Skip to content

chore(deps)(deps): bump the production-minor-patch group in /sdk with 2 updates#241

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/sdk/production-minor-patch-f38dbe0b33
Open

chore(deps)(deps): bump the production-minor-patch group in /sdk with 2 updates#241
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/sdk/production-minor-patch-f38dbe0b33

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the production-minor-patch group in /sdk with 2 updates: faststream and fastmcp.

Updates faststream from 0.6.7 to 0.7.1

Release notes

Sourced from faststream's releases.

v0.7.1

What's Changed

TestBroker.aenter was typed to return Broker | list[Broker]. That union is wrong for both usage shapes: mypy rejects .publish() on the single-broker result (the list arm has no such method) and rejects unpacking the multi-broker result (the Broker arm is not iterable).

# Before — both lines fail under `mypy`:
async with TestKafkaBroker(KafkaBroker()) as br:
    await br.publish(None, "test")
    # error: Item "list[KafkaBroker]" of "KafkaBroker | list[KafkaBroker]" has no attribute "publish"  [union-attr]
async with TestKafkaBroker(KafkaBroker(), KafkaBroker()) as (br1, br2):
# error: "KafkaBroker" object is not iterable  [misc]
...
Aftermypy infers the precise type:
async with TestKafkaBroker(KafkaBroker()) as br:
reveal_type(br)            # KafkaBroker
await br.publish(None, "test")
async with TestKafkaBroker(KafkaBroker(), KafkaBroker()) as (br1, br2):
reveal_type(br1)           # tuple[KafkaBroker, ...] -> KafkaBroker
await br1.publish(None, "test")
await br2.publish(None, "test")

Full Changelog: ag2ai/faststream@0.7.0...0.7.1

v0.7.0

What's Changed

🚀 MQTT Support

FastStream now includes a full-featured MQTT broker, installable via pip install faststream[mqtt]. It supports wildcard topic filters, path parameter capture via Path(), QoS levels, per-subscriber ack_policy, and AsyncAPI schema generation.

from faststream import FastStream, Path
from faststream.mqtt import MQTTBroker, MQTTMessage, QoS
broker = MQTTBroker("localhost:1883")
app = FastStream(broker)
@​broker.subscriber(
"sensors/{device_id}/temperature",
</tr></table>

... (truncated)

Commits
  • 5948d1f fix(testing): type TestBroker context result via init overloads (#2903)
  • 2ab5a2f docs: Clarify FastStream description (#2901)
  • b30a174 chore(deps): bump the github-actions group with 2 updates (#2900)
  • 06a81a3 fix(docs): export *ParserType aliases at runtime (#2898)
  • 4717d1e Update Release Notes for 0.7.0 (#2897)
  • 7cb9390 docs: add multiple brokers support page (#2896)
  • 7391890 feat(docs): add json endpoint and fix content-type header (#2894)
  • f5b12e6 fix(rabbit): default RabbitQueue and RabbitExchange to durable=True (#2892)
  • 37942df fix: consistent hashing and equality for RabbitMQ schemas (#2796)
  • bbe5ec6 feat: add multibrokers support (#2867)
  • Additional commits viewable in compare view

Updates fastmcp from 3.4.0 to 3.4.2

Release notes

Sourced from fastmcp's releases.

v3.4.2: Heads Up

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: Floor It

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

Security 🔒

Docs 📚

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the production-minor-patch group
b770e25 
Bumps the production-minor-patch group in /sdk with 2 updates: [faststream](https://github.com/ag2ai/FastStream) and [fastmcp](https://github.com/PrefectHQ/fastmcp).


Updates `faststream` from 0.6.7 to 0.7.1
- [Release notes](https://github.com/ag2ai/FastStream/releases)
- [Commits](ag2ai/faststream@0.6.7...0.7.1)

Updates `fastmcp` from 3.4.0 to 3.4.2
- [Release notes](https://github.com/PrefectHQ/fastmcp/releases)
- [Changelog](https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx)
- [Commits](PrefectHQ/fastmcp@v3.4.0...v3.4.2)

---
updated-dependencies:
- dependency-name: faststream
  dependency-version: 0.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: fastmcp
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file sdk SDK package changes labels Jun 8, 2026
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

QualOps Code Quality Analysis

Status: ✅ PASSED - No issues found

Summary

  • Total Issues: 0
  • Critical: 0 🔴
  • High: 0 🟠
  • Medium: 0 🟡
  • Low: 0 🟢
  • Files Analyzed: 0

No issues found in the analyzed code.

📊 Full Report

View detailed report

Powered by QualOps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file sdk SDK package changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants