Skip to content

chore(deps): update dependency fastmcp to v3.4.3#514

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/fastmcp-3.x-lockfile
Open

chore(deps): update dependency fastmcp to v3.4.3#514
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/fastmcp-3.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
fastmcp 3.4.23.4.3 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

PrefectHQ/fastmcp (fastmcp)

v3.4.3: : The Fast and the Secure-ious

Compare Source

FastMCP 3.4.3 closes out a month of SSRF and OAuth hardening: NAT64, 6to4, Teredo, and ISATAP transition addresses can no longer smuggle private IPv4 targets past the SSRF allow-list, Streamable HTTP now validates Host and Origin before session handling to block DNS rebinding against localhost-bound servers, and OAuth redirect validation rejects unsafe schemes and unregistered DCR redirect URIs. Alongside the security work, this release also fixes proxy session teardown races, discriminator-tag handling in JSON schema conversion, and several smaller reliability issues.

What's Changed

Enhancements ✨
Security 🔒
Fixes 🐞
Docs 📚
Dependencies 📦
Other Changes 🦾

New Contributors

Full Changelog: PrefectHQ/fastmcp@v3.4.2...v3.4.3


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • Between 02:00 AM and 06:59 AM, only on Monday (* 2-6 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot requested a review from a team as a code owner June 22, 2026 04:53
@codecov

codecov Bot commented Jun 22, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag Coverage Δ
unittests 97.36% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate Bot changed the title chore(deps): update dependency fastmcp to v3.4.2 chore(deps): update dependency fastmcp to v3.4.3 Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants