chore(deps): update dependency fastmcp to v3.3.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
fastmcp	3.2.4 → 3.3.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

PrefectHQ/fastmcp (fastmcp)

v3.3.1: : Loop There It Is

Compare Source

FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like from fastmcp.tools import tool because component modules reached auth and task primitives through fastmcp.server, pulling in the server/provider stack and exposing a circular import.

Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightweight, existing server-facing imports continue to work, and the release also includes small docs corrections from the 3.3 rollout.

What's Changed

Fixes 🐞

• fix(docs): use valid FA icon on client-only package page by @​jlowin in #​4139
• Decouple component imports from server by @​jlowin in #​4150

Full Changelog: PrefectHQ/fastmcp@v3.3.0...v3.3.1

v3.3.0: : Slim Reaper

Compare Source

FastMCP 3.3 ships fastmcp-slim, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle.

fastmcp-slim

The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery — necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP. fastmcp-slim is a dependency-light distribution that ships the client and transport layer without any of that.

The import namespace is unchanged:

from fastmcp import Client

async with Client("https://example.com/mcp") as client:
    result = await client.call_tool("my_tool", {"arg": "value"})

Install fastmcp-slim[client] anywhere you want FastMCP's client without the server footprint — CI environments, lightweight agents, library dependencies that shouldn't force Uvicorn on downstream users.

Security

The OAuth proxy received three hardening upgrades. Silent consent is now guarded against AS-in-the-middle attacks — a malicious authorization server can no longer silently approve a consent it wasn't meant to handle. Redirect URI allowlist matching now rejects dot-segment paths (/../, /./) that could otherwise bypass prefix checks. And ResponseCachingMiddleware partitions its cache by access token, closing a gap where different users could see each other's cached responses.

Auth

AzureB2CProvider adds first-class support for Azure AD B2C user flows. The OCI provider is fixed for 3.x installs. And OAuthProxy gains a public update_scopes() API for updating the proxy's required scopes after initialization — useful for servers that determine scope requirements at runtime.

Observability

OTEL instrumentation is now fully compliant with MCP semantic conventions. List operations (list_tools, list_resources, list_prompts, list_resource_templates) are instrumented, and delegate spans on proxy servers are enriched with backend attributes.

Thread Affinity

Sync tools run in a thread pool by default. If your tool holds thread-local state or is bound to a specific thread (UI frameworks, some database drivers), you can now opt out:

@​mcp.tool(run_in_thread=False)
def my_tool() -> str:
    ...

Under the Hood

Docket is now reentrant, and mounted servers enter their own lifespan — so a server with startup/shutdown logic works correctly when composed into a larger server. The FastMCP constructor accepts experimental_capabilities for passing raw capability flags. Tool errors accept a log_level parameter to control how they're logged. FormInput supports a default prefill value.

Fixes: ping loop now exits cleanly when a stream closes; sampling from background tasks works correctly; Windows startup no longer crashes on non-UTF-8 console output; blank query string values are preserved in OpenAPI routing; $defs introduced by ArgTransform are hoisted to the schema root; HTTP transports are terminated before lifespan shutdown.

13 new contributors this release.

What's Changed

New Features 🎉

• Add fastmcp-slim for client-only installs by @​jlowin in #​4122

Enhancements ✨

• Add default prefill to FormInput.collect_input by @​jlowin in #​3937
• OTEL: Fix attribute compliance with MCP semantic conventions by @​strawgate in #​3889
• OTEL: Instrument all MCP list operations and enrich delegate spans by @​strawgate in #​3890
• Improve real-world schema crash test: failure dump, cluster analysis, TypeErrors baseline ratchet by @​jlowin in #​3958
• feat: add AzureB2CProvider for Azure AD B2C user flows by @​carlos-rian in #​3995
• Add run_in_thread opt-out for sync tools with thread affinity by @​jlowin in #​4010
• Add missing return type annotation to getattr by @​ZLeventer in #​4026
• Add experimental_capabilities kwarg to FastMCP constructor by @​jlowin in #​4042
• Add log_level parameter to FastMCP errors by @​daniel-tsiang in #​4036
• Bump pydocket to 0.20.0 by @​chrisguidry in #​4031
• enh: Add public API for updating OAuthProxy scopes after initialization by @​taylorwilsdon in #​4091
• Refine fastmcp-slim packaging by @​jlowin in #​4125

Security 🔒

• Harden OAuth Proxy silent consent against AS-in-the-middle by @​jlowin in #​3960
• Reject dot-segments in redirect URI allowlist matching by @​jlowin in #​3963
• Bump deps with open dependabot alerts by @​jlowin in #​3965
• Partition ResponseCachingMiddleware cache by access token by @​jlowin in #​4041

Fixes 🐞

• fix: reject self-mount to prevent infinite recursion by @​strawgate in #​3925
• fix: ProxyTool crashes on non-TextContent error responses by @​strawgate in #​3926
• fix: _prune_param and _convert_nullable_field mutate input schemas by @​strawgate in #​3927
• fix: narrow OpenAI audio format dict to Literal for ty by @​jlowin in #​3936
• fix: allow hyphens in resource template parameter names by @​strawgate in #​3929
• fix: OpenAPI request director sends multipart and form-urlencoded as JSON by @​strawgate in #​3932
• Fix raise_on_error handling for tool tasks by @​gnanirahulnutakki in #​3946
• fix: FileSystemProvider reload race condition by @​strawgate in #​3938
• fix tests that relied on task=True returning error results by @​jlowin in #​3954
• Restore task snapshot via a worker-level dependency by @​chrisguidry in #​3945
• Forward backend capabilities in ProxyProvider by @​jlowin in #​3956
• Allow upstream client_id to be used directly without DCR by @​jlowin in #​3957
• Graceful fallback for unsupported regex patterns in json_schema_to_type by @​jlowin in #​3959
• Revert "Forward backend capabilities in ProxyProvider (#​3956)" by @​jlowin in #​3964
• fix: skip stdio subprocess test on Windows CI by @​jlowin in #​3966
• fix: bound _refresh_locks with LRU eviction to prevent memory leak by @​jlowin in #​3968
• fix: handle circular JSON Pointer $ref in dereference_refs by @​lawrence3699 in #​3896
• fix: honor upstream refresh token expiry in OAuthProxy by @​jlowin in #​3990
• fix: narrow _token_validator with isinstance for ty in AzureProvider.from_b2c by @​jlowin in #​4007
• fix: cancel orphaned session_task when Client._disconnect times out by @​jlowin in #​4011
• fix: preserve @​tool metadata in from_function by @​lawrence3699 in #​4072
• fix(openapi): keep blank values in parse_qs (refs #​4056) by @​MukundaKatta in #​4076
• Fix #​4056: keep blank query values, add token bucket regression test by @​MukundaKatta in #​4069
• fix(ping): exit ping loop cleanly when session stream is closed by @​ashwin153 in #​4087
• Fix sampling from background tasks by @​cuyua9 in #​4068
• Make Docket reentrant; mounted servers enter their own lifespan by @​jlowin in #​4095
• fix(tool_transform): hoist $defs to schema root when ArgTransform introduces them by @​SarthakB11 in #​4101
• fix(auth): silence authlib.jose DeprecationWarning at JWT import by @​SarthakB11 in #​4100
• fix: don't cache import map in dev apps bundle by @​jlowin in #​4106
• #​4084 [Issues] Windows startup crash due to UnicodeDecodeError when l… by @​doneman536 in #​4092
• fix: drop exc_info for expected tool failures, remove unreachable ValidationError by @​sergeykad in #​4029
• fix: cli option --no-banner is NOT passed to cli but server-spec in-correctly when cli --reload option is specified. by @​itaru2622 in #​4083
• Fix None backend_* span attributes on un-renamed proxy components by @​ringerc in #​4109
• Fix OCI Provider issue in 3.x version. Add OCI auth provider example … by @​kiranthakkar in #​4116
• fix(http): terminate active streamable-HTTP transports before lifespan shutdown by @​SarthakB11 in #​4118

Docs 📚

• Restructure docs navigation by @​jlowin in #​3951
• docs: standardize ToolAnnotations examples by @​gnanirahulnutakki in #​3952
• Be constructively skeptical of bot reviews on own PRs by @​jlowin in #​3971
• Add UTM params to Horizon docs links by @​aaazzam in #​4018
• Add a sandboxed-agents deployment guide by @​strawgate in #​4027
• docs: add best practices for custom telemetry spans by @​MukundaKatta in #​4001
• Refresh landing page copy by @​jlowin in #​4043
• Refresh landing page copy by @​jlowin in #​4047
• Add UTM tracking to Horizon links by @​jlowin in #​4064
• docs(integrations): add Pydantic AI FastMCP toolset guide by @​MukundaKatta in #​4070
• docs: fix broken links in Pydantic AI guide by @​jlowin in #​4094

Dependencies 📦

• chore(deps-dev): bump pydantic-monty from 0.0.11 to 0.0.12 by @​dependabot[bot] in #​3940
• chore(deps-dev): bump pydantic-monty from 0.0.14 to 0.0.16 by @​dependabot[bot] in #​3984

Other Changes 🦾

• fix: Don't completely hide plain mcp.tool app-only tools by @​owtaylor in #​4112

New Contributors

• @​gnanirahulnutakki made their first contribution in #​3946
• @​lawrence3699 made their first contribution in #​3896
• @​carlos-rian made their first contribution in #​3995
• @​ZLeventer made their first contribution in #​4026
• @​MukundaKatta made their first contribution in #​4001
• @​daniel-tsiang made their first contribution in #​4036
• @​ashwin153 made their first contribution in #​4087
• @​cuyua9 made their first contribution in #​4068
• @​taylorwilsdon made their first contribution in #​4091
• @​SarthakB11 made their first contribution in #​4101
• @​doneman536 made their first contribution in #​4092
• @​sergeykad made their first contribution in #​4029
• @​ringerc made their first contribution in #​4109

Full Changelog: PrefectHQ/fastmcp@v3.2.4...v3.3.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

For team members: test commit 76c0339 in internal GitLab

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
unittests	97.17% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.