Skip to content

chore(deps): Bump the minor-and-patch group in /a2a/a2a_contact_extractor with 7 updates#499

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/a2a/a2a_contact_extractor/minor-and-patch-0841fef00d
Open

chore(deps): Bump the minor-and-patch group in /a2a/a2a_contact_extractor with 7 updates#499
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/a2a/a2a_contact_extractor/minor-and-patch-0841fef00d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Bumps the minor-and-patch group in /a2a/a2a_contact_extractor with 7 updates:

Package From To
python-multipart 0.0.28 0.0.29
starlette 1.0.0 1.2.0
mcp 1.27.0 1.27.1
pydantic-ai 1.78.0 1.103.0
filelock 3.25.2 3.29.0
fastmcp 3.2.4 3.3.1
anthropic 0.92.0 0.104.1

Updates python-multipart from 0.0.28 to 0.0.29

Release notes

Sourced from python-multipart's releases.

Version 0.0.29

What's Changed

Full Changelog: Kludex/python-multipart@0.0.28...0.0.29

Changelog

Sourced from python-multipart's changelog.

0.0.29 (2026-05-17)

  • Handle malformed RFC 2231 continuations in parse_options_header #270.
Commits

Updates starlette from 1.0.0 to 1.2.0

Release notes

Sourced from starlette's releases.

Version 1.2.0

What's Changed

Full Changelog: Kludex/starlette@1.1.0...1.2.0

Version 1.1.0

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.0.1...1.1.0

Version 1.0.1

What's Changed

Full Changelog: Kludex/starlette@1.0.0...1.0.1

Changelog

Sourced from starlette's changelog.

1.2.0 (May 28, 2026)

Added

  • Support httpx2 in the test client #3291.

1.1.0 (May 23, 2026)

Added

  • Use "application/octet-stream" as the FileResponse media type fallback #3283.

Fixed

  • Only dispatch standard HTTP verbs in HTTPEndpoint #3286.
  • Reject absolute paths in StaticFiles.lookup_path #3287.

1.0.1 (May 21, 2026)

Fixed

  • Ignore malformed Host header when constructing request.url #3279.
Commits

Updates mcp from 1.27.0 to 1.27.1

Release notes

Sourced from mcp's releases.

v1.27.1

What's Changed

Full Changelog: modelcontextprotocol/python-sdk@v1.27.0...v1.27.1

Commits
  • 77431eb [v1.x] refactor: import SSEError from httpx_sse public API (#2561)
  • 2034cae [v1.x] build: restrict httpx to <1.0.0 (#2559)
  • 73d458b [v1.x] fix(auth): coerce empty-string optional URL fields to None in OAuthCli...
  • 8d4c2f5 [v1.x] fix: catch PydanticUserError when generating output schema (pydantic 2...
  • See full diff in compare view

Updates pydantic-ai from 1.78.0 to 1.103.0

Release notes

Sourced from pydantic-ai's releases.

v1.103.0 (2026-05-26)

What's Changed

🚀 Features

🐛 Bug Fixes

New Contributors

Full Changelog: pydantic/pydantic-ai@v1.102.0...v1.103.0

v1.102.0 (2026-05-22)

What's Changed

🛡️ Security

  • Expand IPv6 transition-form handling in URL validation by @​DouweM in pydantic/pydantic-ai#5596
    • Security advisory: SSRF cloud-metadata blocklist bypass via additional IPv6 transition forms GHSA-cg7w-rg45-pc59
    • You are affected only if your application explicitly opts a FileUrl into force_download='allow-local' on a URL that is, or could be, influenced by untrusted input, AND runs on a NAT64- or ISATAP-configured network (e.g. some IPv6-only or dual-stack-with-NAT64 Kubernetes setups).
    • You are not affected if you run on a standard dual-stack cloud VM or container, which does not route these forms in practice.
    • You are not affected if you use any of the bundled integrations to ingest user input: Agent.to_web / clai web; VercelAIAdapter; AGUIAdapter / Agent.to_ag_ui

🐛 Bug Fixes

New Contributors

Full Changelog: pydantic/pydantic-ai@v1.101.0...v1.102.0

v1.101.0 (2026-05-21)

... (truncated)

Commits
  • 7a5bec6 gh-aw: tighten pydantic-ai-stale-issues-finder and share prompt fragments (...
  • d625fa9 ci: constrain hf-xet below deprecated API (#5673)
  • 543b4f8 ci: Fix lowest-version CI dependency resolution (#5564)
  • 4a119b8 fix(toolsets): warn when prepare callbacks return None (#5188)
  • b4de8ae Fix typo in SystemPromptFunc docstring (#5667)
  • aa43e93 Support anthropic_eager_input_streaming in OpenRouterModel (#5656)
  • efd468f fix(vercel-ai): preserve message metadata roundtrips (#5279)
  • d55a211 Add list_prompts and get_prompt functionality to McpServer (#3889)
  • 5c6aea5 fix(ui): Strip force_download flag from client-submitted FileUrl parts in...
  • 0123cf0 gh-aw: add pydantic-ai-stale-issues-finder and share shim workflow fragment...
  • Additional commits viewable in compare view

Updates filelock from 3.25.2 to 3.29.0

Release notes

Sourced from filelock's releases.

3.29.0

What's Changed

Full Changelog: tox-dev/filelock@3.28.0...3.29.0

3.28.0

What's Changed

Full Changelog: tox-dev/filelock@3.27.0...3.28.0

3.27.0

What's Changed

Full Changelog: tox-dev/filelock@3.26.1...3.27.0

3.26.1

What's Changed

New Contributors

Full Changelog: tox-dev/filelock@3.26.0...3.26.1

3.26.0

What's Changed

Full Changelog: tox-dev/filelock@3.25.2...3.26.0

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

3.29.0 (2026-04-19)

  • ✨ feat(soft): enable stale lock detection on Windows :pr:534
  • 🐛 fix(async): use single-thread executor for lock consistency :pr:533
  • build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

3.28.0 (2026-04-14)

  • 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

3.26.1 (2026-04-09)

  • 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
  • build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

3.26.0 (2026-04-06)

  • ✨ feat(soft): add PID inspection and lock breaking :pr:524
  • [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]
  • build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:522 - by :user:dependabot[bot]
  • Remove persist-credentials: false from release job :pr:520
  • [pre-commit.ci] pre-commit autoupdate :pr:519 - by :user:pre-commit-ci[bot]
  • 🔒 ci(workflows): add zizmor security auditing :pr:517
  • [pre-commit.ci] pre-commit autoupdate :pr:516 - by :user:pre-commit-ci[bot]
  • [pre-commit.ci] pre-commit autoupdate :pr:514 - by :user:pre-commit-ci[bot]

3.25.2 (2026-03-11)

  • 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

3.25.1 (2026-03-09)

  • [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
  • 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511

... (truncated)

Commits
  • 469b47f Release 3.29.0
  • e85d072 ✨ feat(soft): enable stale lock detection on Windows (#534)
  • f5ee171 🐛 fix(async): use single-thread executor for lock consistency (#533)
  • 2a95458 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#530)
  • 55de20c Release 3.28.0
  • 476b0e4 🐛 fix(ci): unbreak release workflow, publish to PyPI again (#529)
  • 824713e ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters (#528)
  • 9879de9 [pre-commit.ci] pre-commit autoupdate (#527)
  • 4cfab49 Release 3.26.1
  • 734c9f2 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handli...
  • Additional commits viewable in compare view

Updates fastmcp from 3.2.4 to 3.3.1

Release notes

Sourced from fastmcp's releases.

v3.3.1: Loop There It Is

FastMCP 3.3.1 is a hotfix for the 3.3 packaging split. Clean installs of 3.3.0 could fail on standalone component imports like from fastmcp.tools import tool because component modules reached auth and task primitives through fastmcp.server, pulling in the server/provider stack and exposing a circular import.

Component-level auth and task primitives now live in lightweight utility modules, with the old server import paths preserved as compatibility re-exports. Component imports stay lightweight, existing server-facing imports continue to work, and the release also includes small docs corrections from the 3.3 rollout.

What's Changed

Fixes 🐞

Full Changelog: PrefectHQ/fastmcp@v3.3.0...v3.3.1

v3.3.0: Slim Reaper

FastMCP 3.3 ships fastmcp-slim, a new lightweight distribution that separates the client from the server stack. It also closes out a meaningful backlog of security hardening, observability improvements, and auth additions that accumulated through the 3.2 cycle.

fastmcp-slim

The full FastMCP package pulls in Starlette, Uvicorn, and the rest of the server machinery — necessary for running a server, but wasteful if you're writing a client, a script, or an agent that just needs to talk to MCP. fastmcp-slim is a dependency-light distribution that ships the client and transport layer without any of that.

The import namespace is unchanged:

from fastmcp import Client
async with Client("https://example.com/mcp") as client:
result = await client.call_tool("my_tool", {"arg": "value"})

Install fastmcp-slim[client] anywhere you want FastMCP's client without the server footprint — CI environments, lightweight agents, library dependencies that shouldn't force Uvicorn on downstream users.

Security

The OAuth proxy received three hardening upgrades. Silent consent is now guarded against AS-in-the-middle attacks — a malicious authorization server can no longer silently approve a consent it wasn't meant to handle. Redirect URI allowlist matching now rejects dot-segment paths (/../, /./) that could otherwise bypass prefix checks. And ResponseCachingMiddleware partitions its cache by access token, closing a gap where different users could see each other's cached responses.

Auth

AzureB2CProvider adds first-class support for Azure AD B2C user flows. The OCI provider is fixed for 3.x installs. And OAuthProxy gains a public update_scopes() API for updating the proxy's required scopes after initialization — useful for servers that determine scope requirements at runtime.

Observability

OTEL instrumentation is now fully compliant with MCP semantic conventions. List operations (list_tools, list_resources, list_prompts, list_resource_templates) are instrumented, and delegate spans on proxy servers are enriched with backend attributes.

Thread Affinity

Sync tools run in a thread pool by default. If your tool holds thread-local state or is bound to a specific thread (UI frameworks, some database drivers), you can now opt out:

... (truncated)

Commits
  • d8dcc27 Decouple component imports from server (#4150)
  • 255e3e4 fix(docs): use valid FA icon on client-only package page (#4139)
  • 73df4dc chore: Update SDK documentation (#4096)
  • ee48a0f Refine fastmcp-slim packaging (#4125)
  • bb4894d Add fastmcp-slim for client-only installs (#4122)
  • 8209093 fix(http): terminate active streamable-HTTP transports before lifespan shutdo...
  • cf59a45 Fix OCI Provider issue in 3.x version. Add OCI auth provider example … (#4116)
  • 89b99ec fix(proxy): fall back to live identifier for backend_* span attributes (#4109)
  • 310314c fix: cli option --no-banner is NOT passed to cli but server-spec in-correctly...
  • 28722f8 fix: drop exc_info for expected tool failures, remove unreachable ValidationE...
  • Additional commits viewable in compare view

Updates anthropic from 0.92.0 to 0.104.1

Release notes

Sourced from anthropic's releases.

v0.104.1

0.104.1 (2026-05-21)

Full Changelog: v0.104.0...v0.104.1

Bug Fixes

  • streaming: carry encrypted_content through beta compaction accumulator (#1821) (f7a720c)

v0.104.0

0.104.0 (2026-05-21)

Full Changelog: v0.103.1...v0.104.0

Features

  • api: Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (80d0fdf)

v0.103.1

0.103.1 (2026-05-19)

Full Changelog: v0.103.0...v0.103.1

Bug Fixes

  • runner: skip tool calls SessionToolRunner does not own (#1817) (9425c6a)

v0.103.0

0.103.0 (2026-05-19)

Full Changelog: v0.102.0...v0.103.0

Features

  • client: Add support for self-hosted sandboxes in CMA with sandbox helpers (e5625b0)

v0.102.0

0.102.0 (2026-05-13)

Full Changelog: v0.101.0...v0.102.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (3681f10)
  • api: Add support for cache diagnostics beta (db51c6c)
  • internal/types: support eagerly validating pydantic iterators (68dabb0)

Chores

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.104.1 (2026-05-21)

Full Changelog: v0.104.0...v0.104.1

Bug Fixes

  • streaming: carry encrypted_content through beta compaction accumulator (#1821) (f7a720c)

0.104.0 (2026-05-21)

Full Changelog: v0.103.1...v0.104.0

Features

  • api: Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (80d0fdf)

0.103.1 (2026-05-19)

Full Changelog: v0.103.0...v0.103.1

Bug Fixes

  • runner: skip tool calls SessionToolRunner does not own (#1817) (9425c6a)

0.103.0 (2026-05-19)

Full Changelog: v0.102.0...v0.103.0

Features

  • client: Add support for self-hosted sandboxes in CMA with sandbox helpers (e5625b0)

0.102.0 (2026-05-13)

Full Changelog: v0.101.0...v0.102.0

Features

  • api: Add BetaManagedAgentsSearchResultBlock types (3681f10)
  • api: Add support for cache diagnostics beta (db51c6c)
  • internal/types: support eagerly validating pydantic iterators (68dabb0)

Chores

0.101.0 (2026-05-11)

Full Changelog: v0.100.0...v0.101.0

... (truncated)

Commits
  • 5db69c6 release: 0.104.1
  • 5fe4933 fix(streaming): carry encrypted_content through beta compaction accumulator (...
  • aaaacb5 release: 0.104.0
  • 4b05172 feat(api): Add support for thinking-token-count beta for estimated tokens in ...
  • 28cdc33 release: 0.103.1
  • 321efe5 fix(runner): skip tool calls SessionToolRunner does not own (#1817)
  • a28508b release: 0.103.0 (#1565)
  • 9aa85c8 release: 0.102.0 (#1532)
  • e8e6f66 release: 0.101.0
  • c7e3411 feat(aws): Add AWS client for Claude Platform on AWS
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the minor-and-patch group
cbd2f0c 
Bumps the minor-and-patch group in /a2a/a2a_contact_extractor with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.29` |
| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.2.0` |
| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.27.0` | `1.27.1` |
| [pydantic-ai](https://github.com/pydantic/pydantic-ai) | `1.78.0` | `1.103.0` |
| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.2` | `3.29.0` |
| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `3.2.4` | `3.3.1` |
| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.92.0` | `0.104.1` |


Updates `python-multipart` from 0.0.28 to 0.0.29
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md)
- [Commits](Kludex/python-multipart@0.0.28...0.0.29)

Updates `starlette` from 1.0.0 to 1.2.0
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@1.0.0...1.2.0)

Updates `mcp` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases)
- [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md)
- [Commits](modelcontextprotocol/python-sdk@v1.27.0...v1.27.1)

Updates `pydantic-ai` from 1.78.0 to 1.103.0
- [Release notes](https://github.com/pydantic/pydantic-ai/releases)
- [Changelog](https://github.com/pydantic/pydantic-ai/blob/main/docs/changelog.md)
- [Commits](pydantic/pydantic-ai@v1.78.0...v1.103.0)

Updates `filelock` from 3.25.2 to 3.29.0
- [Release notes](https://github.com/tox-dev/py-filelock/releases)
- [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst)
- [Commits](tox-dev/filelock@3.25.2...3.29.0)

Updates `fastmcp` from 3.2.4 to 3.3.1
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.2.4...v3.3.1)

Updates `anthropic` from 0.92.0 to 0.104.1
- [Release notes](https://github.com/anthropics/anthropic-sdk-python/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-python@v0.92.0...v0.104.1)

---
updated-dependencies:
- dependency-name: python-multipart
  dependency-version: 0.0.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: starlette
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: mcp
  dependency-version: 1.27.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: pydantic-ai
  dependency-version: 1.103.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: filelock
  dependency-version: 3.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: fastmcp
  dependency-version: 3.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: anthropic
  dependency-version: 0.104.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 28, 2026
This was referenced May 28, 2026
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

Kagenti Issue Prioritization
Status: New /:ToDo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rubambiza