pydantic-ai

What's Changed

🛡️ Security

• Expand IPv6 transition-form handling in URL validation by @DouweM in https://github.com/pydantic/pydantic-ai/pull/5596
  • Security advisory: SSRF cloud-metadata blocklist bypass via additional IPv6 transition forms https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-cg7w-rg45-pc59
  • You are affected only if your application explicitly opts a FileUrl into force_download='allow-local' on a URL that is, or could be, influenced by untrusted input, AND runs on a NAT64- or ISATAP-configured network (e.g. some IPv6-only or dual-stack-with-NAT64 Kubernetes setups).
  • You are not affected if you run on a standard dual-stack cloud VM or container, which does not route these forms in practice.
  • You are not affected if you use any of the bundled integrations to ingest user input: Agent.to_web / clai web; VercelAIAdapter; AGUIAdapter / Agent.to_ag_ui

🐛 Bug Fixes

• Don't auto-promote strict=None tools to strict mode with Bedrock, and skip strict field when botocore is too old by @shailendher in https://github.com/pydantic/pydantic-ai/pull/5580
• fix(bedrock): Disable Opus 4.7 native structured output by @cosmopolitan033 in https://github.com/pydantic/pydantic-ai/pull/5582
• fix(instrumentation): Prevent false positive variable_instructions span attribute by @madanlalit in https://github.com/pydantic/pydantic-ai/pull/5487
• Fix: VercelAIAdapter now accepts providerExecuted / title on dynamic-tool message parts by @he-yufeng in https://github.com/pydantic/pydantic-ai/pull/5474
• Normalize trailing dot and case in WebFetchTool domain matching by @DouweM in https://github.com/pydantic/pydantic-ai/pull/5592

New Contributors

• @cosmopolitan033 made their first contribution in https://github.com/pydantic/pydantic-ai/pull/5582
• @he-yufeng made their first contribution in https://github.com/pydantic/pydantic-ai/pull/5474

Full Changelog: https://github.com/pydantic/pydantic-ai/compare/v1.101.0...v1.102.0