Skip to content

chore(deps): update pydantic-ai-slim[logfire] requirement from >=1.106.0 to >=1.107.0#203

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pydantic-ai-slim-logfire--gte-1.107.0
Open

chore(deps): update pydantic-ai-slim[logfire] requirement from >=1.106.0 to >=1.107.0#203
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/pydantic-ai-slim-logfire--gte-1.107.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on pydantic-ai-slim[logfire] to permit the latest version.

Release notes

Sourced from pydantic-ai-slim[logfire]'s releases.

v1.107.0 (2026-06-10)

What's Changed

🛡️ Security

  • Handle UploadedFile consistently with FileUrl in UI adapters by @​dsfaccini in pydantic/pydantic-ai#5772
    • Security advisory: VercelAIAdapter trusts client-controlled provider metadata to construct UploadedFile references (confused-deputy file read) GHSA-h7p7-w5gc-xj3w
    • This fix went out in v1.106.0 and v2.0.0b6.
    • You are affected only if your application passes untrusted client-submitted message history to an agent through a UI adapter (e.g. VercelAIAdapter), AND your model-provider or cloud-storage account holds files referenceable by an attacker-guessable UploadedFile id or storage URI (e.g. s3://…, gs://…).
    • You are not affected if you do not pass untrusted client-submitted message history to the agent, or you strip UploadedFile parts before running it.
    • You are not affected via AGUIAdapter / Agent.to_ag_ui on defaults — the preserve_file_data flag that re-enables this path is off by default.

🚀 Features

🐛 Bug Fixes

📦 Dependencies

New Contributors

Full Changelog: pydantic/pydantic-ai@v1.106.0...v1.107.0

Changelog

Sourced from pydantic-ai-slim[logfire]'s changelog.

Upgrade Guide

In September 2025, Pydantic AI reached V1, which means we're committed to API stability: we will not introduce changes that break your code until V2. For more information, review our Version Policy.

Breaking Changes

Here's a filtered list of the breaking changes for each version to help you upgrade Pydantic AI.

v1.0.1 (2025-09-05)

The following breaking change was accidentally left out of v1.0.0:

  • See #2808 - Remove Python evaluator from pydantic_evals for security reasons

v1.0.0 (2025-09-04)

  • See #2725 - Drop support for Python 3.9
  • See #2738 - Make many dataclasses require keyword arguments
  • See #2715 - Remove cases and averages attributes from pydantic_evals spans
  • See #2798 - Change ModelRequest.parts and ModelResponse.parts types from list to Sequence
  • See #2726 - Default InstrumentationSettings version to 2
  • See #2717 - Remove errors when passing AsyncRetrying or Retrying object to AsyncTenacityTransport or TenacityTransport instead of RetryConfig

v0.x.x

Before V1, minor versions were used to introduce breaking changes:

v0.8.0 (2025-08-26)

See #2689 - AgentStreamEvent was expanded to be a union of ModelResponseStreamEvent and HandleResponseEvent, simplifying the event_stream_handler function signature. Existing code accepting AgentStreamEvent | HandleResponseEvent will continue to work.

v0.7.6 (2025-08-26)

The following breaking change was inadvertently released in a patch version rather than a minor version:

See #2670 - TenacityTransport and AsyncTenacityTransport now require the use of pydantic_ai.retries.RetryConfig (which is just a TypedDict containing the kwargs to tenacity.retry) instead of tenacity.Retrying or tenacity.AsyncRetrying.

v0.7.0 (2025-08-12)

See #2458 - pydantic_ai.models.StreamedResponse now yields a FinalResultEvent along with the existing PartStartEvent and PartDeltaEvent. If you're using pydantic_ai.direct.model_request_stream or pydantic_ai.direct.model_request_stream_sync, you may need to update your code to account for this.

See #2458 - pydantic_ai.models.Model.request_stream now receives a run_context argument. If you've implemented a custom Model subclass, you will need to account for this.

See #2458 - pydantic_ai.models.StreamedResponse now requires a model_request_parameters field and constructor argument. If you've implemented a custom Model subclass and implemented request_stream, you will need to account for this.

v0.6.0 (2025-08-06)

This release was meant to clean some old deprecated code, so we can get a step closer to V1.

See #2440 - The next method was removed from the Graph class. Use async with graph.iter(...) as run: run.next() instead.

... (truncated)

Commits
  • b1d7af9 Add Claude Fable 5 (claude-fable-5) and Claude Mythos 5 (claude-mythos-5)...
  • c5b2666 Fix flaky test_tool_cancelled_when_agent_cancelled under CI load (#5852)
  • b6798f7 feat(openrouter): add CachePoint and prompt caching support (#4604)
  • 619639a chore(deps): bump the python-packages group across 1 directory with 18 update...
  • 64b9204 Fix AnthropicModel.count_tokens with native tools (#5704)
  • 26808a1 fix(anthropic): guard message=None Bedrock start events in stream path (#5818)
  • 950aed9 Add known_model_names() to enumerate KnownModelName members (#5803)
  • 837b03e Document testing philosophy and Case parametrization pattern in `tests/AGEN...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): update pydantic-ai-slim[logfire] requirement
c9aaa89 
Updates the requirements on [pydantic-ai-slim[logfire]](https://github.com/pydantic/pydantic-ai) to permit the latest version.
- [Release notes](https://github.com/pydantic/pydantic-ai/releases)
- [Changelog](https://github.com/pydantic/pydantic-ai/blob/main/docs/changelog.md)
- [Commits](pydantic/pydantic-ai@v1.106.0...v1.107.0)

---
updated-dependencies:
- dependency-name: pydantic-ai-slim[logfire]
  dependency-version: 1.107.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants