chore(deps): bump @ai-sdk/xai from 2.0.51 to 3.0.67#76
chore(deps): bump @ai-sdk/xai from 2.0.51 to 3.0.67#76dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| @@ -67,7 +67,7 @@ | |||
| "@ai-sdk/provider-utils": "3.0.21", | |||
| "@ai-sdk/togetherai": "1.0.34", | |||
| "@ai-sdk/vercel": "1.0.33", | |||
| "@ai-sdk/xai": "2.0.51", | |||
| "@ai-sdk/xai": "3.0.67", | |||
There was a problem hiding this comment.
Bug: The update to @ai-sdk/xai creates a major version mismatch with its dependency @ai-sdk/provider-utils, which will cause a runtime error when the xAI provider is used.
Severity: HIGH
Suggested Fix
Update the dependencies in package.json to match the requirements of the new @ai-sdk/xai version. Specifically, upgrade @ai-sdk/provider-utils to a compatible v4+ version and @ai-sdk/openai-compatible to a compatible v2+ version, as recommended by the AI SDK migration guides.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/altimate-code/package.json#L70
Potential issue: The pull request updates the `@ai-sdk/xai` package to version `3.0.67`
but fails to update its peer dependencies. Specifically, `@ai-sdk/xai` v3 requires
`@ai-sdk/provider-utils` v4+, but the project's `package.json` still specifies version
`3.0.21`. If the application is built and deployed despite this conflict, any attempt to
use a model with the xAI provider will call the `createXai` function. This function will
then attempt to use APIs from `@ai-sdk/provider-utils` that do not exist in the older
version, leading to a runtime error due to missing methods or type incompatibilities.
Did we get this right? 👍 / 👎 to inform future reviews.
Bumps [@ai-sdk/xai](https://github.com/vercel/ai) from 2.0.51 to 3.0.67. - [Release notes](https://github.com/vercel/ai/releases) - [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md) - [Commits](https://github.com/vercel/ai/compare/@ai-sdk/xai@2.0.51...@ai-sdk/xai@3.0.67) --- updated-dependencies: - dependency-name: "@ai-sdk/xai" dependency-version: 3.0.67 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/ai-sdk/xai-3.0.67
branch
from
09dd7af to
a6f94e6
Compare
| "@ai-sdk/togetherai": "1.0.34", | ||
| "@ai-sdk/vercel": "1.0.33", | ||
| "@ai-sdk/xai": "2.0.51", | ||
| "@ai-sdk/xai": "3.0.67", |
There was a problem hiding this comment.
Bug: The update to @ai-sdk/xai@3.0.67 creates a dependency mismatch with @ai-sdk/openai-compatible and @ai-sdk/provider-utils, which will cause runtime errors when using xAI models.
Severity: HIGH
Suggested Fix
Update package.json to use compatible versions of the peer dependencies. Upgrade @ai-sdk/openai-compatible to a 2.x version (e.g., 2.0.35) and @ai-sdk/provider-utils to a 4.x version (e.g., 4.0.19) to match the requirements of @ai-sdk/xai@3.0.67. Then, regenerate the lockfile.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/opencode/package.json#L71
Potential issue: The `package.json` is updated to use `@ai-sdk/xai@3.0.67`, a major
version bump. However, its peer dependencies, `@ai-sdk/openai-compatible` and
`@ai-sdk/provider-utils`, are not updated and remain pinned to older, incompatible major
versions (`1.0.32` and `3.0.21` respectively). The new version of `@ai-sdk/xai` requires
version `2.x` of `@ai-sdk/openai-compatible` and `4.x` of `@ai-sdk/provider-utils`. This
mismatch in major versions indicates breaking API changes. When a user selects an xAI
model, the `createXai` function will be called, leading to a runtime error or crash due
to incompatible API contracts between the packages.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Bumps @ai-sdk/xai from 2.0.51 to 3.0.67.
Release notes
Sourced from
@ai-sdk/xai's releases.Commits
035d5adVersion Packages (#13087)3fb4e70feat(provider/anthropic): support fine-grained tool streaming with eagerInput...ad4cfc2fix(security): add URL validation to prevent SSRF in download functions (#13085)4f7ec7fVersion Packages (#13084)824b295fix(provider-utils): prevent unicode escape bypass in secureJsonParse (#13079)7579667Version Packages (#13074)d5801fefix(xai): ensure strict mode for tools (#12996)e70bec4Version Packages (#13073)89d8b45fix(google): make urlMetadata optional in urlContextMetadata schema (#12701)39d0544Version Packages (#13072)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)