Skip to content

chore(keycardai-fastmcp): bump fastmcp lock to 3.4.x#188

Merged
Larry-Osakwe merged 1 commit into
mainfrom
chore/bump-fastmcp-lock-3.4
Jul 2, 2026
Merged

chore(keycardai-fastmcp): bump fastmcp lock to 3.4.x#188
Larry-Osakwe merged 1 commit into
mainfrom
chore/bump-fastmcp-lock-3.4

Conversation

@Larry-Osakwe

Copy link
Copy Markdown
Contributor

Summary

  • Bumps the locked fastmcp version from 3.2.4 to 3.4.2 via uv lock --upgrade-package fastmcp.
  • fastmcp 3.4.1 is a security patch (CVE-2026-48710) that raises the Starlette floor; the lock now resolves starlette 1.0.0 -> 1.3.1 and picks up the new fastmcp-slim companion package introduced by fastmcp's 3.4.x packaging split.
  • Lock-only change: the fastmcp>=3.0.0 floor in packages/fastmcp/pyproject.toml is unchanged.

Refs: Linear ECO-97

Testing

  • uv run --extra test pytest tests/ in packages/fastmcp (61 passed)
  • uv run --extra test pytest tests/ in packages/mcp-fastmcp (5 passed)
  • uv run ruff check (clean)

🤖 Generated with Claude Code

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpypi/​fastmcp@​3.2.4 ⏵ 3.4.2100 +510090 -10100100
Updatedpypi/​starlette@​1.0.0 ⏵ 1.3.1100 +1100 +25100100100

View full report

@Larry-Osakwe Larry-Osakwe merged commit bf3e8df into main Jul 2, 2026
5 checks passed
@Larry-Osakwe Larry-Osakwe deleted the chore/bump-fastmcp-lock-3.4 branch July 2, 2026 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants