Skip to content

build(deps): bump fastmcp from 2.13.1 to 2.14.4#248

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/fastmcp-2.14.4
Open

build(deps): bump fastmcp from 2.13.1 to 2.14.4#248
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/fastmcp-2.14.4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2026

Bumps fastmcp from 2.13.1 to 2.14.4.

Release notes

Sourced from fastmcp's releases.

v2.14.4: Package Deal

This patch release fixes a fresh install bug where the packaging library was previously installed as a transitive dependency but is no longer—causing an import error on fresh installs without dev dependencies. Also includes a pydocket version pin to avoid Redis connection noise in tests, plus backports from 3.x for $ref dereferencing in tool schemas and the task capabilities location fix.

What's Changed

Enhancements 🔧

Fixes 🐞

Full Changelog: jlowin/fastmcp@v2.14.3...v2.14.4

v2.14.3: Time After Timeout

This patch release fixes an HTTP transport timeout bug where connections were defaulting to 5 seconds instead of respecting MCP's 30-second default, causing premature timeouts for slower operations. Also includes OAuth token storage fixes, Redis key isolation for ACL compliance, and improved ContextVar propagation for ASGI-mounted servers. Plus, the CLI will now nudge you when updates are available (you're welcome, future you).

What's Changed

Enhancements 🔧

Fixes 🐞

Full Changelog: jlowin/fastmcp@v2.14.2...v2.14.3

v2.14.2: Port Authority

FastMCP 2.14.2 brings a wave of community contributions safely into the 2.x line. A variety of important fixes backported from 3.0 work improve OpenAPI 3.1 compatibility, MCP spec compliance for output schemas and elicitation, and correct a subtle base_url fallback issue. The CLI now gently reminds you that FastMCP 3.0 is on the horizon.

What's Changed

Enhancements 🔧

Fixes 🐞

... (truncated)

Commits
  • ab935b3 Add missing packaging dependency (#2989)
  • 0e5677c Merge pull request #2874 from jlowin/fix-task-capabilities-2.x
  • b0b6826 Add type ignores for extra_data kwargs
  • ed72c4b Fix type: use TasksCallCapability instead of dict
  • dec3c6d Fix task capabilities location (issue #2870)
  • bc2f601 Backport: Dereference $ref in tool schemas for MCP client compatibility (#2861)
  • 559b778 Add release notes for v2.14.2 and v2.14.3 (#2851)
  • e600570 Fix HTTP transport timeout defaulting to 5 seconds (#2848)
  • 9e86dbc Merge pull request #2843 from jlowin/debug-task-lifecycle
  • 964b23b Merge branch 'release/2.x' into debug-task-lifecycle
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump fastmcp from 2.13.1 to 2.14.4
daff6c5 
Bumps [fastmcp](https://github.com/jlowin/fastmcp) from 2.13.1 to 2.14.4.
- [Release notes](https://github.com/jlowin/fastmcp/releases)
- [Changelog](https://github.com/jlowin/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](jlowin/fastmcp@v2.13.1...v2.14.4)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 2.14.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 26, 2026
@dependabot dependabot bot mentioned this pull request Jan 26, 2026
Closed
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 26, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants