chore(deps): bump the uv group across 1 directory with 2 updates

[dependabot]

Bumps the uv group with 2 updates in the / directory: fastmcp and onnx.

Updates fastmcp from 3.1.1 to 3.2.0

Release notes

Sourced from fastmcp's releases.

v3.2.0: Show Don't Tool

FastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs — charts, dashboards, forms, maps — rendered right inside the conversation.

FastMCPApp

FastMCPApp is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (@app.ui()) from the backend tools the UI calls (@app.tool()), manages visibility automatically, and gives tool references stable identifiers that survive namespace transforms and server composition — without requiring host cooperation.

from fastmcp import FastMCP, FastMCPApp
from prefab_ui.actions.mcp import CallTool
from prefab_ui.components import Column, Form, Input, Button, ForEach, Text
app = FastMCPApp("Contacts")
@​app.tool()
def save_contact(name: str, email: str) -> list[dict]:
db.append({"name": name, "email": email})
return list(db)
@​app.ui()
def contact_manager() -> PrefabApp:
with PrefabApp(state={"contacts": list(db)}) as view:
with Column(gap=4):
ForEach("contacts", lambda c: Text(c.name))
with Form(on_submit=CallTool("save_contact")):
Input(name="name", required=True)
Input(name="email", required=True)
Button("Save")
return view
mcp = FastMCP("Server", providers=[app])

The UI is built with Prefab, a Python component library that compiles to interactive UIs. You write Python; the user sees charts, tables, forms, and dashboards. FastMCP handles the MCP Apps protocol machinery — renderer resources, CSP configuration, structured content serialization — so you don't have to.

For simpler cases where you just want to visualize data without server interaction, set app=True on any tool and return Prefab components directly:

@mcp.tool(app=True)
def revenue_chart(year: int) -> PrefabApp:
    with PrefabApp() as app:
        BarChart(data=revenue_data, series=[ChartSeries(data_key="revenue")])
    return app

Built-in Providers

Five ready-made providers you add with a single add_provider() call:

• FileUpload — drag-and-drop file upload with session-scoped storage

... (truncated)

Commits

• 665514e Add forward_resource flag to OAuthProxy (#3711)
• f189d1f Bump pydantic-monty to 0.0.9 (#3707)
• 6faa2d6 Remove hardcoded prefab-ui version from pinning warnings (#3708)
• dd8816c chore: Update SDK documentation (#3701)
• d274959 docs: note that custom routes are unauthenticated (#3706)
• 4a54be2 Add examples gallery page (#3705)
• 961dd50 Add interactive map example with geocoding (#3702)
• f01d0c5 Add quiz example app, fix dev server empty string args (#3700)
• 85b7efd chore: Update SDK documentation (#3694)
• 27abe3c Add sales dashboard and live system monitor examples, bump prefab-ui to 0.17 ...
• Additional commits viewable in compare view

Updates onnx from 1.20.1 to 1.21.0rc1

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Bumps fastmcp to 3.2.0, moves onnx to 1.21.0rc1, and patches requests to 2.33.1 across Python services to unlock FastMCP Apps/UI support and apply HTTP bug fixes. Verify ONNX workflows given the RC upgrade.

• Dependencies

  • fastmcp: 3.1.1 → 3.2.0 (adds FastMCPApp and interactive UI support)
  • onnx: 1.20.1 → 1.21.0rc1 (pre-release with 1.21 changes)
  • requests: 2.33.0 → 2.33.1 (patch release)

• Migration

  • Run model export/inference tests with onnx 1.21.0rc1; pin to a stable version if regressions appear.

^{Written for commit bf8fc81. Summary will update on new commits.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
pixelated	Ready	Preview, Comment	Apr 1, 2026 2:01am

[cubic-dev-ai]

No issues found across 6 files