Skip to content

Bump fastmcp from 2.10.5 to 2.12.0#19

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/fastmcp-2.12.0
Closed

Bump fastmcp from 2.10.5 to 2.12.0#19
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/fastmcp-2.12.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Sep 1, 2025

Bumps fastmcp from 2.10.5 to 2.12.0.

Release notes

Sourced from fastmcp's releases.

v2.12.0: Auth to the Races

FastMCP 2.12 represents one of our most significant releases to date, both in scope and community involvement. After extensive testing and iteration with the community, we're shipping major improvements to authentication, configuration, and MCP feature adoption.

🔐 OAuth Proxy for Broader Provider Support addresses a fundamental challenge: while MCP requires Dynamic Client Registration (DCR), many popular OAuth providers don't support it. The new OAuth proxy bridges this gap, enabling FastMCP servers to authenticate with providers like GitHub, Google, WorkOS, and Azure through minimal configuration. These native integrations ship today, with more providers planned based on community needs.

📋 Declarative JSON Configuration introduces a standardized, portable way to describe and deploy MCP servers. The fastmcp.json configuration file becomes the single source of truth for dependencies, transport settings, entrypoints, and server metadata. This foundation sets the stage for future capabilities like transformations and remote sources, moving toward a world where MCP servers are as portable and shareable as container images.

🧠 Sampling API Fallback tackles the chicken-and-egg problem limiting adoption of advanced MCP features. Sampling—where servers request LLM completions from clients—is powerful but underutilized due to limited client support. FastMCP now lets server authors define fallback handlers that generate sampling completions server-side when clients don't support the feature, encouraging adoption while maintaining compatibility.

This release took longer than usual to ship, and for good reason: the community's aggressive testing and feedback on the authentication system helped us reach a level of stability we're confident in. There's certainly more work ahead, but these foundations position FastMCP to handle increasingly complex use cases while remaining approachable for developers.

Thank you to our new contributors and everyone who tested preview builds. Your feedback directly shaped these features.

What's Changed

New Features 🎉

Enhancements 🔧

... (truncated)

Changelog

Sourced from fastmcp's changelog.

title: "Changelog" icon: "list-check" rss: true

v2.12.0: Auth to the Races

This release introduces major authentication and configuration enhancements that make FastMCP more accessible and powerful for developers working with various identity providers and deployment scenarios.

OAuth Proxy: Broader Provider Support

The OAuth Proxy bridges the gap for authentication providers that don't support Dynamic Client Registration (DCR), a requirement for standard MCP OAuth flows. This feature enables seamless integration with major platforms that previously required complex workarounds.

Native integrations now available:

  • GitHub
  • Google
  • WorkOS
  • Azure

With the OAuth Proxy, you can authenticate users through these providers with minimal configuration, expanding the ecosystem of supported identity platforms and making FastMCP servers more accessible to enterprise environments.

Declarative JSON Configuration

The new fastmcp.json configuration system establishes a single source of truth for server settings, replacing scattered configuration across multiple files and environment variables.

Configure everything in one place:

  • Dependencies and requirements
  • Transport settings
  • Server entrypoints
  • Metadata and descriptions
  • Environment variables

This standardization not only simplifies deployment but also enables portable server descriptions that can be shared and reused across projects. The typed source system provides validation and autocompletion, reducing configuration errors.

Sampling API Fallback

Not all MCP clients support advanced features like the Sampling API for LLM completions. The new fallback mechanism solves this adoption challenge by allowing servers to generate sampling completions server-side when clients lack support.

This approach:

  • Maintains compatibility with all clients
  • Encourages feature adoption without breaking existing integrations
  • Provides a smooth upgrade path as client capabilities evolve

Breaking Changes

  • The inspect command now provides structured output with format options for better integration with tooling

Additional Enhancements

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump fastmcp from 2.10.5 to 2.12.0
704e76d 
Bumps [fastmcp](https://github.com/jlowin/fastmcp) from 2.10.5 to 2.12.0.
- [Release notes](https://github.com/jlowin/fastmcp/releases)
- [Changelog](https://github.com/jlowin/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v2.10.5...v2.12.0)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Sep 1, 2025
@dependabot dependabot bot mentioned this pull request Sep 1, 2025
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Oct 1, 2025

Superseded by #28.

@dependabot dependabot bot closed this Oct 1, 2025
@dependabot dependabot bot deleted the dependabot/pip/fastmcp-2.12.0 branch October 1, 2025 06:32
wasaga added a commit that referenced this pull request Jan 20, 2026
@wasaga
Bump pyasn1 from 0.6.1 to 0.6.2
2f92874 
Fixes Dependabot alert #19: pyasn1 has a DoS vulnerability in decoder
@wasaga wasaga mentioned this pull request Jan 20, 2026
Merged
1 task
wasaga added a commit that referenced this pull request Jan 20, 2026
@wasaga
Bump pyasn1 from 0.6.1 to 0.6.2 (#52)
de1c069 
## Summary
- Updates pyasn1 from 0.6.1 to 0.6.2

## Security
Fixes Dependabot alert #19: pyasn1 has a DoS vulnerability in decoder

## Test plan
- [ ] CI passes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants