chore(deps)(deps): bump the production-minor-patch group across 1 directory with 3 updates

[dependabot]

Bumps the production-minor-patch group with 3 updates in the /sdk directory: faststream, fastmcp and faststream[kafka].

Updates faststream from 0.6.5 to 0.6.6

Release notes

Sourced from faststream's releases.

v0.6.6

What's Changed

• Add support for aiokafka 0.13 by @​dolfinus in ag2ai/faststream#2754
• docs: replaced missing coverage commands with existing ones by @​literally-user in ag2ai/faststream#2734
• Feature: Add raw client bench by @​Flosckow in ag2ai/faststream#2645
• chore: revert fastapi v128 check by @​Flosckow in ag2ai/faststream#2740
• chore: ruff F811 by @​chirizxc in ag2ai/faststream#2737
• chore: add hash to actions by @​Flosckow in ag2ai/faststream#2741
• fix: xautoclaim compatibility with old version redis by @​ksayer in ag2ai/faststream#2750

New Contributors

• @​literally-user made their first contribution in ag2ai/faststream#2734
• @​ksayer made their first contribution in ag2ai/faststream#2750

Full Changelog: ag2ai/faststream@0.6.5...0.6.6

Commits

• b17f0fc Update Release Notes for 0.6.5 (#2727)
• 7f5ee55 Bump version from 0.6.5 to 0.6.6 (#2761)
• 3d56639 chore(deps): bump the pip group across 1 directory with 13 updates (#2760)
• 94b7aaa Add support for aiokafka 0.13 (#2754)
• 0e77be0 chore(deps): bump protobuf from 6.33.2 to 6.33.5 (#2757)
• c4a91f2 chore(deps): bump the github-actions group with 2 updates (#2755)
• 0911739 chore(deps): bump python-multipart from 0.0.21 to 0.0.22 (#2753)
• e7e9d39 chore(deps): bump actions/checkout in the github-actions group (#2751)
• 6b237a0 fix: xautoclaim compatibility with old version redis (#2750)
• d087e30 chore(deps): bump astral-sh/setup-uv in the github-actions group (#2745)
• Additional commits viewable in compare view

Updates fastmcp from 2.14.3 to 2.14.5

Release notes

Sourced from fastmcp's releases.

v2.14.5: Sealed Docket

Fixes a memory leak in the memory:// docket broker where cancelled tasks accumulated instead of being cleaned up. Bumps pydocket to ≥0.17.2.

What's Changed

Enhancements 🔧

• Bump pydocket to 0.17.2 (memory leak fix) by @​chrisguidry in jlowin/fastmcp#2992

Docs 📚

• Add release notes for v2.14.4 and v2.14.5 by @​jlowin in jlowin/fastmcp#3063

Full Changelog: jlowin/fastmcp@v2.14.4...v2.14.5

v2.14.4: Package Deal

This patch release fixes a fresh install bug where the packaging library was previously installed as a transitive dependency but is no longer—causing an import error on fresh installs without dev dependencies. Also includes a pydocket version pin to avoid Redis connection noise in tests, plus backports from 3.x for $ref dereferencing in tool schemas and the task capabilities location fix.

What's Changed

Enhancements 🔧

• Add release notes for v2.14.2 and v2.14.3 by @​jlowin in jlowin/fastmcp#2851

Fixes 🐞

• Backport: Dereference $ref in tool schemas for MCP client compatibility by @​jlowin in jlowin/fastmcp#2861
• Fix task capabilities location (issue #2870) by @​jlowin in jlowin/fastmcp#2874
• Add missing packaging dependency by @​jlowin in jlowin/fastmcp#2989

Full Changelog: jlowin/fastmcp@v2.14.3...v2.14.4

Changelog

Sourced from fastmcp's changelog.

---

title: "Changelog" icon: "list-check" rss: true

v3.0.0b1: This Beta Work

FastMCP 3.0 rebuilds the framework around three primitives: components, providers, and transforms. Providers source components dynamically—from decorators, filesystems, OpenAPI specs, remote servers, or anywhere else. Transforms modify components as they flow to clients—renaming, namespacing, filtering, securing. The features that required specialized subsystems in v2 now compose naturally from these building blocks.

🔌 Provider Architecture unifies how components are sourced. FileSystemProvider discovers decorated functions from directories with optional hot-reload. SkillsProvider exposes agent skill files as MCP resources. OpenAPIProvider and ProxyProvider get cleaner integrations. Providers are composable—share one across servers, or attach many to one server.

🔄 Transforms add middleware for components. Namespace mounted servers, rename verbose tools, filter by version, control visibility—all without touching source code. ResourcesAsTools and PromptsAsTools expose non-tool components to tool-only clients.

📋 Component Versioning lets you register @tool(version="2.0") alongside older versions. Clients see the highest version by default but can request specific versions. VersionFilter serves different API versions from one codebase.

💾 Session-Scoped State persists across requests. await ctx.set_state() and await ctx.get_state() now survive the full session. Per-session visibility via ctx.enable_components() lets servers adapt dynamically to each client.

⚡ DX Improvements include --reload for auto-restart during development, automatic threadpool dispatch for sync functions, tool timeouts, pagination for large component lists, and OpenTelemetry tracing.

🔐 Component Authorization via @tool(auth=require_scopes("admin")) and AuthMiddleware for server-wide policies.

Breaking changes are minimal: for most servers, updating the import statement is all you need. See the migration guide for details.

What's Changed

New Features 🎉

• Refactor resource behavior and add meta support by @​jlowin in #2611
• Refactor prompt behavior and add meta support by @​jlowin in #2610
• feat: Provider abstraction for dynamic MCP components by @​jlowin in #2622
• Unify component storage in LocalProvider by @​jlowin in #2680
• Introduce ResourceResult as canonical resource return type by @​jlowin in #2734
• Introduce Message and PromptResult as canonical prompt types by @​jlowin in #2738
• Add --reload flag for auto-restart on file changes by @​jlowin in #2816
• Add FileSystemProvider for filesystem-based component discovery by @​jlowin in #2823
• Add standalone decorators and eliminate fastmcp.fs module by @​jlowin in #2832
• Add authorization checks to components and servers by @​jlowin in #2855
• Decorators return functions instead of component objects by @​jlowin in #2856
• Add transform system for modifying components in provider chains by @​jlowin in #2836
• Add OpenTelemetry tracing support by @​chrisguidry in #2869
• Add component versioning and VersionFilter transform by @​jlowin in #2894
• Add version discovery and calling a certain version for components by @​jlowin in #2897
• Refactor visibility to mark-based enabled system by @​jlowin in #2912
• Add session-specific visibility control via Context by @​jlowin in #2917
• Add Skills Provider for exposing agent skills as MCP resources by @​jlowin in #2944

Enhancements 🔧

• Convert mounted servers to MountedProvider by @​jlowin in #2635
• Simplify .key as computed property by @​jlowin in #2648
• Refactor MountedProvider into FastMCPProvider + TransformingProvider by @​jlowin in #2653

... (truncated)

Commits

• 21221b4 Add release notes for v2.14.4 and v2.14.5 (#3063)
• 7d32409 Merge pull request #2992 from jlowin/pydocket-github-validation
• 65d6f06 Bump pydocket to >=0.17.2
• 5f68078 Bump pydocket to >=0.17.2b3
• 0afa029 Make read_resource test flexible for MCP version differences
• 7ad97d9 Update test snapshot for MCP 1.26.0 serialization change
• cd0274c Bump pydocket to >=0.17.2b2
• f1a89eb Bump pydocket to >=0.17.2b1
• c9ed36e Point to fix-cancellation-handling branch
• 8cec853 Point to fix-redis-connection-guards branch
• Additional commits viewable in compare view

Updates faststream[kafka] from 0.6.5 to 0.6.6

Release notes

Sourced from faststream[kafka]'s releases.

v0.6.6

What's Changed

• Add support for aiokafka 0.13 by @​dolfinus in ag2ai/faststream#2754
• docs: replaced missing coverage commands with existing ones by @​literally-user in ag2ai/faststream#2734
• Feature: Add raw client bench by @​Flosckow in ag2ai/faststream#2645
• chore: revert fastapi v128 check by @​Flosckow in ag2ai/faststream#2740
• chore: ruff F811 by @​chirizxc in ag2ai/faststream#2737
• chore: add hash to actions by @​Flosckow in ag2ai/faststream#2741
• fix: xautoclaim compatibility with old version redis by @​ksayer in ag2ai/faststream#2750

New Contributors

• @​literally-user made their first contribution in ag2ai/faststream#2734
• @​ksayer made their first contribution in ag2ai/faststream#2750

Full Changelog: ag2ai/faststream@0.6.5...0.6.6

Commits

• b17f0fc Update Release Notes for 0.6.5 (#2727)
• 7f5ee55 Bump version from 0.6.5 to 0.6.6 (#2761)
• 3d56639 chore(deps): bump the pip group across 1 directory with 13 updates (#2760)
• 94b7aaa Add support for aiokafka 0.13 (#2754)
• 0e77be0 chore(deps): bump protobuf from 6.33.2 to 6.33.5 (#2757)
• c4a91f2 chore(deps): bump the github-actions group with 2 updates (#2755)
• 0911739 chore(deps): bump python-multipart from 0.0.21 to 0.0.22 (#2753)
• e7e9d39 chore(deps): bump actions/checkout in the github-actions group (#2751)
• 6b237a0 fix: xautoclaim compatibility with old version redis (#2750)
• d087e30 chore(deps): bump astral-sh/setup-uv in the github-actions group (#2745)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions