Skip to content

chore(deps): bump the ai-sdk group across 1 directory with 2 updates#4

Open
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/npm_and_yarn/ai-sdk-a0b01fe2c0
Open

chore(deps): bump the ai-sdk group across 1 directory with 2 updates#4
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/npm_and_yarn/ai-sdk-a0b01fe2c0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the ai-sdk group with 2 updates in the / directory: @ai-sdk/xai and ai.

Updates @ai-sdk/xai from 2.0.72 to 3.0.87

Release notes

Sourced from @​ai-sdk/xai's releases.

@​ai-sdk/xai@​3.0.87

Patch Changes

  • Updated dependencies [6043d24]
    • @​ai-sdk/openai-compatible@​2.0.45

@​ai-sdk/xai@​3.0.86

Patch Changes

  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/openai-compatible@​2.0.44
Changelog

Sourced from @​ai-sdk/xai's changelog.

3.0.87

Patch Changes

  • Updated dependencies [6043d24]
    • @​ai-sdk/openai-compatible@​2.0.45

3.0.86

Patch Changes

  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/openai-compatible@​2.0.44

3.0.85

Patch Changes

  • a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles

  • fa6e62b: feat(provider/xai): support non-image file parts (PDF, text, CSV) in the Responses API via input_file + file_url

    The xAI Responses API accepts { type: 'input_file', file_url } for non-image documents (see https://docs.x.ai/docs/guides/chat-with-files), but the AI SDK xAI Responses provider previously threw UnsupportedFunctionalityError for any file part whose mediaType did not start with image/.

    When a file part is passed with data: URL and a non-image media type, the provider now emits { type: 'input_file', file_url }. application/pdf and text/* are also added to supportedUrls so the SDK does not download them to bytes before reaching the converter.

    Inline-byte (base64) inputs for non-image media types continue to throw, since xAI's Responses API requires either a public URL or a pre-uploaded file_id for non-image documents.

  • Updated dependencies [a727da4]

    • @​ai-sdk/openai-compatible@​2.0.43
    • @​ai-sdk/provider-utils@​4.0.25
    • @​ai-sdk/provider@​3.0.10

3.0.84

Patch Changes

  • a7f3c72: trigger release for all packages after provenance setup
  • Updated dependencies [a7f3c72]
  • Updated dependencies [408a2ad]
    • @​ai-sdk/openai-compatible@​2.0.42
    • @​ai-sdk/provider@​3.0.9
    • @​ai-sdk/provider-utils@​4.0.24

3.0.83

Patch Changes

  • b937f3e: fix(xai): support encrypted reasoning round-trip for ZDR

... (truncated)

Commits

Updates ai from 5.0.183 to 6.0.174

Release notes

Sourced from ai's releases.

ai@6.0.174

Patch Changes

  • Updated dependencies [49f6d44]
    • @​ai-sdk/gateway@​3.0.109

ai@6.0.173

Patch Changes

  • 7beadf0: feat(mcp): propagate the server name through dynamic tool parts
  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/gateway@​3.0.108
Changelog

Sourced from ai's changelog.

6.0.174

Patch Changes

  • Updated dependencies [49f6d44]
    • @​ai-sdk/gateway@​3.0.109

6.0.173

Patch Changes

  • 7beadf0: feat(mcp): propagate the server name through dynamic tool parts
  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/gateway@​3.0.108

6.0.172

Patch Changes

  • Updated dependencies [982af78]
    • @​ai-sdk/gateway@​3.0.107

6.0.171

Patch Changes

  • 48f842a: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent

    ToolLoopAgentSettings.callOptionsSchema was declared and documented as a runtime schema for options, but tool-loop-agent.ts never invoked it. Any invariant a developer encoded in the schema was silently bypassed at runtime, and unchecked options flowed straight into prepareCall and any instructions template that interpolated them.

    ToolLoopAgent.prepareCall now validates caller-supplied options against callOptionsSchema (when set) via safeValidateTypes, throwing InvalidArgumentError on failure before forwarding to prepareCall / generateText / streamText.

  • a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles

  • 5fee301: fix(mcp): prevent prototype pollution by using secureJsonParse

  • Updated dependencies [a727da4]

    • @​ai-sdk/provider-utils@​4.0.25
    • @​ai-sdk/provider@​3.0.10
    • @​ai-sdk/gateway@​3.0.106

6.0.170

Patch Changes

  • 19d587a: fix(ai): add allowSystemInMessages option and warn by default when system messages are found in prompt or messages

6.0.169

Patch Changes

... (truncated)

Commits
  • 0129eb6 Version Packages (#14912)
  • 8a46a3c Version Packages (#14875)
  • 7beadf0 Backport: feat(mcp): propagate the server name through dynamic tool parts (#1...
  • 29c80ec Version Packages (#14868)
  • 8e650ab Version Packages (#14824)
  • 48f842a backport v6: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent (...
  • a727da4 backport of chore: ensure consistent import handling and avoid import duplica...
  • 5fee301 backport v6: fix(mcp): prevent prototype pollution by using secureJsonParse (...
  • 7ab1e18 Version Packages (#14815)
  • 19d587a v6: fix(ai): warn about system messages in messages or prompt (#14810)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 2, 2026
@vercel

vercel Bot commented May 2, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
twitter-agent Ready Ready Preview, Comment May 2, 2026 9:05pm

@socket-security

socket-security Bot commented May 2, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​ai-sdk/​xai@​2.0.72 ⏵ 3.0.8776 -2310087 +398100
Updatedai@​5.0.183 ⏵ 6.0.17492 -710010099100

View full report

@dependabot dependabot Bot changed the title chore(deps): bump the ai-sdk group with 2 updates chore(deps): bump the ai-sdk group across 1 directory with 2 updates May 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk-a0b01fe2c0 branch from bdf0df8 to 5ea908c Compare May 2, 2026 20:44
@dependabot
chore(deps): bump the ai-sdk group across 1 directory with 2 updates
6f119da 
Bumps the ai-sdk group with 2 updates in the / directory: [@ai-sdk/xai](https://github.com/vercel/ai/tree/HEAD/packages/xai) and [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai).


Updates `@ai-sdk/xai` from 2.0.72 to 3.0.87
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/@ai-sdk/xai@3.0.87/packages/xai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/xai@3.0.87/packages/xai)

Updates `ai` from 5.0.183 to 6.0.174
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/ai@6.0.174/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/ai@6.0.174/packages/ai)

---
updated-dependencies:
- dependency-name: "@ai-sdk/xai"
  dependency-version: 3.0.87
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ai-sdk
- dependency-name: ai
  dependency-version: 6.0.174
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ai-sdk
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk-a0b01fe2c0 branch from 5ea908c to 6f119da Compare May 2, 2026 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arvindrk