pydantic/pydantic-ai v1.102.0

v1.102.0 (2026-05-22)

on GitHub

What's Changed

🛡️ Security

• Expand IPv6 transition-form handling in URL validation by @DouweM in #5596
  • Security advisory: SSRF cloud-metadata blocklist bypass via additional IPv6 transition forms GHSA-cg7w-rg45-pc59
  • You are affected only if your application explicitly opts a FileUrl into force_download='allow-local' on a URL that is, or could be, influenced by untrusted input, AND runs on a NAT64- or ISATAP-configured network (e.g. some IPv6-only or dual-stack-with-NAT64 Kubernetes setups).
  • You are not affected if you run on a standard dual-stack cloud VM or container, which does not route these forms in practice.
  • You are not affected if you use any of the bundled integrations to ingest user input: Agent.to_web / clai web; VercelAIAdapter; AGUIAdapter / Agent.to_ag_ui

🐛 Bug Fixes

• Don't auto-promote strict=None tools to strict mode with Bedrock, and skip strict field when botocore is too old by @shailendher in #5580
• fix(bedrock): Disable Opus 4.7 native structured output by @cosmopolitan033 in #5582
• fix(instrumentation): Prevent false positive variable_instructions span attribute by @madanlalit in #5487
• Fix: VercelAIAdapter now accepts providerExecuted / title on dynamic-tool message parts by @he-yufeng in #5474
• Normalize trailing dot and case in WebFetchTool domain matching by @DouweM in #5592

New Contributors

• @cosmopolitan033 made their first contribution in #5582
• @he-yufeng made their first contribution in #5474

Full Changelog: v1.101.0...v1.102.0