chore(deps)(deps): bump the production-minor-patch group across 1 directory with 2 updates

[dependabot]

Bumps the production-minor-patch group with 2 updates in the /sdk directory: faststream and fastmcp.

Updates faststream from 0.6.7 to 0.7.1

Release notes

Sourced from faststream's releases.

v0.7.1

What's Changed

TestBroker.aenter was typed to return Broker | list[Broker]. That union is wrong for both usage shapes: mypy rejects .publish() on the single-broker result (the list arm has no such method) and rejects unpacking the multi-broker result (the Broker arm is not iterable).

# Before — both lines fail under `mypy`:
async with TestKafkaBroker(KafkaBroker()) as br:
    await br.publish(None, "test")
    # error: Item "list[KafkaBroker]" of "KafkaBroker | list[KafkaBroker]" has no attribute "publish"  [union-attr]
async with TestKafkaBroker(KafkaBroker(), KafkaBroker()) as (br1, br2):
# error: "KafkaBroker" object is not iterable  [misc]
...
After — mypy infers the precise type:
async with TestKafkaBroker(KafkaBroker()) as br:
reveal_type(br)            # KafkaBroker
await br.publish(None, "test")
async with TestKafkaBroker(KafkaBroker(), KafkaBroker()) as (br1, br2):
reveal_type(br1)           # tuple[KafkaBroker, ...] -> KafkaBroker
await br1.publish(None, "test")
await br2.publish(None, "test")

• fix(testing): type TestBroker context result via init overloads by @​Lancetnik in ag2ai/faststream#2903
• fix(docs): export *ParserType aliases at runtime by @​Lancetnik in ag2ai/faststream#2898
• docs: Clarify FastStream description by @​borisalekseev in ag2ai/faststream#2901

Full Changelog: ag2ai/faststream@0.7.0...0.7.1

v0.7.0

What's Changed

🚀 MQTT Support

FastStream now includes a full-featured MQTT broker, installable via pip install faststream[mqtt]. It supports wildcard topic filters, path parameter capture via Path(), QoS levels, per-subscriber ack_policy, and AsyncAPI schema generation.

from faststream import FastStream, Path
from faststream.mqtt import MQTTBroker, MQTTMessage, QoS
broker = MQTTBroker("localhost:1883")
app = FastStream(broker)
@​broker.subscriber(
"sensors/{device_id}/temperature",
</tr></table>

... (truncated)

Commits

• 5948d1f fix(testing): type TestBroker context result via init overloads (#2903)
• 2ab5a2f docs: Clarify FastStream description (#2901)
• b30a174 chore(deps): bump the github-actions group with 2 updates (#2900)
• 06a81a3 fix(docs): export *ParserType aliases at runtime (#2898)
• 4717d1e Update Release Notes for 0.7.0 (#2897)
• 7cb9390 docs: add multiple brokers support page (#2896)
• 7391890 feat(docs): add json endpoint and fix content-type header (#2894)
• f5b12e6 fix(rabbit): default RabbitQueue and RabbitExchange to durable=True (#2892)
• 37942df fix: consistent hashing and equality for RabbitMQ schemas (#2796)
• bbe5ec6 feat: add multibrokers support (#2867)
• Additional commits viewable in compare view

Updates fastmcp from 3.4.0 to 3.4.2

Release notes

Sourced from fastmcp's releases.

v3.4.2: Heads Up

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞

• Allow private JWT headers by @​jlowin in PrefectHQ/fastmcp#4290

Docs 📚

• Docs: add v3.4.1 changelog entries by @​jlowin in PrefectHQ/fastmcp#4289

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: Floor It

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

• Log refresh-token misses in OAuthProxy instead of failing silently by @​jlowin in PrefectHQ/fastmcp#4276

Security 🔒

• Add explicit starlette>=1.0.1 floor (CVE-2026-48710) by @​jlowin in PrefectHQ/fastmcp#4286

Docs 📚

• Document --notes-start-tag in release instructions by @​jlowin in PrefectHQ/fastmcp#4275

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

Commits

• 3b8538e Allow private JWT headers (#4290)
• 0445c31 chore: Update SDK documentation (#4223)
• 9261793 Docs: add v3.4.1 changelog entries (#4289)
• e1b52d0 Add explicit starlette>=1.0.1 floor (CVE-2026-48710) (#4286)
• e58f386 Log refresh-token misses in OAuthProxy instead of failing silently (#4276)
• 3f09c68 Document --notes-start-tag requirement in release instructions (#4275)
• See full diff in compare view

[github-actions]

QualOps Code Quality Analysis

Status: ✅ PASSED - No issues found

Summary

• Total Issues: 0
• Critical: 0 🔴
• High: 0 🟠
• Medium: 0 🟡
• Low: 0 🟢
• Files Analyzed: 0

No issues found in the analyzed code.

📊 Full Report

View detailed report

---

Powered by QualOps