Skip to content

chore(deps): Bump the minor-and-patch group in /mcp/cloud_storage_tool with 3 updates#677

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/mcp/cloud_storage_tool/minor-and-patch-34f6a236d7
Open

chore(deps): Bump the minor-and-patch group in /mcp/cloud_storage_tool with 3 updates#677
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/mcp/cloud_storage_tool/minor-and-patch-34f6a236d7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group in /mcp/cloud_storage_tool with 3 updates: google-cloud-storage, boto3 and fastmcp.

Updates google-cloud-storage from 3.12.0 to 3.12.1

Release notes

Sourced from google-cloud-storage's releases.

google-cloud-storage: v3.12.1

3.12.1 (2026-07-07)

Bug Fixes

  • storage: log occasional (1 in 5 million) additional bytes received from GCS in read path (#17423) (335c12f)
Changelog

Sourced from google-cloud-storage's changelog.

Changelog

PyPI History

3.15.0 (2026-06-02)

Features

3.14.0 (2026-04-02)

Features

3.13.0 (2026-03-26)

Features

Bug Fixes

Commits
  • fc6b861 chore: release main (#17600)
  • 9638879 feat: update googleapis and regenerate (#17635)
  • 6a49390 chore: update goldens (#17632)
  • 32862f0 docs(logging): fix StructuredLogHandler docstring parameter name (#17625)
  • d68c11d chore(deps): Bump Pillow version constraint in google-cloud-documentai-toolbo...
  • adf7d27 test(spanner): await database calls in async snippets (#17627)
  • 247e2ad refactor(auth): replace pyOpenSSL with standard ssl and cryptography (#16976)
  • fd0e4b6 chore(spanner): remove unused asyncio import in samples (#17620)
  • f538ad8 fix(auth): handle PermissionError on workload certificates to avoid startup h...
  • 0f4bfed fix: bump gdal from 3.13.0 to 3.13.1 in /packages/bigframes (#17609)
  • Additional commits viewable in compare view

Updates boto3 from 1.43.40 to 1.43.45

Commits
  • 75de637 Merge branch 'release-1.43.45'
  • 497253d Bumping version to 1.43.45
  • 5e9768e Add changelog entries from botocore
  • 19a915b Merge branch 'release-1.43.44'
  • 1b69a06 Merge branch 'release-1.43.44' into develop
  • b0e3f6a Bumping version to 1.43.44
  • d190ab9 Add changelog entries from botocore
  • fb07aa2 Merge branch 'release-1.43.43'
  • b847379 Merge branch 'release-1.43.43' into develop
  • 42f28ac Bumping version to 1.43.43
  • Additional commits viewable in compare view

Updates fastmcp from 3.4.2 to 3.4.4

Release notes

Sourced from fastmcp's releases.

v3.4.4: Host in Translation

FastMCP 3.4.4 restores HTTP deployment compatibility after the 3.4.3 Host/Origin guard changed default behavior for existing ASGI, serverless, and reverse-proxy deployments. The guard implementation remains available for deployments that opt in with explicit trusted hosts and origins, while 3.x returns to accepting traffic that worked before the patch. This release also adds Hugging Face OAuth provider support, with docs and examples for public and private apps, PKCE, Dynamic Client Registration, and CIMD.

What's Changed

Enhancements ✨

Fixes 🐞

Docs 📚

New Contributors

Full Changelog: PrefectHQ/fastmcp@v3.4.3...v3.4.4

v3.4.3: The Fast and the Secure-ious

FastMCP 3.4.3 closes out a month of SSRF and OAuth hardening: NAT64, 6to4, Teredo, and ISATAP transition addresses can no longer smuggle private IPv4 targets past the SSRF allow-list, Streamable HTTP now validates Host and Origin before session handling to block DNS rebinding against localhost-bound servers, and OAuth redirect validation rejects unsafe schemes and unregistered DCR redirect URIs. Alongside the security work, this release also fixes proxy session teardown races, discriminator-tag handling in JSON schema conversion, and several smaller reliability issues.

What's Changed

Enhancements ✨

Security 🔒

Fixes 🐞

... (truncated)

Changelog

Sourced from fastmcp's changelog.


title: "Changelog" icon: "list-check" rss: true tag: NEW

v3.4.4: Host in Translation

FastMCP 3.4.4 restores HTTP deployment compatibility after the 3.4.3 Host/Origin guard changed default behavior for existing ASGI, serverless, and reverse-proxy deployments. The guard implementation remains available for deployments that opt in with explicit trusted hosts and origins, while 3.x returns to accepting traffic that worked before the patch. This release also adds Hugging Face OAuth provider support, with docs and examples for public and private apps, PKCE, Dynamic Client Registration, and CIMD.

Enhancements ✨

Fixes 🐞

New Contributors

Full Changelog: v3.4.3...v3.4.4

v3.4.3: The Fast and the Secure-ious

FastMCP 3.4.3 closes out a month of SSRF and OAuth hardening: NAT64, 6to4, Teredo, and ISATAP transition addresses can no longer smuggle private IPv4 targets past the SSRF allow-list, Streamable HTTP now validates Host and Origin before session handling to block DNS rebinding against localhost-bound servers, and OAuth redirect validation rejects unsafe schemes and unregistered DCR redirect URIs. Alongside the security work, this release also fixes proxy session teardown races, discriminator-tag handling in JSON schema conversion, and several smaller reliability issues.

Enhancements ✨

  • Dedupe discriminator-required helper across schema converters by @​jlowin in #4362
  • Add real Monty sandbox e2e coverage for CodeMode call_tool by @​AlexlaGuardia in #4274
  • Switch prettier hook to rbubley/mirrors-prettier by @​jlowin in #4366
  • feat(remote): add --verify flag for TLS certificate verification by @​jlowin in #4369

Security 🔒

Fixes 🐞

  • fix: caching middleware TypeError on cache miss due to mismatched call_next parameter by @​gmenziesint in #4301
  • Fix: async rate limiting middleware get_client_id callbacks by @​Chotom in #4319

... (truncated)

Commits
  • 9138d40 Docs: add v3.4.4 changelog entries (#4473)
  • d929882 Hugging Face Auth Integration (#4385)
  • 5fe4fae Restore HTTP host guard compatibility (#4472)
  • 400db61 Relax host origin guard defaults (#4439)
  • 1eedd1f Docs: add v3.4.2 and v3.4.3 changelog entries (#4430)
  • 3b1afe6 chore(deps): bump joserfc from 1.6.7 to 1.6.8 in the uv group across 1 direct...
  • 874425a chore: Update SDK documentation (#4427)
  • 691766b [codex] Fix OpenAPI resource template requests (#4407)
  • 47907e0 Fix ty 0.0.55 diagnostics and prefab-ui protocol version drift (#4428)
  • c1b0396 Block IPv6 transition SSRF bypasses (#4426)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group in /mcp/cloud_storage_tool with 3 updates: [google-cloud-storage](https://github.com/googleapis/google-cloud-python), [boto3](https://github.com/boto/boto3) and [fastmcp](https://github.com/PrefectHQ/fastmcp).


Updates `google-cloud-storage` from 3.12.0 to 3.12.1
- [Release notes](https://github.com/googleapis/google-cloud-python/releases)
- [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/google-cloud-documentai/CHANGELOG.md)
- [Commits](googleapis/google-cloud-python@google-cloud-storage-v3.12.0...google-cloud-storage-v3.12.1)

Updates `boto3` from 1.43.40 to 1.43.45
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.40...1.43.45)

Updates `fastmcp` from 3.4.2 to 3.4.4
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.4.2...v3.4.4)

---
updated-dependencies:
- dependency-name: google-cloud-storage
  dependency-version: 3.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: boto3
  dependency-version: 1.43.45
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: fastmcp
  dependency-version: 3.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

Status: New/ToDo

Development

Successfully merging this pull request may close these issues.

1 participant