Skip to content

build(deps): bump ai from 6.0.146 to 6.0.174 in /typescript#439

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript/ai-6.0.168
Open

build(deps): bump ai from 6.0.146 to 6.0.174 in /typescript#439
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/typescript/ai-6.0.168

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps ai from 6.0.146 to 6.0.174.

Changelog

Sourced from ai's changelog.

6.0.174

Patch Changes

  • Updated dependencies [49f6d44]
    • @​ai-sdk/gateway@​3.0.109

6.0.173

Patch Changes

  • 7beadf0: feat(mcp): propagate the server name through dynamic tool parts
  • Updated dependencies [7beadf0]
    • @​ai-sdk/provider-utils@​4.0.26
    • @​ai-sdk/gateway@​3.0.108

6.0.172

Patch Changes

  • Updated dependencies [982af78]
    • @​ai-sdk/gateway@​3.0.107

6.0.171

Patch Changes

  • 48f842a: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent

    ToolLoopAgentSettings.callOptionsSchema was declared and documented as a runtime schema for options, but tool-loop-agent.ts never invoked it. Any invariant a developer encoded in the schema was silently bypassed at runtime, and unchecked options flowed straight into prepareCall and any instructions template that interpolated them.

    ToolLoopAgent.prepareCall now validates caller-supplied options against callOptionsSchema (when set) via safeValidateTypes, throwing InvalidArgumentError on failure before forwarding to prepareCall / generateText / streamText.

  • a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles

  • 5fee301: fix(mcp): prevent prototype pollution by using secureJsonParse

  • Updated dependencies [a727da4]

    • @​ai-sdk/provider-utils@​4.0.25
    • @​ai-sdk/provider@​3.0.10
    • @​ai-sdk/gateway@​3.0.106

6.0.170

Patch Changes

  • 19d587a: fix(ai): add allowSystemInMessages option and warn by default when system messages are found in prompt or messages

6.0.169

Patch Changes

... (truncated)

Commits
  • 0129eb6 Version Packages (#14912)
  • 8a46a3c Version Packages (#14875)
  • 7beadf0 Backport: feat(mcp): propagate the server name through dynamic tool parts (#1...
  • 29c80ec Version Packages (#14868)
  • 8e650ab Version Packages (#14824)
  • 48f842a backport v6: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent (...
  • a727da4 backport of chore: ensure consistent import handling and avoid import duplica...
  • 5fee301 backport v6: fix(mcp): prevent prototype pollution by using secureJsonParse (...
  • 7ab1e18 Version Packages (#14815)
  • 19d587a v6: fix(ai): warn about system messages in messages or prompt (#14810)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ai since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 27, 2026
@dependabot
build(deps): bump ai from 6.0.146 to 6.0.174 in /typescript
fceed57 
Bumps [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) from 6.0.146 to 6.0.174.
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/ai@6.0.174/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/ai@6.0.174/packages/ai)

---
updated-dependencies:
- dependency-name: ai
  dependency-version: 6.0.168
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump ai from 6.0.146 to 6.0.168 in /typescript build(deps): bump ai from 6.0.146 to 6.0.174 in /typescript May 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/typescript/ai-6.0.168 branch from d38733d to fceed57 Compare May 9, 2026 07:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants