21151)
Fix narrowing with chained comparison (Shantanu, PR 21150)
Avoid narrowing to unreachable at module level (Shantanu, PR 21144)
Allow dangerous identity comparisons to Any typed variables (Shantanu, PR 21142)
--warn-unused-config should not be a strict flag (Ivan Levkivskyi, PR 21139)

Acknowledgements
Thanks to all mypy contributors who contributed to this release:

A5rocks
Aaron Wieczorek
Adam Turner
Ali Hamdan
asce
BobTheBuidler
Brent Westbrook
Brian Schubert
bzoracler
Chris Burroughs
Christoph Tyralla
Colin Watson
Donghoon Nam
E. M. Bray
Emma Smith
Ethan Sarp
George Ogden
getzze
grayjk
Gregor Riepl
Ivan Levkivskyi
James Hilliard
James Le Cuirot
Jeremy Nimmer
Joren Hammudoglu
Kai (Kazuya Ito)
kaushal trivedi
Kevin Kannammalil
Lukas Geiger
Łukasz Langa
Marc Mueller
Michael R. Crusoe
michaelm-openai



... (truncated)


Commits

c60e8bf Bump version to 1.20.1
842e492 Always disable sync in SQLite cache (#21184)
e82a046 Temporarily skip few base64 tests (#21193)
f7fa418 Revert dict.or typeshed change (#21186)
a2e8ee1 Fix narrowing for match case with variadic tuples (#21192)
521f88f Avoid narrowing type[T] in type calls (#21174)
a4876e9 Fix regression for catching empty tuple in except (#21153)
6fccffc Fix reachability for frozenset and dict view narrowing (#21151)
de50419 Fix narrowing with chained comparison (#21150)
eafcf18 Avoid narrowing to unreachable at module level (#21144)
Additional commits viewable in compare view




Updates ruff from 0.15.9 to 0.15.10

Release notes
Sourced from ruff's releases.

0.15.10
Release Notes
Released on 2026-04-09.
Preview features

[flake8-logging] Allow closures in except handlers (LOG004) (#24464)
[flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
[flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
Strip form feeds from indent passed to dedent_to (#24381)
[pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

[ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

Add support for custom file extensions (#24463)

Documentation

Document adding fixes in CONTRIBUTING.md (#24393)
Fix JSON typo in settings example (#24517)

Contributors

@​charliermarsh
@​dylwil3
@​silverstein
@​anishgirianish
@​shizukushq
@​zanieb
@​AlexWaygood

Install ruff 0.15.10
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh | sh



... (truncated)


Changelog
Sourced from ruff's changelog.

0.15.10
Released on 2026-04-09.
Preview features

[flake8-logging] Allow closures in except handlers (LOG004) (#24464)
[flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
[flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)

Bug fixes

Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
Strip form feeds from indent passed to dedent_to (#24381)
[pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
Reject multi-line f-string elements before Python 3.12 (#24355)

Rule changes

[ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)

Server

Add support for custom file extensions (#24463)

Documentation

Document adding fixes in CONTRIBUTING.md (#24393)
Fix JSON typo in settings example (#24517)

Contributors

@​charliermarsh
@​dylwil3
@​silverstein
@​anishgirianish
@​shizukushq
@​zanieb
@​AlexWaygood




Commits

252f761 Bump 0.15.10 (#24519)
37a1ec8 [ty] Fix assignability of intersections with bounded typevars (#24502)
f518cc9 [ty] Allow partially stringified type[…] annotations (#24518)
16c4090 docs: fix JSON typo in settings example (#24517)
99d97bd [ty] Tighten up a few edge cases in Concatenate type-expression parsing (#2...
2714e34 [ty] Enable pull-diagnostics by default in E2E tests (#24516)
d8bc700 LSP: Add support for custom extensions (#24463)
a45f96d [ty] stop special-casing str constructor (#24514)
87a0f01 [ruff] Treat f-string interpolation as potential side effect in RUF019 (#24426)
e9ba848 [ty] Fix excess subscript argument inference for non-generic types (#24354)
Additional commits viewable in compare view




Updates commitizen from 4.13.9 to 4.13.10

Commits

b5d5040 bump: version 4.13.9 → 4.13.10
4879df3 ci(bump): fix email generation
70c0c1f docs(cli/screenshots): update CLI screenshots
8eff981 ci: fix email for commitizenbot
61926a7 docs(cli/screenshots): update CLI screenshots
042a089 fix(ci): use commitizen bot to push tags and commits
a06ce0c docs(cli/screenshots): update CLI screenshots
97fb356 ci: use setup-cz
9abbdbd fix(init): set semver2 as default if not python
33b69c3 docs: improve readability
Additional commits viewable in compare view