chore(deps): bump the uv group across 1 directory with 2 updates

[dependabot]

Bumps the uv group with 2 updates in the / directory: fastmcp and anthropic.

Updates fastmcp from 3.1.1 to 3.2.0

Release notes

Sourced from fastmcp's releases.

v3.2.0: Show Don't Tool

FastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs — charts, dashboards, forms, maps — rendered right inside the conversation.

FastMCPApp

FastMCPApp is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (@app.ui()) from the backend tools the UI calls (@app.tool()), manages visibility automatically, and gives tool references stable identifiers that survive namespace transforms and server composition — without requiring host cooperation.

from fastmcp import FastMCP, FastMCPApp
from prefab_ui.actions.mcp import CallTool
from prefab_ui.components import Column, Form, Input, Button, ForEach, Text
app = FastMCPApp("Contacts")
@​app.tool()
def save_contact(name: str, email: str) -> list[dict]:
db.append({"name": name, "email": email})
return list(db)
@​app.ui()
def contact_manager() -> PrefabApp:
with PrefabApp(state={"contacts": list(db)}) as view:
with Column(gap=4):
ForEach("contacts", lambda c: Text(c.name))
with Form(on_submit=CallTool("save_contact")):
Input(name="name", required=True)
Input(name="email", required=True)
Button("Save")
return view
mcp = FastMCP("Server", providers=[app])

The UI is built with Prefab, a Python component library that compiles to interactive UIs. You write Python; the user sees charts, tables, forms, and dashboards. FastMCP handles the MCP Apps protocol machinery — renderer resources, CSP configuration, structured content serialization — so you don't have to.

For simpler cases where you just want to visualize data without server interaction, set app=True on any tool and return Prefab components directly:

@mcp.tool(app=True)
def revenue_chart(year: int) -> PrefabApp:
    with PrefabApp() as app:
        BarChart(data=revenue_data, series=[ChartSeries(data_key="revenue")])
    return app

Built-in Providers

Five ready-made providers you add with a single add_provider() call:

• FileUpload — drag-and-drop file upload with session-scoped storage

... (truncated)

Commits

• 665514e Add forward_resource flag to OAuthProxy (#3711)
• f189d1f Bump pydantic-monty to 0.0.9 (#3707)
• 6faa2d6 Remove hardcoded prefab-ui version from pinning warnings (#3708)
• dd8816c chore: Update SDK documentation (#3701)
• d274959 docs: note that custom routes are unauthenticated (#3706)
• 4a54be2 Add examples gallery page (#3705)
• 961dd50 Add interactive map example with geocoding (#3702)
• f01d0c5 Add quiz example app, fix dev server empty string args (#3700)
• 85b7efd chore: Update SDK documentation (#3694)
• 27abe3c Add sales dashboard and live system monitor examples, bump prefab-ui to 0.17 ...
• Additional commits viewable in compare view

Updates anthropic from 0.86.0 to 0.87.0

Release notes

Sourced from anthropic's releases.

v0.87.0

0.87.0 (2026-03-31)

Full Changelog: v0.86.0...v0.87.0

Features

• client: add error type field to APIStatusError (#1587) (dd563c0)
• internal: implement indices array format for query and form serialization (11a6244)

Bug Fixes

• honor api_exclude in async transform path (#1612) (8172232), closes #1610
• memory: return resolved path from async _validate_path (7b0add3)
• memory: use restrictive file mode for memory files (47ba5b8)
• sanitize endpoint path params (98f60e4)
• transform schema: support enums (#1275) (5c088ab)

Chores

• ci: run builds on CI even if only spec metadata changed (194c050)
• ci: skip lint on metadata-only changes (03e2ab9)
• internal: update gitignore (94ede14)
• tests: bump steady to v0.19.4 (2d6d58f)
• tests: bump steady to v0.19.5 (8fb439a)
• tests: bump steady to v0.19.6 (76da5fd)
• tests: bump steady to v0.19.7 (bfa40e5)
• tests: bump steady to v0.20.1 (4fd9446)

Changelog

Sourced from anthropic's changelog.

0.87.0 (2026-03-31)

Full Changelog: v0.86.0...v0.87.0

Features

• client: add error type field to APIStatusError (#1587) (dd563c0)
• internal: implement indices array format for query and form serialization (11a6244)

Bug Fixes

• honor api_exclude in async transform path (#1612) (8172232), closes #1610
• memory: return resolved path from async _validate_path (7b0add3)
• memory: use restrictive file mode for memory files (47ba5b8)
• sanitize endpoint path params (98f60e4)
• transform schema: support enums (#1275) (5c088ab)

Chores

• ci: run builds on CI even if only spec metadata changed (194c050)
• ci: skip lint on metadata-only changes (03e2ab9)
• internal: update gitignore (94ede14)
• tests: bump steady to v0.19.4 (2d6d58f)
• tests: bump steady to v0.19.5 (8fb439a)
• tests: bump steady to v0.19.6 (76da5fd)
• tests: bump steady to v0.19.7 (bfa40e5)
• tests: bump steady to v0.20.1 (4fd9446)

Commits

• ab0c446 release: 0.87.0
• 6599043 fix(memory): return resolved path from async _validate_path
• 715030c fix(memory): use restrictive file mode for memory files
• 6cdbc5f chore(tests): bump steady to v0.20.1
• 4beda3c Add output-300k-2026-03-24 beta header
• 3b77b82 chore(ci): run builds on CI even if only spec metadata changed
• 764ddba feat(internal): implement indices array format for query and form serialization
• 8a06a90 codegen metadata
• 7f8cf3c chore(tests): bump steady to v0.19.7
• 0eba0dd chore(ci): skip lint on metadata-only changes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Updates fastmcp to 3.2.0 and anthropic to 0.87.0 to unlock MCP app UI support and SDK fixes, plus patch bumps to pillow and requests across services.

• Dependencies
  • fastmcp 3.2.0 (from 3.1.1) — adds FastMCPApp for interactive UIs and provider improvements.
  • anthropic 0.87.0 (from 0.86.0) — adds error type on APIStatusError, enum support in transform schema, and path/memory fixes.
  • pillow 12.2.0 (from 12.1.1) — patch update.
  • requests 2.33.1 (from 2.33.0) — patch update.

^{Written for commit d4582a8. Summary will update on new commits.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
pixelated	Ready	Preview, Comment	Apr 1, 2026 9:26pm

[cubic-dev-ai]

No issues found across 7 files

[dependabot]

Superseded by #349.