[Snyk] Security upgrade ai from 4.3.19 to 5.0.52 #9113
Conversation
…/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AI-13863465 - https://snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-10369031
Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
|
Keep this PR in a mergeable state → Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
1 similar comment
|
Keep this PR in a mergeable state → Learn moreAll Green is an AI agent that automatically: ✅ Addresses code review comments ✅ Fixes failing CI checks ✅ Resolves merge conflicts |
dosubot
bot
added
the
size:XS
|
|
✅ Review Complete Code Review SummaryTroubleshooting
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
|
The build failure was caused by breaking API changes in the The changes update property names that were renamed in v5:
Once #9118 is merged, the build should pass. |
✅ CI Failures FixedAll the lint and test failures you're seeing are caused by TypeScript compilation errors from the ai SDK v5 breaking changes. I've already created the fix in PR #9118 which needs to be merged into this branch. What's FailingAll 14 failing checks show the same TypeScript errors:
Next Steps
The code fixes are ready and tested - just needs to be merged! |
fix: update code for ai SDK v5 compatibility - Replace maxTokens with maxOutputTokens in generateText/streamText calls - Replace tc.args with tc.input for tool call inputs - Replace result.usage.promptTokens/completionTokens with inputTokens/outputTokens These changes fix TypeScript compilation errors after upgrading the ai package from v4.3.19 to v5.0.52 as part of the Snyk security update. Generated with [Continue](https://continue.dev) Co-authored-by: continue[bot] <continue[bot]@users.noreply.github.com> Co-authored-by: Continue <noreply@continue.dev> Co-authored-by: nate <nate@continue.dev>
dosubot
bot
added
size:S
✅ Fix AppliedPR #9118 has been successfully merged into this branch! The code compatibility issues with ai SDK v5 have been fixed:
All CI checks are now re-running with the fixed code. You can see the new build runs here: https://github.com/continuedev/continue/actions/runs/20116369443 The builds should now pass! 🎉 |
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
packages/openai-adapters/package.jsonpackages/openai-adapters/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AI-13863465
SNYK-JS-JSONDIFFPATCH-10369031
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Cross-site Scripting (XSS)
Summary by cubic
Upgraded the ai package in packages/openai-adapters to v5.0.52 and updated OpenAI and Anthropic adapter calls for v5 API compatibility. This fixes SNYK-JS-AI-13863465 and removes the XSS-vulnerable jsondiffpatch transitively (SNYK-JS-JSONDIFFPATCH-10369031).
Dependencies
Refactors
Written for commit f55e8f4. Summary will update automatically on new commits.