build(deps): bump the version-all group across 1 directory with 17 updates

[dependabot]

Bumps the version-all group with 17 updates in the / directory:

Package	From	To
huggingface-hub	0.34.4	1.4.1
pandas	2.3.2	3.0.0
pillow	11.3.0	12.1.0
tqdm	4.67.1	4.67.3
modal	1.1.4	1.3.2
python-dotenv	1.1.1	1.2.1
gitpython	3.1.45	3.1.46
fastmcp	2.12.4	2.14.5
litellm	1.80.10	1.81.9
tenacity	9.1.2	9.1.4
lmnr	0.7.25	0.7.38
multi-swe-bench	1.1.1	1.1.2
pre-commit	4.3.0	4.5.1
psutil	7.0.0	7.2.2
pyright	1.1.405	1.1.408
ruff	0.13.0	0.15.0
pytest	8.4.2	9.0.2

Updates huggingface-hub from 0.34.4 to 1.4.1

Release notes

Sourced from huggingface-hub's releases.

[v1.4.1] Fix file corruption when server ignores Range header on download retry

Fix file corruption when server ignores Range header on download retry. Full details in huggingface/huggingface_hub#3778 by @​XciD.

Full Changelog: huggingface/huggingface_hub@v1.4.0...v1.4.1

[v1.4.0] Building the HF CLI for You and your AI Agents

🧠 hf skills add CLI Command

A new hf skills add command installs the hf-cli skill for AI coding assistants (Claude Code, Codex, OpenCode). Your AI Agent now knows how to search the Hub, download models, run Jobs, manage repos, and more.

> hf skills add --help
Usage: hf skills add [OPTIONS]
Download a skill and install it for an AI assistant.
Options:
--claude      Install for Claude.
--codex       Install for Codex.
--opencode    Install for OpenCode.
-g, --global  Install globally (user-level) instead of in the current
project directory.
--dest PATH   Install into a custom destination (path to skills directory).
--force       Overwrite existing skills in the destination.
--help        Show this message and exit.
Examples
$ hf skills add --claude
$ hf skills add --claude --global
$ hf skills add --codex --opencode
Learn more
Use hf <command> --help for more information about a command.
Read the documentation at
https://huggingface.co/docs/huggingface_hub/en/guides/cli

The skill is composed of two files fetched from the huggingface_hub docs: a CLI guide (SKILL.md) and the full CLI reference (references/cli.md). Files are installed to a central .agents/skills/hf-cli/ directory, and relative symlinks are created from agent-specific directories (e.g., .claude/skills/hf-cli/ → ../../.agents/skills/hf-cli/). This ensures a single source of truth when installing for multiple agents.

• Add hf skills add CLI command by @​julien-c in #3741
• [CLI] hf skills add installs hf-cli skill to central location with symlinks by @​hanouticelina in #3755

🖥️ Improved CLI Help Output

The CLI help output has been reorganized to be more informative and agent-friendly:

• Commands are now grouped into Main commands and Help commands
• Examples section showing common usage patterns
• Learn more section with links to documentation

... (truncated)

Commits

• 5035d73 Release: v1.4.1
• 8d3db25 Fix file corruption when server ignores Range header on download retry (#3778)
• efd5fc3 Release: v1.4.0
• 4a0a5b5 Release: v1.4.0.rc0
• df7a76f Add retry/backoff when fetching Xet connection info to handle 502 errors (#3768)
• 2fcae4f Fix style issues in CI (#3773)
• 1b03f0b Pass kwargs to post init in dataclasses (#3771)
• 67542bd [CLI] Add hf collections commands (#3767)
• 67ae911 Add more error handling output to hf jobs cli commands (#3744)
• 9123636 [CLI] Dynamic table columns based on --expand field (#3760)
• Additional commits viewable in compare view

Updates pandas from 2.3.2 to 3.0.0

Release notes

Sourced from pandas's releases.

pandas 3.0.0

We are pleased to announce the release of pandas 3.0.0, a major release from the pandas 2.x series. This release includes various new features, bug fixes, and performance improvements, as well as possible breaking changes.

The pandas 3.0 release removed a functionality that was deprecated in previous releases. It is recommended to first upgrade to pandas 2.3 and to ensure your code is working without warnings, before upgrading to pandas 3.0.

Highlights include:

• Dedicated string data type by default
• Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a. getting rid of the SettingWithCopyWarning)
• New default resolution for datetime-like data
• Initial support for the new pd.col syntax

See the announcement blog post and the detailed release notes for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 3.0.0rc2

No release notes provided.

Pandas 3.0.0rc1

No release notes provided.

Pandas 3.0.0rc0

We are pleased to announce a first release candidate for pandas 3.0.0. If all goes well, we'll release pandas 3.0.0 in a few weeks.

See the [whatsnew][0] for a list of all the changes.

The release is available on conda-forge and PyPI.

The release can be installed from PyPI

python -m pip install --upgrade --pre pandas==3.0.0rc0

Or from conda-forge

conda install -c conda-forge/label/pandas_rc pandas==3.0.0rc0

Please report any issues with the release candidate on the pandas issue tracker.

... (truncated)

Commits

• 366ccdf RLS: 3.0.0
• 139f4d0 DOC: split/reorder other enhancements section in 3.0.0 whatsnew notes (#63762)
• fd2a4f4 TST: assert reading of legacy pickles against current data (#61792)
• cc0bcaa DOC: update whatsnew section on datetimelike resolution (#63780)
• 3ddbb49 DOC: remove 2.3.4 whatsnew file from released 3.0 docs (#63779)
• ee63532 CLN: Create temporary HDF5 file path and HDFStore for pytables tests (#63492)
• 9512e99 CoW: better chained assignment warning message for update() method (#63500)
• 1db90d5 API: rename read_iceberg selected_fields keyword to columns (#63748)
• c9b51fa BUG: .str methods failing on PyArrow using regex with \Z (#63705)
• 7cff0f4 API: Period.to_timestamp default to microsecond unit (#63760)
• Additional commits viewable in compare view

Updates pillow from 11.3.0 to 12.1.0

Release notes

Sourced from pillow's releases.

12.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #9368 [@​radarhere]
• Added release notes for #9350 #9366 [@​radarhere]
• Update ImageMorph documentation #9349 [@​radarhere]
• Docs: update major bump cadence #9334 [@​hugovk]
• Add release notes for #9070 #9320 [@​radarhere]
• Updated Ubuntu version #9306 [@​radarhere]
• Update macOS tested Pillow versions #9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #9355 [@​radarhere]
• Update xz to 5.8.2 #9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #9324 [@​radarhere]
• Updated libpng to 1.6.53 #9325 [@​radarhere]
• Update actions/checkout action to v6 #9323 [@renovate[bot]]
• Update dependency mypy to v1.19.0 #9322 [@renovate[bot]]
• Updated libpng to 1.6.51 #9305 [@​radarhere]
• Updated brotli to 1.2.0 #9284 [@​radarhere]
• Update libimagequant to 4.4.1 #9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #9289 [@​radarhere]
• Update github-actions #9277 [@renovate[bot]]

Testing

• Replace pre-commit with prek #9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #9345 [@​radarhere]
• Correct variable type #9335 [@​radarhere]
• Fix ResourceWarnings in selftest.py #9332 [@​hugovk]
• Fix testing good P mode BMP images #9319 [@​radarhere]
• Test Python 3.15 pre-release #9331 [@​hugovk]
• Test ImageFont.ImageFont, in case freetype2 is not supported #9287 [@​radarhere]
• Add Fedora 43 #9290 [@​radarhere]
• Remove Fedora 41 #9260 [@​radarhere]

Type hints

• Add ImageFile context manager #9367 [@​radarhere]
• Assert fp is not None #8617 [@​radarhere]

... (truncated)

Commits

• 46f45f6 12.1.0 version bump
• c9ac097 Simplify band splitting (#9291)
• 3baedf2 Deprecate getdata(), in favour of new get_flattened_data() (#9292)
• b51a036 Specify APNG duration type when opening (#9368)
• 8d08e31 Add release notes for #9348 (#9369)
• 432707e Added release notes for #9348
• 2d58910 Specify APNG duration type when opening
• 8dee8dd Add ImageFile context manager (#9367)
• b2d9bc3 Support saving APNG float durations (#9365)
• f130c10 Allow 1 mode images in MorphOp (#9348)
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates modal from 1.1.4 to 1.3.2

Changelog

Sourced from modal's changelog.

1.3.2 (2026-01-30)

• Modal objects now have a .get_dashboard_url() method. This method will return a URL for viewing that object on the Modal dashboard:

  fc = f.spawn()
  print(fc.get_dashboard_url())  # Easy access to logs, etc.

• There is also a new modal dashboard CLI and new modal app dashboard / modal volume dashboard CLI subcommands:

  modal dashboard  # Opens up the Apps homepage for the current environment
  modal dashboard <object-id>  # Opens up a view of this object
  modal app dashboard <app-name>  # Opens up the dashboard for this deployed App
  modal volume dashboard <volume-name>  # Opens up the file browser for this persistent Volume

• You can now pass a Sandbox ID (sb-xxxxx) directly to the modal container logs CLI.
• The modal token info CLI will now include the token name, if provided at token creation.
• We fixed an issue where modal.Cls.with_options() (or the with_concurrency() / with_batching() methods) could sometimes use stale argument values when called repeatedly.

1.3.1 (2026-01-22)

• We've improved our experimental support for Python 3.14t (free-threaded Python) inside Modal containers.
  • The container environment will now use the Python implementation of the Protobuf runtime rather than the incompatible upb implementation.
  • As 3.14t images are not being published to the official source for our prebuilt modal.Image.debian_slim() images, we recommend using modal.Image.from_registry to build a 3.14t Image:

    modal.Image.from_registry("debian:bookworm-slim", add_python="3.14t")

  • Note that 3.14t support is available only on the 2025.06 Image Builder Version.
  • Support is still experimental, so please share any issues that you encounter running 3.14t in Modal containers.
• It's now possible to provide a custom_domain for a modal.Sandbox:

  sb = modal.Sandbox.create(..., custom_domain="sandboxes.mydomain.com")

  Note that Sandbox custom domains work differently from Function custom domains and must currently be set up manually by Modal; please get in touch if this feature interests you.
• We added a new modal token info CLI command to retrieve information about the credentials that are currently in use.
• We added a --timestamps flag to a number of CLI entrypoints (modal run, modal serve, modal deploy, and modal container logs) to show timestamps in the logging output.
• The automatic CLI creation for modal run entrypoints now supports Literal type annotations, provided that the literal type contains either all str or all int values.
• We've fixed a bug that could cause App builds to fail with an uninformative CancelledError when the App was misconfigured.
• We've improved client resource management when running modal.Sandbox.exec, which avoids a rare thread race condition.

1.3.0 (2025-12-19)

Modal now supports Python 3.14. Python 3.14t (the free-threading build) support is currently a work in progress, because we are waiting for dependencies to be updated with free-threaded support. Additionally, Modal no longer supports Python 3.9, which has reached end-of-life.

We are adding experimental support for detecting cases where Modal's blocking APIs are used in async contexts (which can be a source of bugs or performance issues). You can opt into runtime warnings by setting MODAL_ASYNC_WARNINGS=1 as an environment variable or async_warnings = true as a config field. We will enable these warnings by default in the future; please report any apparent false positives or other issues while support is experimental.

This release also includes a small number of deprecations and behavioral changes:

• The Modal SDK will no longer propagate grpclib.GRPCError types out to the user; our own modal.Error subtypes will be used instead. To avoid disrupting user code that has relied on GRPCError exceptions for control flow, we are temporarily making some exception types inherit from GRPCError so that they will also be caught by except grpclib.GRPCError statements. Accessing the .status attribute of the exception will issue a deprecation warning, but warnings cannot be issued if the exception object is only caught and there is no other interaction with it. We advise proactively migrating any exception handling to use Modal types, as we will remove the dependency on grpclib types entirely in the future. See the modal.exception docs for the mapping from gRPC status codes to Modal exception types.
• The max_inputs parameter in the @app.function() and @app.cls decorators has been renamed to single_use_containers and now takes a boolean value rather than an integer. Note that only max_inputs=1 has been supported, so this has no functional implications. This change is being made to reduce confusion with @modal.concurrent(max_inputs=...) and so that Modal's autoscaler can provide better performance for Functions with single-use containers.

... (truncated)

Commits

• See full diff in compare view

Updates python-dotenv from 1.1.1 to 1.2.1

Release notes

Sourced from python-dotenv's releases.

v1.2.1

What's Changed

• Support reading .env from FIFOs (Unix) by @​sidharth-sudhir in theskumar/python-dotenv#586
• Update CI to use trusted publishing on PyPI

New Contributors

• @​sidharth-sudhir made their first contribution in theskumar/python-dotenv#586

Full Changelog: theskumar/python-dotenv@v1.2.0...v1.2.1

v1.2.0

What's Changed

• style: upgrade to use ruff by @​theskumar in theskumar/python-dotenv#567
• Use sys.exit() instead of exit() by @​theskumar in theskumar/python-dotenv#568
• feat: add PYTHON_DOTENV_DISABLED flag to disable load_dotenv (fixes #510) by @​matthewfranglen in theskumar/python-dotenv#569
• Added Python@3.14: Github CI & tox.ini by @​23f3001135 in theskumar/python-dotenv#579
• ocs: clarify what load_dotenv() does in README by @​cybercoded in theskumar/python-dotenv#575
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in theskumar/python-dotenv#577
• Move project metadata and config to pyproject.toml by @​EpicWink in theskumar/python-dotenv#583

New Contributors

• @​matthewfranglen made their first contribution in theskumar/python-dotenv#569
• @​23f3001135 made their first contribution in theskumar/python-dotenv#579
• @​cybercoded made their first contribution in theskumar/python-dotenv#575
• @​EpicWink made their first contribution in theskumar/python-dotenv#583

Full Changelog: theskumar/python-dotenv@v1.1.1...v1.2.0

Changelog

Sourced from python-dotenv's changelog.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

Commits

• eaf2a91 Do not remove .coverage file
• 8716196 Bump version: 1.2.0 → 1.2.1
• b87807f Update changelog
• 3af77d3 Support reading .env from FIFOs (Unix) (#586)
• 467ee22 Fix test failures after moving config to pyproject.toml
• 76999e7 Move more config pyproject.toml
• 222ce2c Update to use trusted publisher on pypi
• 8ed4f79 Update docs requirements
• 5bf8822 Bump version: 1.1.1 → 1.2.0
• 1fe11cc upadate changelog
• Additional commits viewable in compare view

Updates gitpython from 3.1.45 to 3.1.46

Release notes

Sourced from gitpython's releases.

3.1.46

What's Changed

• Prepare a new release by @​Byron in gitpython-developers/GitPython#2063
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in gitpython-developers/GitPython#2067
• Bump git/ext/gitdb from 335c0f6 to 39d7dbf by @​dependabot[bot] in gitpython-developers/GitPython#2068
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in gitpython-developers/GitPython#2070
• Bump git/ext/gitdb from 39d7dbf to f8fdfec by @​dependabot[bot] in gitpython-developers/GitPython#2071
• Fix type hint for SymbolicReference.reference property by @​emmanuel-ferdman in gitpython-developers/GitPython#2074
• feat: Add support for hasconfig git rule. by @​bvanelli in gitpython-developers/GitPython#2075
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in gitpython-developers/GitPython#2076
• Use actual return type in annotation for method submodule_update by @​extrwi in gitpython-developers/GitPython#2078
• Bump git/ext/gitdb from f8fdfec to 65321a2 by @​dependabot[bot] in gitpython-developers/GitPython#2082
• Preliminary support for index format v3 by @​blahgeek in gitpython-developers/GitPython#2081
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in gitpython-developers/GitPython#2084
• Pin mypy==1.18.2 by @​George-Ogden in gitpython-developers/GitPython#2087
• Respect os.Pathlike by @​George-Ogden in gitpython-developers/GitPython#2086
• Bump git/ext/gitdb from 65321a2 to 4c63ee6 by @​dependabot[bot] in gitpython-developers/GitPython#2093
• Join Pathlike Object to Tree by @​George-Ogden in gitpython-developers/GitPython#2094

New Contributors

• @​emmanuel-ferdman made their first contribution in gitpython-developers/GitPython#2074
• @​bvanelli made their first contribution in gitpython-developers/GitPython#2075
• @​extrwi made their first contribution in gitpython-developers/GitPython#2078
• @​blahgeek made their first contribution in gitpython-developers/GitPython#2081
• @​George-Ogden made their first contribution in gitpython-developers/GitPython#2087

Full Changelog: gitpython-developers/GitPython@3.1.45...3.1.46

Commits

• 9e24eb6 Prepare next release
• b8bb60e Merge pull request #2094 from George-Ogden/join-pathlike
• c8b58c0 Update test/test_tree.py
• 88e2614 Allow joining path to tree
• 9fa28ae Add failing tests for joining paths
• 6d66a02 Merge pull request #2093 from gitpython-developers/dependabot/submodules/git/...
• f738029 Bump git/ext/gitdb from 65321a2 to 4c63ee6
• eecc28d Merge pull request #2086 from George-Ogden/true-pathlike
• 0cb55fb Revert "Add tests with non-ascii characters"
• 1710626 Add tests with non-ascii characters
• Additional commits viewable in compare view

Updates fastmcp from 2.12.4 to 2.14.5

Release notes

Sourced from fastmcp's releases.

v2.14.5: Sealed Docket

Fixes a memory leak in the memory:// docket broker where cancelled tasks accumulated instead of being cleaned up. Bumps pydocket to ≥0.17.2.

