chore(deps): update python dependencies (non-major) to v1.23.0 [security]

[utic-renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
mcp	project.dependencies	minor	1.13.1 → 1.23.0

GitHub Vulnerability Alerts

CVE-2025-66416

Description

The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.

Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.

Servers created via FastMCP() now have DNS rebinding protection enabled by default when the host parameter is 127.0.0.1 or localhost. Users are advised to update to version 1.23.0 to receive this automatic protection. Users with custom low-level server configurations using StreamableHTTPSessionManager or SseServerTransport directly should explicitly configure TransportSecuritySettings when running an unauthenticated server on localhost.

---

Release Notes

modelcontextprotocol/python-sdk (mcp)

v1.23.0

Compare Source

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

• Add tests for JSON Schema 2020-12 field preservation (SEP-1613) by @​felixweinberger in #​1649
• Add client_secret_basic authentication support by @​jonshea in #​1334
• Implement SEP-1577 - Sampling With Tools by @​ochafik in #​1594
• SEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by @​chughtapan in #​1246
• [auth][conformance] add conformance auth client by @​pcarleton in #​1640
• Implement SEP-986: Tool name validation by @​felixweinberger in #​1655
• fix: url for spec by @​felixweinberger in #​1659
• feat: implement SEP-991 URL-based client ID (CIMD) support by @​pcarleton in #​1652
• Update doc string on custom_route by @​pcarleton in #​1660
• Implement SEP-1036: URL mode elicitation for secure out-of-band interactions by @​cbcoutinho in #​1580
• Skip empty SSE data to avoid parsing errors by @​felixweinberger in #​1670
• SEP-1686: Tasks by @​maxisbey in #​1645
• Add on_session_created callback option by @​crondinini-ant in #​1710
• Add SSE polling support (SEP-1699) by @​felixweinberger in #​1654
• Support client_credentials flow with JWT and Basic auth by @​pcarleton in #​1663
• feat: backwards-compatible create_message overloads for SEP-1577 by @​felixweinberger in #​1713
• Auto-enable DNS rebinding protection for localhost servers by @​pcarleton (d3a1841)

New Contributors

• @​ochafik made their first contribution in #​1594

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

v1.22.0

Compare Source

What's Changed

• feat: Pass through and expose additional parameters in ClientSessionGroup.call_tool and .connect_to_server by @​inaku-Gyan in #​1576
• chore: Lazy import jsonschema library by @​wuliang229 in #​1596
• docs: Update examples to use stateless HTTP with JSON responses by @​domdomegg in #​1499

New Contributors

• @​wuliang229 made their first contribution in #​1596

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.22.0

v1.21.2

Compare Source

Hotfix Release

This is a hotfix release to address a critical bug in OAuth scope handling that caused failures on 401 responses.

Related:

• #​1630
• #​1632

What's Changed

• fix get_client_metadata_scopes on 401 by @​abliznyuk in #​1631

New Contributors

• @​abliznyuk made their first contribution in #​1631

Full Changelog: modelcontextprotocol/python-sdk@v1.21.1...v1.21.2

v1.21.1

Compare Source

What's Changed

• Add everything-server for comprehensive MCP conformance testing by @​felixweinberger in #​1587
• Get baseline 100% clean coverage by @​maxisbey in #​1553
• Add end-of-file-fixer pre-commit hook by @​maxisbey in #​1610
• Add coverage baseline commit to git-blame-ignore by @​maxisbey in #​1613
• Add SEP-1034 conformance test support to everything-server by @​felixweinberger in #​1604
• refactor: extract OAuth helper functions and simplify provider state by @​maxisbey in #​1586
• Add client_id_metadata_document_supported to OAuthMetadata by @​maxisbey in #​1603
• Fix OAuth discovery fallback and URL ordering by @​maxisbey in #​1624
• Refactor func_metadata() implementation by @​Viicos in #​1496
• Fix CI highest resolution test to actually test highest versions by @​maxisbey in #​1609

New Contributors

• @​Viicos made their first contribution in #​1496

Full Changelog: modelcontextprotocol/python-sdk@v1.21.0...v1.21.1

v1.21.0

Compare Source

What's Changed

• docs: use article "an" before "MCP" instead of "a" by @​koic in #​1558
• Update Starlette to 0.49.1 in uv.lock by @​ColeMurray in #​1559
• Fix typo in ClientSessionGroup doc string by @​inaku-Gyan in #​1572
• Implement SEP-985: OAuth Protected Resource Metadata discovery fallback by @​cbcoutinho in #​1548
• Add --frozen flag to uv run commands in Claude config by @​maxisbey in #​1583
• Add get_server_capabilities() to ClientSession by @​crondinini-ant in #​1588

New Contributors

• @​koic made their first contribution in #​1558
• @​ColeMurray made their first contribution in #​1559
• @​inaku-Gyan made their first contribution in #​1572
• @​cbcoutinho made their first contribution in #​1548
• @​crondinini-ant made their first contribution in #​1588

Full Changelog: modelcontextprotocol/python-sdk@v1.20.0...v1.21.0

v1.20.0

Compare Source

What's Changed

• Relax Accept header requirement for JSON-only responses by @​domdomegg in #​1500
• fix: replace deprecated dev-dependencies in examples/clients by @​yukuanj in #​1518
• fix: Update spec links to new modelcontextprotocol.io location by @​maxisbey in #​1491
• fix: Replace fixed sleep with active server readiness check in SSE tests by @​maxisbey in #​1526
• fix: Replace arbitrary sleeps with active server readiness checks in tests by @​maxisbey in #​1527
• Fix flaky timeout test in test_88_random_error by @​maxisbey in #​1525
• fix: Replace remaining manual server polling with wait_for_server helper by @​maxisbey in #​1529
• Implement RFC 7523 JWT flows by @​LucaButBoring in #​1247
• Fix pyright error and replace wildcard import with explicit imports by @​maxisbey in #​1532
• Fix auth client example URL handling for oauth provider by @​pcarleton in #​1549

New Contributors

• @​domdomegg made their first contribution in #​1500
• @​pcarleton made their first contribution in #​1549

Full Changelog: modelcontextprotocol/python-sdk@v1.19.0...v1.20.0

v1.19.0

Compare Source

What's Changed

• feat: add tool metadata in FastMCP.tool decorator by @​mat-octave in #​1463
• Make client examples workspaces to reflect package code by @​LucaButBoring in #​1466
• Expose RequestParams._meta in ClientSession.call_tool by @​samchenatti in #​1231
• Allow CallToolResult to be returned directly to support _meta field for OpenAI Apps by @​BrandonShar in #​1459
• fix: uv CVE-2025-62518 astral-tokio-tar issue GHSA-j5gw-2vrg-8fgx by @​cclauss in #​1505
• fix: use proper dependency resolution in CI by @​felixweinberger in #​1507
• Upgrade GitHub Actions by @​cclauss in #​1473
• test: use errno.ENOENT for command not found assertion by @​mingo1996 in #​1498
• Replace deprecated dev-dependencies with dependency-groups by @​yukuanj in #​1488
• update uv to 0.9.5 by @​maxisbey in #​1510

New Contributors

• @​mat-octave made their first contribution in #​1463
• @​samchenatti made their first contribution in #​1231
• @​BrandonShar made their first contribution in #​1459
• @​mingo1996 made their first contribution in #​1498

Full Changelog: modelcontextprotocol/python-sdk@v1.18.0...v1.19.0

v1.18.0

Compare Source

What's Changed

• [client] Implement MCP OAuth scope selection and step-up authorization by @​dogacancolak in #​1324
• Handles message type Exception in lowlevel/server.py _handle_message function. Mentioned as TODO on line 528. by @​AishwaryaKalloli in #​786
• Fix workspace configuration error with structured_output_lowlevel.py by @​felixweinberger in #​1471
• fix: Remove unnecessary constructor from ResourceServerSettings by @​rocky-d in #​1424
• feat: add resource annotations support to FastMCP by @​fennb in #​1468
• fix: send params as empty object for list methods without cursor by @​felixweinberger in #​1453
• fix: Set the Server session initialization state immediately after respond… by @​daamitt in #​1478

New Contributors

• @​dogacancolak made their first contribution in #​1324
• @​rocky-d made their first contribution in #​1424
• @​fennb made their first contribution in #​1468
• @​daamitt made their first contribution in #​1478

Full Changelog: modelcontextprotocol/python-sdk@v1.17.0...v1.18.0

v1.17.0

Compare Source

What's Changed

• Add documentation structure by @​Kludex in #​1425
• Add documentation about testing by @​Kludex in #​1426
• Improve OAuth protected resource metadata URL construction per RFC 9728 by @​shulkx in #​1407
• feat: add ability to remove tools by @​brandonspark in #​1322
• Update README to link to Python SDK documentation by @​felixweinberger in #​1430
• fix: update CLAUDE.md to remove auto-addition of reviewers. by @​felixweinberger in #​1431

New Contributors

• @​shulkx made their first contribution in #​1407
• @​brandonspark made their first contribution in #​1322

Full Changelog: modelcontextprotocol/python-sdk@v1.16.0...v1.17.0

v1.16.0

Compare Source

What's Changed

• Add error log for client stdio by @​pengwa in #​924
• Accept additional response_types values from OAuth servers by @​jonshea in #​1323
• Issue 1379 patch - Fix MCP server OAuth not working with Visual Studio Code and others with extra grant_types by @​automaton82 in #​1380
• Add comprehensive Unicode tests for streamable HTTP transport by @​pja-ant in #​1381
• Update Icon.sizes to use string array format by @​pja-ant in #​1411
• Delete CODEOWNERS to eliminate notification overload by @​felixweinberger in #​1413
• fix: fix the system message in simple-chatbot example by @​yukuanj in #​1394
• fix: improve misleading warning for progress callback exceptions by @​lorenzocesconetto in #​775
• fix: catch and rethrow SSEError during SSE connection establishment by @​zhangch-ss in #​975
• Add icons support for ResourceTemplate by @​pja-ant in #​1412

New Contributors 🙏

• @​pengwa made their first contribution in #​924
• @​jonshea made their first contribution in #​1323
• @​automaton82 made their first contribution in #​1380
• @​yukuanj made their first contribution in #​1394
• @​zhangch-ss made their first contribution in #​975

Full Changelog: modelcontextprotocol/python-sdk@1.15.0...v1.16.0

v1.15.0

Compare Source

What's Changed

• Return HTTP 403 for invalid Origin headers by @​pja-ant in #​1353
• Add test for ProtectedResourceMetadataParsing by @​yannj-fr in #​1236
• Fastmcp logging progress example by @​stevebillings in #​1270
• feat: add paginated list decorators for prompts, resources, and tools by @​maxisbey in #​1286
• Remove "unconditionally" from conditional description by @​mssalvatore in #​1289
• Use streamable-http consistently in examples by @​maxisbey in #​1389
• feat: Add SDK support for SEP-1034 default values in elicitation schemas by @​chughtapan in #​1337
• Implementation of SEP 973 - Additional metadata + icons support by @​pja-ant in #​1357

New Contributors

• @​stevebillings made their first contribution in #​1270
• @​mssalvatore made their first contribution in #​1289

Full Changelog: modelcontextprotocol/python-sdk@v1.14.1...v1.15.0

v1.14.1

Compare Source

What's Changed

• fix(fastmcp): propagate mimeType in resource template list by @​pchoudhury22 in #​1186
• fix: allow elicitations accepted without content by @​owengo in #​1285
• Use --frozen in pre-commit config by @​pja-ant in #​1375

New Contributors

• @​pchoudhury22 made their first contribution in #​1186
• @​owengo made their first contribution in #​1285

Full Changelog: modelcontextprotocol/python-sdk@v1.14.0...v1.14.1

v1.14.0

Compare Source

What's Changed

• Added Audio to FastMCP by @​dragonier23 in #​1130
• Fix: avoid uncessary retries in OAuth authenticated requests by @​keurcien in #​1206
• Add PATHEXT to default STDIO env vars in windows by @​timesler in #​1256
• fix: error too many values to unpack (expected 2) by @​sandangel in #​1279
• SDK Parity: Avoid Parsing Server Response for non-JsonRPCMessage Requests by @​justin-yi-wang in #​1290
• types: Setting default value for method: Literal by @​sreenaths in #​1292
• changes structured temperature to not deadly by @​monkeywithacupcake in #​1328
• Update simple-resource example to use non-deprecated read_resource return type by @​pja-ant in #​1331
• docs: Update README to include link to API docs for #​1329 by @​reidg44 in #​1330
• Allow ping requests before initialization by @​eleftherias in #​1312
• Python lint: Ruff rules for pylint and code complexity by @​cclauss in #​525
• Fix context injection for resources and prompts by @​dsp-ant in #​1336

New Contributors 🙏

• @​dragonier23 made their first contribution in #​1130
• @​keurcien made their first contribution in #​1206
• @​timesler made their first contribution in #​1256
• @​sandangel made their first contribution in #​1279
• @​justin-yi-wang made their first contribution in #​1290
• @​monkeywithacupcake made their first contribution in #​1328
• @​pja-ant made their first contribution in #​1331
• @​reidg44 made their first contribution in #​1330
• @​eleftherias made their first contribution in #​1312

Full Changelog: modelcontextprotocol/python-sdk@v1.13.1...v1.14.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pypi/​mcp@​1.13.1 ⏵ 1.26.0		+16

View full report