build(deps): bump fastmcp from 2.4.0 to 2.12.5 in the patch-and-minor-updates group

[dependabot]

Bumps the patch-and-minor-updates group with 1 update: fastmcp.

Updates fastmcp from 2.4.0 to 2.12.5

Release notes

Sourced from fastmcp's releases.

v2.12.5: Safety Pin

This is a point release to pin the MCP SDK below 1.17, which introduced a change that is affecting some FastMCP users who 1) are using FastMCP auth providers and 2) are mounting their MCP servers as part of a larger application, resulting in the .well-known payload appearing in an unexpected location.

The only change in this release is pinning the SDK version: jlowin/fastmcp@dab2b31

Full Changelog: jlowin/fastmcp@v2.12.4...v2.12.5

v2.12.4: OIDC What You Did There

FastMCP 2.12.4 adds comprehensive OIDC support and expands authentication options with AWS Cognito and Descope providers. The release also includes improvements to logging middleware, URL handling for nested resources, persistent OAuth client registration storage, and various fixes to the experimental OpenAPI parser.

What's Changed

New Features 🎉

• feat: Add support for OIDC configuration by @​ruhulio in jlowin/fastmcp#1817

Enhancements 🔧

• feat: Move the Starlette context middleware to the front by @​akkuman in jlowin/fastmcp#1812
• Refactor Logging and Structured Logging Middleware by @​strawgate in jlowin/fastmcp#1805
• Update pull_request_template.md by @​jlowin in jlowin/fastmcp#1824
• chore: Set redirect_path default in function by @​ruhulio in jlowin/fastmcp#1833
• feat: Set instructions in code by @​attiks in jlowin/fastmcp#1838
• Automatically Create inline Snapshots by @​strawgate in jlowin/fastmcp#1779
• chore: Cleanup Auth0 redirect_path initialization by @​ruhulio in jlowin/fastmcp#1842
• feat: Add support for Descope Authentication by @​anvibanga in jlowin/fastmcp#1853
• Update descope version badges by @​jlowin in jlowin/fastmcp#1870
• Update welcome images by @​jlowin in jlowin/fastmcp#1884
• Fix rounded edges of image by @​jlowin in jlowin/fastmcp#1886
• optimize test suite by @​zzstoatzz in jlowin/fastmcp#1893
• Enhancement: client completions support context_arguments by @​isijoe in jlowin/fastmcp#1906
• Update Descope icon by @​anvibanga in jlowin/fastmcp#1912
• Add AWS Cognito OAuth Provider for Enterprise Authentication by @​stephaneberle9 in jlowin/fastmcp#1873
• Fix typos discovered by codespell by @​cclauss in jlowin/fastmcp#1922
• Use lowercase namespace for fastmcp logger by @​jlowin in jlowin/fastmcp#1791

Fixes 🐞

• Update quickstart.mdx by @​radi-dev in jlowin/fastmcp#1821
• Remove extraneous union import by @​jlowin in jlowin/fastmcp#1823
• Delay import of Provider classes until FastMCP Server Creation by @​strawgate in jlowin/fastmcp#1820
• fix: correct documentation link in deprecation warning by @​strawgate in jlowin/fastmcp#1828
• fix: Increase default 3s timeout on Pytest by @​dacamposol in jlowin/fastmcp#1866
• fix: Improve URL handling in OIDCConfiguration by @​ruhulio in jlowin/fastmcp#1850
• fix: correct typing for on_read_resource middleware method by @​strawgate in jlowin/fastmcp#1858
• feat(experimental/openapi): replace $ref in additionalProperties; add tests by @​jlowin in jlowin/fastmcp#1735
• Honor client supplied scopes during registration by @​dmikusa in jlowin/fastmcp#1860
• Fix: FastAPI list parameter parsing in experimental OpenAPI parser by @​jlowin in jlowin/fastmcp#1834
• Add log level support for stdio and HTTP transports by @​jlowin in jlowin/fastmcp#1840
• Fix OAuth pre-flight check to accept HTTP 200 responses by @​jlowin in jlowin/fastmcp#1874
• Fix: Preserve OpenAPI parameter descriptions in experimental parser by @​shlomo666 in jlowin/fastmcp#1877

... (truncated)

Changelog

Sourced from fastmcp's changelog.

---

title: "Changelog" icon: "list-check" rss: true

v2.12.5: Safety Pin

FastMCP 2.12.5 is a point release that pins the MCP SDK version below 1.17, which introduced a change affecting FastMCP users with auth providers mounted as part of a larger application. This ensures the .well-known payload appears in the expected location when using FastMCP authentication providers with composite applications.

What's Changed

Fixes 🐞

• Pin MCP SDK version below 1.17 by @​jlowin in a1b2c3d

Full Changelog: v2.12.4...v2.12.5

v2.12.4: OIDC What You Did There

FastMCP 2.12.4 adds comprehensive OIDC support and expands authentication options with AWS Cognito and Descope providers. The release also includes improvements to logging middleware, URL handling for nested resources, persistent OAuth client registration storage, and various fixes to the experimental OpenAPI parser.

What's Changed

New Features 🎉

• feat: Add support for OIDC configuration by @​ruhulio in #1817

Enhancements 🔧

• feat: Move the Starlette context middleware to the front by @​akkuman in #1812
• Refactor Logging and Structured Logging Middleware by @​strawgate in #1805
• Update pull_request_template.md by @​jlowin in #1824
• chore: Set redirect_path default in function by @​ruhulio in #1833
• feat: Set instructions in code by @​attiks in #1838
• Automatically Create inline Snapshots by @​strawgate in #1779
• chore: Cleanup Auth0 redirect_path initialization by @​ruhulio in #1842
• feat: Add support for Descope Authentication by @​anvibanga in #1853
• Update descope version badges by @​jlowin in #1870
• Update welcome images by @​jlowin in #1884
• Fix rounded edges of image by @​jlowin in #1886
• optimize test suite by @​zzstoatzz in #1893
• Enhancement: client completions support context_arguments by @​isijoe in #1906
• Update Descope icon by @​anvibanga in #1912
• Add AWS Cognito OAuth Provider for Enterprise Authentication by @​stephaneberle9 in #1873
• Fix typos discovered by codespell by @​cclauss in #1922
• Use lowercase namespace for fastmcp logger by @​jlowin in #1791

Fixes 🐞

• Update quickstart.mdx by @​radi-dev in #1821

... (truncated)

Commits

• dab2b31 Pin MCP to <1.17 for 2.12.5 patch release
• b96e6eb Use lowercase namespace for fastmcp logger (#1791)
• d6aa980 Fix typos discovered by codespell (#1922)
• df9e5ac Fix route count logging in OpenAPI server (#1928)
• 5486b5a Add AWS Cognito OAuth Provider for Enterprise Authentication (#1873)
• fccd081 Clean up code for creating the resource url (#1916)
• 0a8f8bb descope icon (#1912)
• eb0db4f Fix: get_resource_url nested URL handling (#1914)
• 104b965 client: add optional context_arguments to completions (#1906)
• a41600d Fix: Remove JSON schema title metadata while preserving parameters named 'tit...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}