What's Changed

Enhancements 🔧

• Bump pydocket to 0.17.2 (memory leak fix) by @​chrisguidry in jlowin/fastmcp#2992

Docs 📚

• Add release notes for v2.14.4 and v2.14.5 by @​jlowin in jlowin/fastmcp#3063

Full Changelog: PrefectHQ/fastmcp@v2.14.4...v2.14.5

v2.14.4: Package Deal

This patch release fixes a fresh install bug where the packaging library was previously installed as a transitive dependency but is no longer—causing an import error on fresh installs without dev dependencies. Also includes a pydocket version pin to avoid Redis connection noise in tests, plus backports from 3.x for $ref dereferencing in tool schemas and the task capabilities location fix.

What's Changed

Enhancements 🔧

• Add release notes for v2.14.2 and v2.14.3 by @​jlowin in jlowin/fastmcp#2851

Fixes 🐞

• Backport: Dereference $ref in tool schemas for MCP client compatibility by @​jlowin in jlowin/fastmcp#2861
• Fix task capabilities location (issue #2870) by @​jlowin in jlowin/fastmcp#2874
• Add missing packaging dependency by @​jlowin in jlowin/fastmcp#2989

Full Changelog: PrefectHQ/fastmcp@v2.14.3...v2.14.4

v2.14.3: Time After Timeout

This patch release fixes an HTTP transport timeout bug where connections were defaulting to 5 seconds instead of respecting MCP's 30-second default, causing premature timeouts for slower operations. Also includes OAuth token storage fixes, Redis key isolation for ACL compliance, and improved ContextVar propagation for ASGI-mounted servers. Plus, the CLI will now nudge you when updates are available (you're welcome, future you).

What's Changed

Enhancements 🔧

• Add debug logging for OAuth token expiry diagnostics by @​jlowin in jlowin/fastmcp#2789
• Add CLI update notifications by @​jlowin in jlowin/fastmcp#2839
• Use pip instead of uv pip in upgrade instructions by @​jlowin in jlowin/fastmcp#2841

Fixes 🐞

• Backport OAuth token storage TTL fix to release/2.x by @​jlowin in jlowin/fastmcp#2798
• Prefix Redis keys with docket name for ACL isolation (2.x backport) by @​chrisguidry in jlowin/fastmcp#2812
• Fix ContextVar propagation for ASGI-mounted servers with tasks by @​chrisguidry in jlowin/fastmcp#2843
• Fix HTTP transport timeout defaulting to 5 seconds by @​jlowin in jlowin/fastmcp#2848

Full Changelog: PrefectHQ/fastmcp@v2.14.2...v2.14.3

v2.14.2: Port Authority

... (truncated)

Changelog

Sourced from fastmcp's changelog.

---

title: "Changelog" icon: "list-check" rss: true

v3.0.0b1: This Beta Work

FastMCP 3.0 rebuilds the framework around three primitives: components, providers, and transforms. Providers source components dynamically—from decorators, filesystems, OpenAPI specs, remote servers, or anywhere else. Transforms modify components as they flow to clients—renaming, namespacing, filtering, securing. The features that required specialized subsystems in v2 now compose naturally from these building blocks.

🔌 Provider Architecture unifies how components are sourced. FileSystemProvider discovers decorated functions from directories with optional hot-reload. SkillsProvider exposes agent skill files as MCP resources. OpenAPIProvider and ProxyProvider get cleaner integrations. Providers are composable—share one across servers, or attach many to one server.

🔄 Transforms add middleware for components. Namespace mounted servers, rename verbose tools, filter by version, control visibility—all without touching source code. ResourcesAsTools and PromptsAsTools expose non-tool components to tool-only clients.

📋 Component Versioning lets you register @tool(version="2.0") alongside older versions. Clients see the highest version by default but can request specific versions. VersionFilter serves different API versions from one codebase.

💾 Session-Scoped State persists across requests. await ctx.set_state() and await ctx.get_state() now survive the full session. Per-session visibility via ctx.enable_components() lets servers adapt dynamically to each client.

⚡ DX Improvements include --reload for auto-restart during development, automatic threadpool dispatch for sync functions, tool timeouts, pagination for large component lists, and OpenTelemetry tracing.

🔐 Component Authorization via @tool(auth=require_scopes("admin")) and AuthMiddleware for server-wide policies.

Breaking changes are minimal: for most servers, updating the import statement is all you need. See the migration guide for details.

What's Changed

New Features 🎉

• Refactor resource behavior and add meta support by @​jlowin in #2611
• Refactor prompt behavior and add meta support by @​jlowin in #2610
• feat: Provider abstraction for dynamic MCP components by @​jlowin in #2622
• Unify component storage in LocalProvider by @​jlowin in #2680
• Introduce ResourceResult as canonical resource return type by @​jlowin in #2734
• Introduce Message and PromptResult as canonical prompt types by @​jlowin in #2738
• Add --reload flag for auto-restart on file changes by @​jlowin in #2816
• Add FileSystemProvider for filesystem-based component discovery by @​jlowin in #2823
• Add standalone decorators and eliminate fastmcp.fs module by @​jlowin in #2832
• Add authorization checks to components and servers by @​jlowin in #2855
• Decorators return functions instead of component objects by @​jlowin in #2856
• Add transform system for modifying components in provider chains by @​jlowin in #2836
• Add OpenTelemetry tracing support by @​chrisguidry in #2869
• Add component versioning and VersionFilter transform by @​jlowin in #2894
• Add version discovery and calling a certain version for components by @​jlowin in #2897
• Refactor visibility to mark-based enabled system by @​jlowin in #2912
• Add session-specific visibility control via Context by @​jlowin in #2917
• Add Skills Provider for exposing agent skills as MCP resources by @​jlowin in #2944

Enhancements 🔧

• Convert mounted servers to MountedProvider by @​jlowin in #2635
• Simplify .key as computed property by @​jlowin in #2648
• Refactor MountedProvider into FastMCPProvider + TransformingProvider by @​jlowin in #2653

... (truncated)

Commits

• 21221b4 Add release notes for v2.14.4 and v2.14.5 (#3063)
• 7d32409 Merge pull request #2992 from jlowin/pydocket-github-validation
• 65d6f06 Bump pydocket to >=0.17.2
• 5f68078 Bump pydocket to >=0.17.2b3
• 0afa029 Make read_resource test flexible for MCP version differences
• 7ad97d9 Update test snapshot for MCP 1.26.0 serialization change
• cd0274c Bump pydocket to >=0.17.2b2
• f1a89eb Bump pydocket to >=0.17.2b1
• c9ed36e Point to fix-cancellation-handling branch
• 8cec853 Point to fix-redis-connection-guards branch
• Additional commits viewable in compare view

Updates litellm from 1.80.10 to 1.81.9

Release notes

Sourced from litellm's releases.

v1.81.3-stable

Full Changelog: BerriAI/litellm@v1.81.3.dev1...v1.81.3-stable

v1.81.9.rc.1

What's Changed

• fix: search tools not found when using per-request routers by @​Quentin-M in BerriAI/litellm#19818
• feat: add faster linting targets for development workflow by @​jquinter in BerriAI/litellm#19729
• Litellm fix langfuse otel trace by @​Harshit28j in BerriAI/litellm#20382
• fix: Preserve streaming content on guardrail-sampled chunks by @​akraines in BerriAI/litellm#20027
• [Fix] Unique Constraint on Daily Tables + Logging When Updates Fail by @​yuneng-jiang in BerriAI/litellm#20394
• [Feature] UI - Search Tools: Show Config Defined Search Tools by @​yuneng-jiang in BerriAI/litellm#20436
• Fix mypy regression: TypedDict key error in fireworks_ai transformation by @​shin-bot-litellm in BerriAI/litellm#20391
• langfuse doc update by @​shivamrawat1 in BerriAI/litellm#20443
• fix(a2a): use text/event-stream SSE format for message/stream endpoint by @​shin-bot-litellm in BerriAI/litellm#20365
• Revert "fix(a2a): use text/event-stream SSE format for message/stream endpoint" by @​ishaan-jaff in BerriAI/litellm#20446
• [Fix] inconsistent response format in anthropic.messages.acreate() when using non anthropic providers by @​ishaan-jaff in BerriAI/litellm#20442
• [Feat] UI - Add sup...

  Description has been truncated