Skip to content

chore(deps): Bump the minor-and-patch group across 1 directory with 5 updates#633

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/mcp/weather_tool/minor-and-patch-fc3f33322a
Open

chore(deps): Bump the minor-and-patch group across 1 directory with 5 updates#633
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/mcp/weather_tool/minor-and-patch-fc3f33322a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 3 updates in the /mcp/weather_tool directory: fastmcp, starlette and opentelemetry-api.

Updates fastmcp from 3.4.0 to 3.4.2

Release notes

Sourced from fastmcp's releases.

v3.4.2: Heads Up

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: Floor It

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

Security 🔒

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

Commits

Updates starlette from 1.2.1 to 1.3.1

Release notes

Sourced from starlette's releases.

Version 1.3.1

What's Changed

Full Changelog: Kludex/starlette@1.3.0...1.3.1

Version 1.3.0

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.2.1...1.3.0

Changelog

Sourced from starlette's changelog.

1.3.1 (June 12, 2026)

Fixed

  • Enforce max_fields and max_part_size in FormParser #3329.
  • Enforce FormParser limits in parser callbacks #3331.

1.3.0 (June 11, 2026)

Added

  • Add httpx2 to the full extra #3323.
  • Annotate the URLPath protocol parameter with Literal #3285.

Fixed

  • Build request.url from structured components #3326.
  • Clamp oversized suffix ranges in FileResponse #3307.
  • Catch OSError alongside MultiPartException when closing temp files #3191.
  • Avoid collapsing exception groups raised from user code #2830.
  • Use removeprefix to strip the weak ETag indicator in is_not_modified #3193.
  • Fix IndexError in URL.replace() on a URL with no authority #3317.
  • Adjust testclient typing and warnings #3322.
Commits
  • 8ebffd0 Version 1.3.1 (#3330)
  • 25b8e17 Enforce FormParser limits in parser callbacks (#3331)
  • dba1c4b Enforce max_fields and max_part_size in FormParser (#3329)
  • 45e51dc Use StarletteDeprecationWarning instead of DeprecationWarning (#3119)
  • 5f8610c Version 1.3.0 (#3327)
  • 167b585 Build request.url from structured components (#3326)
  • 3730925 Use removeprefix to strip weak ETag indicator in is_not_modified (#3193)
  • e6f7ad1 avoid collapsing exception groups from user code (#2830)
  • 115228f Annotate URLPath protocol parameter with Literal (#3285)
  • 113f193 docs: replace inline ASGI server list with link to canonical implemen… (#3204)
  • Additional commits viewable in compare view

Updates opentelemetry-api from 1.42.1 to 1.43.0

Changelog

Sourced from opentelemetry-api's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits
  • fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
  • b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
  • 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
  • 6ac6895 docs: add declarative configuration guide and example (#5309)
  • 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
  • 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
  • ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
  • fa75422 Add support for composite samplers in declarative config (#5201)
  • 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
  • 53c9d96 chore: cleanup typo found in test (#5324)
  • Additional commits viewable in compare view

Updates opentelemetry-sdk from 1.42.1 to 1.43.0

Changelog

Sourced from opentelemetry-sdk's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits
  • fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
  • b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
  • 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
  • 6ac6895 docs: add declarative configuration guide and example (#5309)
  • 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
  • 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
  • ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
  • fa75422 Add support for composite samplers in declarative config (#5201)
  • 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
  • 53c9d96 chore: cleanup typo found in test (#5324)
  • Additional commits viewable in compare view

Updates opentelemetry-exporter-otlp-proto-http from 1.42.1 to 1.43.0

Changelog

Sourced from opentelemetry-exporter-otlp-proto-http's changelog.

Version 1.43.0/0.64b0 (2026-06-24)

Added

  • opentelemetry-sdk: add add_metric_reader / remove_metric_reader public APIs to register / unregister metric readers at runtime. (#4863)
  • opentelemetry-exporter-prometheus: add support for configuring metric scope labels (#5123)
  • opentelemetry-exporter-otlp-proto-grpc: Add grpc error details to the log message that's written when the grpc call fails. (#5143)
  • opentelemetry-exporter-http-transport: add 'opentelemetry-exporter-http-transport' package for HTTP exporters (#5194)
  • opentelemetry-sdk: Add composite/development samplers support to declarative file configuration (#5201)
  • opentelemetry-exporter-otlp-json-file: Add OTLP JSON File exporter implementation (#5207)
  • opentelemetry-sdk: add _resolve_component shared utility for declarative config plugin loading, reducing boilerplate in exporter factory functions (#5215)
  • opentelemetry-sdk: add pull metric reader support to declarative file configuration, including Prometheus metric reader via the prometheus_development config field (#5216)
  • opentelemetry-proto-json: update to use opentelemetry-proto v1.10.0 (#5224)
  • opentelemetry-proto: bump maximum supported protobuf version to 7.x.x (#5251)
  • opentelemetry-sdk: add ServiceInstanceIdResourceDetector for populating service.instance.id (#5259)
  • opentelemetry-sdk: declarative config loader now recursively converts parsed dicts into typed dataclass instances, including nested dataclasses, lists of dataclasses, and enum values. End-to-end YAML/JSON → SDK configuration now works via the factory functions. (#5269)
  • opentelemetry-sdk: add configure_sdk(config) to the declarative configuration API. Single entry point that takes a parsed OpenTelemetryConfiguration, builds the resource, and applies the tracer/meter/logger providers and propagator globally. Honors the top-level disabled flag. (#5270)
  • opentelemetry-sdk: the SDK configurator now honors the OTEL_CONFIG_FILE environment variable. When set, the SDK loads and applies the referenced declarative configuration file (YAML or JSON) in place of the env-var-based

... (truncated)

Commits
  • fcbbeb8 [release/v1.43.x-0.64bx] Prepare release 1.43.0/0.64b0 (#5349)
  • b40dcbc opentelemetry-exporter-http-transport: enable entry-point loading of transpor...
  • 10e8577 update to Sphinx to 8.1.3 in order to support Python 3.14 (#5278)
  • 6ac6895 docs: add declarative configuration guide and example (#5309)
  • 13ad4d5 opentelemetry-api: normalize empty environment propagation names to "_" in En...
  • 6a0ab84 opentelemetry-sdk: merge doesn't need a copy, dict already does this (#5326)
  • ac7a3df feat(config): support OTEL_CONFIG_FILE in the SDK configurator (#5271)
  • fa75422 Add support for composite samplers in declarative config (#5201)
  • 43f079f Update json and proto encoder to always accept None type, cleanup code / test...
  • 53c9d96 chore: cleanup typo found in test (#5324)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the minor-and-patch group with 3 updates in the /mcp/weather_tool directory: [fastmcp](https://github.com/PrefectHQ/fastmcp), [starlette](https://github.com/Kludex/starlette) and [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python).


Updates `fastmcp` from 3.4.0 to 3.4.2
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.4.0...v3.4.2)

Updates `starlette` from 1.2.1 to 1.3.1
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@1.2.1...1.3.1)

Updates `opentelemetry-api` from 1.42.1 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.42.1...v1.43.0)

Updates `opentelemetry-sdk` from 1.42.1 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.42.1...v1.43.0)

Updates `opentelemetry-exporter-otlp-proto-http` from 1.42.1 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-python@v1.42.1...v1.43.0)

---
updated-dependencies:
- dependency-name: fastmcp
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: starlette
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: opentelemetry-api
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: opentelemetry-sdk
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: opentelemetry-exporter-otlp-proto-http
  dependency-version: 1.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

Status: New/ToDo

Development

Successfully merging this pull request may close these issues.

1 participant