Skip to content

Chore(deps): Bump fastmcp from 2.12.0 to 3.1.0 in /backend#2645

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/fastmcp-3.1.0
Open

Chore(deps): Bump fastmcp from 2.12.0 to 3.1.0 in /backend#2645
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/fastmcp-3.1.0

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 6, 2026

Bumps fastmcp from 2.12.0 to 3.1.0.

Release notes

Sourced from fastmcp's releases.

v3.1.0: Code to Joy

FastMCP 3.1 is the Code Mode release. The 3.0 architecture introduced providers and transforms as the extensibility layer — 3.1 puts that architecture to work, shipping the most requested capability since launch: servers that can find and execute code on behalf of agents, without requiring clients to know what tools exist.

Code Mode

Standard MCP has two scaling problems. The entire tool catalog loads into context upfront — with a large server, that's tens of thousands of tokens before the LLM reads a single word of the user's request. And every tool call is a round-trip: the LLM calls a tool, the result flows back through the context window, the LLM reasons about it, calls another tool, and so on. Intermediate results that only exist to feed the next step still burn tokens every time.

CodeMode is an experimental transform that solves both. Instead of seeing your tool catalog directly, the LLM gets meta-tools: it searches for relevant tools on demand (using BM25), inspects their schemas, then writes Python that chains call_tool() calls in a sandbox and returns a final answer. Discovery is staged and targeted; intermediate results never touch the model's context window.

from fastmcp import FastMCP
from fastmcp.experimental.transforms.code_mode import CodeMode
mcp = FastMCP("Server", transforms=[CodeMode()])

Your existing tools don't change — CodeMode wraps them. The default three-stage flow (search → get schemas → execute) is configurable: collapse it to two stages for smaller catalogs, skip discovery entirely for tiny ones. The sandbox supports resource limits on time, memory, and recursion depth.

Read the docs here.

Search Transforms

Code Mode's discovery layer is also available as a standalone transform. SearchTools adds BM25 text search to any server — clients can query against tool names and descriptions and receive ranked results, without needing to know tool names upfront. This is useful anywhere the tool catalog is large, dynamic, or not known in advance.

Prefab Apps

3.1 adds early integration with Prefab, a frontend framework with a Python DSL that compiles to React. The vision: Python developers building MCP servers shouldn't have to leave Python to ship a proper UI. Prefab is still under very active development (their words: "probably shouldn't use it yet"), but the integration is here, the pieces are aligning, and 3.2 is where this gets interesting.

Auth Additions

MultiAuth lets you compose multiple token verification sources into a single auth layer — useful when you need to accept tokens from more than one provider (e.g., internal JWTs alongside a third-party OAuth provider). This release also adds out-of-the-box support for PropelAuth and a Google GenAI sampling handler.

Under the Hood

Heavy imports are now lazy-loaded, meaningfully reducing startup time for servers that don't use every feature. fastmcp run and dev inspector gain a -m/--module flag for module-style invocation, MCPConfigTransport now correctly persists sessions across tool calls, and search_result_serializer gives you a hook to customize how search results are serialized for markdown output. Eight new contributors, and the usual round of fixes.

What's Changed

New Features 🎉

Enhancements 🔧

... (truncated)

Changelog

Sourced from fastmcp's changelog.

title: "Changelog" icon: "list-check" rss: true tag: NEW

v3.0.2: Threecovery Mode II

Two community-contributed fixes: auth headers from MCP transport no longer leak through to downstream OpenAPI APIs, and background task workers now correctly receive the originating request ID. Plus a new docs example for context-aware tool factories.

Fixes 🐞

  • fix: prevent MCP transport auth header from leaking to downstream OpenAPI APIs by @​stakeswky in #3262
  • fix: propagate origin_request_id to background task workers by @​gfortaine in #3175

Docs 📚

Full Changelog: v3.0.1...v3.0.2

v3.0.1: Three-covery Mode

First patch after 3.0 — mostly smoothing out rough edges discovered in the wild. The big ones: middleware state that wasn't surviving the trip to tool handlers now does, Tool.from_tool() accepts callables again, OpenAPI schemas with circular references no longer crash discovery, and decorator overloads now return the correct types in function mode. Also adds verify_id_token to OIDCProxy for providers (like some Azure AD configs) that issue opaque access tokens but standard JWT id_tokens.

Enhancements 🔧

Fixes 🐞

Docs 📚

  • Sync README with welcome.mdx, fix install count by @​jlowin in #3224
  • Document dict-to-Message prompt migration in upgrade guides by @​jlowin in #3225
  • Fix v2 upgrade guide: remove incorrect v1 import advice by @​jlowin in #3226

... (truncated)

Commits
  • 8bc3136 Restructure docs navigation: CLI section, Composition, More (#3361)
  • 8a356ad Add include_unversioned option to VersionFilter (#3349)
  • fccbd43 Add FASTMCP_TRANSPORT setting for default transport selection (#1796)
  • 404b820 Add ListTools, search limit, and catalog size annotation to CodeMode (#3359)
  • 49534ce Add Google GenAI Sampling Handler (#2977)
  • af55738 feat(contrib): auto-sync MCPMixin decorators with from_function signatures (#...
  • 902b63f chore: Update SDK documentation (#3313)
  • f2dd2e5 Fix session persistence across tool calls in multi-server MCPConfigTransport ...
  • 2ab8beb Remove system role references from docs (#3356)
  • 59da3e4 Decompose CodeMode into composable discovery tools (#3354)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Chore(deps): Bump fastmcp from 2.12.0 to 3.1.0 in /backend
e9bad31 
Bumps [fastmcp](https://github.com/PrefectHQ/fastmcp) from 2.12.0 to 3.1.0.
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v2.12.0...v3.1.0)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 6, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested review from Phinease and WMC001 as code owners March 6, 2026 15:47
@dependabot dependabot bot mentioned this pull request Mar 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Phinease Phinease Awaiting requested review from Phinease Phinease is a code owner

@WMC001 WMC001 Awaiting requested review from WMC001 WMC001 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants