Bump mcp from 1.22.0 to 1.23.0 #12

dependabot · 2025-12-02T17:04:31Z

Bumps mcp from 1.22.0 to 1.23.0.

Release notes

v1.23.0

Summary

This release brings us up to speed with the latest MCP spec 2025-11-25. Take a look at the latest spec as well as the release blog post.

What's Changed

Add tests for JSON Schema 2020-12 field preservation (SEP-1613) by @felixweinberger in modelcontextprotocol/python-sdk#1649

Add client_secret_basic authentication support by @jonshea in modelcontextprotocol/python-sdk#1334

Implement SEP-1577 - Sampling With Tools by @ochafik in modelcontextprotocol/python-sdk#1594

SEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by @chughtapan in modelcontextprotocol/python-sdk#1246

[auth][conformance] add conformance auth client by @pcarleton in modelcontextprotocol/python-sdk#1640

Implement SEP-986: Tool name validation by @felixweinberger in modelcontextprotocol/python-sdk#1655

fix: url for spec by @felixweinberger in modelcontextprotocol/python-sdk#1659

feat: implement SEP-991 URL-based client ID (CIMD) support by @pcarleton in modelcontextprotocol/python-sdk#1652

Update doc string on custom_route by @pcarleton in modelcontextprotocol/python-sdk#1660

Implement SEP-1036: URL mode elicitation for secure out-of-band interactions by @cbcoutinho in modelcontextprotocol/python-sdk#1580

Skip empty SSE data to avoid parsing errors by @felixweinberger in modelcontextprotocol/python-sdk#1670

SEP-1686: Tasks by @maxisbey in modelcontextprotocol/python-sdk#1645

Add on_session_created callback option by @crondinini-ant in modelcontextprotocol/python-sdk#1710

Add SSE polling support (SEP-1699) by @felixweinberger in modelcontextprotocol/python-sdk#1654

Support client_credentials flow with JWT and Basic auth by @pcarleton in modelcontextprotocol/python-sdk#1663

feat: backwards-compatible create_message overloads for SEP-1577 by @felixweinberger in modelcontextprotocol/python-sdk#1713

Auto-enable DNS rebinding protection for localhost servers by @pcarleton (d3a184119e4479ea6a63590bc41f01dc06e3fa99)

New Contributors

@ochafik made their first contribution in modelcontextprotocol/python-sdk#1594

Full Changelog: modelcontextprotocol/python-sdk@v1.22.0...v1.23.0

Commits

d3a1841 Merge commit from fork
fa851d9 feat: backwards-compatible create_message overloads for SEP-1577 (#1713)
f82b0c9 Support client_credentials flow with JWT and Basic auth (#1663)
281fd47 Add SSE polling support (SEP-1699) (#1654)
2cd178a Add on_session_created callback option (#1710)
c92bb2f SEP-1686: Tasks (#1645)
5983a65 Skip empty SSE data to avoid parsing errors (#1670)
02b7889 Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...
27279bc Update doc string on custom_route (#1660)
f225013 feat: implement SEP-991 URL-based client ID (CIMD) support (#1652)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Updates poetry.lock (Poetry 2.2.1), bumping mcp to 1.23.0 and refining markers/removing duplicate entries for several dependencies.

Dependencies:
- Bump mcp from 1.22.0 to 1.23.0.
- Regenerate poetry.lock with Poetry 2.2.1.
- Clean up duplicate/alternative entries and adjust markers for packages like click, cryptography, google-cloud-iam, numpy, pycparser, tomli, and uvicorn.
- Minor dependency constraint tweaks (e.g., google-cloud-iam deps/markers).

^{Written by Cursor Bugbot for commit 58691db. This will update automatically on new commits. Configure here.}

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [mcp](https://github.com/modelcontextprotocol/python-sdk) from 1.22.0 to 1.23.0. - [Release notes](https://github.com/modelcontextprotocol/python-sdk/releases) - [Changelog](https://github.com/modelcontextprotocol/python-sdk/blob/main/RELEASE.md) - [Commits](modelcontextprotocol/python-sdk@v1.22.0...v1.23.0) --- updated-dependencies: - dependency-name: mcp dependency-version: 1.23.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

cursor

Bug: Cryptography downgraded from 46.x to 43.x for Python 3.10+

The lock file regeneration removes the Python version-specific marker for cryptography and eliminates the 46.0.3 entry entirely. Previously, Python 3.10+ users received cryptography 46.0.3 while Python 3.9 got 43.0.3. Now all Python versions receive 43.0.3. This is a significant downgrade of a security-critical package spanning three major versions (approximately one year of releases), which could reintroduce fixed vulnerabilities. The PR description only mentions the mcp bump, suggesting this may be an unintended side effect of lock file regeneration.

poetry.lock#L1084-L1133

litellm/poetry.lock

Lines 1084 to 1133 in 58691db

    
           [[package]] 
        
           name = "cryptography" 
        
           version = "43.0.3" 
        
           description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." 
        
           optional = false 
        
           python-versions = ">=3.7" 
        
           groups = ["main", "dev", "proxy-dev"] 
        
           files = [ 
        
               {file = "cryptography-43.0.3-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63efa177ff54aec6e1c0aefaa1a241232dcd37413835a9b674b6e3f0ae2bfd3e"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e1ce50266f4f70bf41a2c6dc4358afadae90e2a1e5342d3c08883df1675374f"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:443c4a81bb10daed9a8f334365fe52542771f25aedaf889fd323a853ce7377d6"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:74f57f24754fe349223792466a709f8e0c093205ff0dca557af51072ff47ab18"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9762ea51a8fc2a88b70cf2995e5675b38d93bf36bd67d91721c309df184f49bd"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:81ef806b1fef6b06dcebad789f988d3b37ccaee225695cf3e07648eee0fc6b73"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-win32.whl", hash = "sha256:cbeb489927bd7af4aa98d4b261af9a5bc025bd87f0e3547e11584be9e9427be2"}, 
        
               {file = "cryptography-43.0.3-cp37-abi3-win_amd64.whl", hash = "sha256:f46304d6f0c6ab8e52770addfa2fc41e6629495548862279641972b6215451cd"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:8ac43ae87929a5982f5948ceda07001ee5e83227fd69cf55b109144938d96984"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:846da004a5804145a5f441b8530b4bf35afbf7da70f82409f151695b127213d5"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f996e7268af62598f2fc1204afa98a3b5712313a55c4c9d434aef49cadc91d4"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:f7b178f11ed3664fd0e995a47ed2b5ff0a12d893e41dd0494f406d1cf555cab7"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:c2e6fc39c4ab499049df3bdf567f768a723a5e8464816e8f009f121a5a9f4405"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:e1be4655c7ef6e1bbe6b5d0403526601323420bcf414598955968c9ef3eb7d16"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:df6b6c6d742395dd77a23ea3728ab62f98379eff8fb61be2744d4679ab678f73"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-win32.whl", hash = "sha256:d56e96520b1020449bbace2b78b603442e7e378a9b3bd68de65c782db1507995"}, 
        
               {file = "cryptography-43.0.3-cp39-abi3-win_amd64.whl", hash = "sha256:0c580952eef9bf68c4747774cde7ec1d85a6e61de97281f2dba83c7d2c806362"}, 
        
               {file = "cryptography-43.0.3-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:d03b5621a135bffecad2c73e9f4deb1a0f977b9a8ffe6f8e002bf6c9d07b918c"}, 
        
               {file = "cryptography-43.0.3-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a2a431ee15799d6db9fe80c82b055bae5a752bef645bba795e8e52687c69efe3"}, 
        
               {file = "cryptography-43.0.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:281c945d0e28c92ca5e5930664c1cefd85efe80e5c0d2bc58dd63383fda29f83"}, 
        
               {file = "cryptography-43.0.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:f18c716be16bc1fea8e95def49edf46b82fccaa88587a45f8dc0ff6ab5d8e0a7"}, 
        
               {file = "cryptography-43.0.3-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:4a02ded6cd4f0a5562a8887df8b3bd14e822a90f97ac5e544c162899bc467664"}, 
        
               {file = "cryptography-43.0.3-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:53a583b6637ab4c4e3591a15bc9db855b8d9dee9a669b550f311480acab6eb08"}, 
        
               {file = "cryptography-43.0.3-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:1ec0bcf7e17c0c5669d881b1cd38c4972fade441b27bda1051665faaa89bdcaa"}, 
        
               {file = "cryptography-43.0.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:2ce6fae5bdad59577b44e4dfed356944fbf1d925269114c28be377692643b4ff"}, 
        
               {file = "cryptography-43.0.3.tar.gz", hash = "sha256:315b9001266a492a6ff443b61238f956b214dbec9910a081ba5b6646a055a805"}, 
        
           ] 
        
           [package.dependencies] 
        
           cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""} 
        
           [package.extras] 
        
           docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"] 
        
           docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"] 
        
           nox = ["nox"] 
        
           pep8test = ["check-sdist", "click", "mypy", "ruff"] 
        
           sdist = ["build"] 
        
           ssh = ["bcrypt (>=3.1.5)"] 
        
           test = ["certifi", "cryptography-vectors (==43.0.3)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"] 
        
           test-randomorder = ["pytest-randomly"]

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Dec 2, 2025

dependabot bot mentioned this pull request Dec 2, 2025

Bump mcp from 1.9.3 to 1.10.0 #5

Closed

cursor bot reviewed Dec 2, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump mcp from 1.22.0 to 1.23.0 #12

Bump mcp from 1.22.0 to 1.23.0 #12

Uh oh!

dependabot bot commented on behalf of github Dec 2, 2025 •

edited

Loading

Uh oh!

cursor bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

	[[package]]
	name = "cryptography"
	version = "43.0.3"
	description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
	optional = false
	python-versions = ">=3.7"
	groups = ["main", "dev", "proxy-dev"]
	files = [
	{file = "cryptography-43.0.3-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"},
	{file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63efa177ff54aec6e1c0aefaa1a241232dcd37413835a9b674b6e3f0ae2bfd3e"},
	{file = "cryptography-43.0.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e1ce50266f4f70bf41a2c6dc4358afadae90e2a1e5342d3c08883df1675374f"},
	{file = "cryptography-43.0.3-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:443c4a81bb10daed9a8f334365fe52542771f25aedaf889fd323a853ce7377d6"},
	{file = "cryptography-43.0.3-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:74f57f24754fe349223792466a709f8e0c093205ff0dca557af51072ff47ab18"},
	{file = "cryptography-43.0.3-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9762ea51a8fc2a88b70cf2995e5675b38d93bf36bd67d91721c309df184f49bd"},
	{file = "cryptography-43.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:81ef806b1fef6b06dcebad789f988d3b37ccaee225695cf3e07648eee0fc6b73"},
	{file = "cryptography-43.0.3-cp37-abi3-win32.whl", hash = "sha256:cbeb489927bd7af4aa98d4b261af9a5bc025bd87f0e3547e11584be9e9427be2"},
	{file = "cryptography-43.0.3-cp37-abi3-win_amd64.whl", hash = "sha256:f46304d6f0c6ab8e52770addfa2fc41e6629495548862279641972b6215451cd"},
	{file = "cryptography-43.0.3-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:8ac43ae87929a5982f5948ceda07001ee5e83227fd69cf55b109144938d96984"},
	{file = "cryptography-43.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:846da004a5804145a5f441b8530b4bf35afbf7da70f82409f151695b127213d5"},
	{file = "cryptography-43.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f996e7268af62598f2fc1204afa98a3b5712313a55c4c9d434aef49cadc91d4"},
	{file = "cryptography-43.0.3-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:f7b178f11ed3664fd0e995a47ed2b5ff0a12d893e41dd0494f406d1cf555cab7"},
	{file = "cryptography-43.0.3-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:c2e6fc39c4ab499049df3bdf567f768a723a5e8464816e8f009f121a5a9f4405"},
	{file = "cryptography-43.0.3-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:e1be4655c7ef6e1bbe6b5d0403526601323420bcf414598955968c9ef3eb7d16"},
	{file = "cryptography-43.0.3-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:df6b6c6d742395dd77a23ea3728ab62f98379eff8fb61be2744d4679ab678f73"},
	{file = "cryptography-43.0.3-cp39-abi3-win32.whl", hash = "sha256:d56e96520b1020449bbace2b78b603442e7e378a9b3bd68de65c782db1507995"},
	{file = "cryptography-43.0.3-cp39-abi3-win_amd64.whl", hash = "sha256:0c580952eef9bf68c4747774cde7ec1d85a6e61de97281f2dba83c7d2c806362"},
	{file = "cryptography-43.0.3-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:d03b5621a135bffecad2c73e9f4deb1a0f977b9a8ffe6f8e002bf6c9d07b918c"},
	{file = "cryptography-43.0.3-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a2a431ee15799d6db9fe80c82b055bae5a752bef645bba795e8e52687c69efe3"},
	{file = "cryptography-43.0.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:281c945d0e28c92ca5e5930664c1cefd85efe80e5c0d2bc58dd63383fda29f83"},
	{file = "cryptography-43.0.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:f18c716be16bc1fea8e95def49edf46b82fccaa88587a45f8dc0ff6ab5d8e0a7"},
	{file = "cryptography-43.0.3-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:4a02ded6cd4f0a5562a8887df8b3bd14e822a90f97ac5e544c162899bc467664"},
	{file = "cryptography-43.0.3-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:53a583b6637ab4c4e3591a15bc9db855b8d9dee9a669b550f311480acab6eb08"},
	{file = "cryptography-43.0.3-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:1ec0bcf7e17c0c5669d881b1cd38c4972fade441b27bda1051665faaa89bdcaa"},
	{file = "cryptography-43.0.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:2ce6fae5bdad59577b44e4dfed356944fbf1d925269114c28be377692643b4ff"},
	{file = "cryptography-43.0.3.tar.gz", hash = "sha256:315b9001266a492a6ff443b61238f956b214dbec9910a081ba5b6646a055a805"},
	]

	[package.dependencies]
	cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}

	[package.extras]
	docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
	docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"]
	nox = ["nox"]
	pep8test = ["check-sdist", "click", "mypy", "ruff"]
	sdist = ["build"]
	ssh = ["bcrypt (>=3.1.5)"]
	test = ["certifi", "cryptography-vectors (==43.0.3)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"]
	test-randomorder = ["pytest-randomly"]

Bump mcp from 1.22.0 to 1.23.0 #12

Are you sure you want to change the base?

Bump mcp from 1.22.0 to 1.23.0 #12

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.23.0

Summary

What's Changed

New Contributors

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Bug: Cryptography downgraded from 46.x to 43.x for Python 3.10+

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Dec 2, 2025 •

edited

Loading