chore(deps): update dependency ai to v5.0.162 by renovate[bot] · Pull Request #1056 · settlemint/docs

c66afc5: fix(security): validate redirect targets in download functions to prevent SSRF bypass

download now validates the final URL after following HTTP redirects, preventing attackers from bypassing SSRF protections via open redirects to internal/private addresses.

`v5.0.148`

Compare Source

Patch Changes

Updated dependencies [392dc94]
- @ai-sdk/gateway@2.0.54

`v5.0.147`

Compare Source

Patch Changes

Updated dependencies [7a57a71]
- @ai-sdk/gateway@2.0.53

`v5.0.146`

Compare Source

Patch Changes

6a2f01b: Add URL validation to download to prevent blind SSRF attacks. Private/internal IP addresses, localhost, and non-HTTP protocols are now rejected before fetching.
Updated dependencies [6a2f01b]
Updated dependencies [17d64e3]
- @ai-sdk/provider-utils@3.0.22
- @ai-sdk/gateway@2.0.52

`v5.0.145`

Compare Source

Patch Changes

Updated dependencies [201bb12]
- @ai-sdk/gateway@2.0.51

`v5.0.144`

Compare Source

Patch Changes

Updated dependencies [c4a324b]
- @ai-sdk/gateway@2.0.50

`v5.0.143`

Compare Source

Patch Changes

Updated dependencies [4fa740a]
- @ai-sdk/gateway@2.0.49

`v5.0.142`

Compare Source

Patch Changes

Updated dependencies [8ea21c1]
- @ai-sdk/gateway@2.0.48

`v5.0.141`

Compare Source

Patch Changes

Updated dependencies [4db4318]
- @ai-sdk/gateway@2.0.47

`v5.0.140`

Patch Changes

Updated dependencies [3749ed6]
- @ai-sdk/gateway@2.0.46

`v5.0.139`

Patch Changes

Updated dependencies [9212b2d]
- @ai-sdk/gateway@2.0.45

`v5.0.138`

Compare Source

Patch Changes

Updated dependencies [42815ac]
- @ai-sdk/gateway@2.0.44

`v5.0.137`

Compare Source

Patch Changes

Updated dependencies [5e921ed]
- @ai-sdk/gateway@2.0.43

`v5.0.136`

Patch Changes

Updated dependencies [9baf5ea]
- @ai-sdk/gateway@2.0.42

`v5.0.135`

Patch Changes

Updated dependencies [fe42fd3]
Updated dependencies [8b5473c]
- @ai-sdk/gateway@2.0.41

`v5.0.134`

Patch Changes

Updated dependencies [9545c46]
- @ai-sdk/gateway@2.0.40

`v5.0.133`

Compare Source

Patch Changes

Updated dependencies [b4ac032]
- @ai-sdk/gateway@2.0.39

`v5.0.132`

Compare Source

Patch Changes

Updated dependencies [8aac221]
- @ai-sdk/gateway@2.0.38

`v5.0.131`

Compare Source

Patch Changes

Updated dependencies [3f04ffe]
- @ai-sdk/gateway@2.0.37

`v5.0.130`

Compare Source

Patch Changes

20565b8: security: prevent unbounded memory growth in download functions

The download() and downloadBlob() functions now enforce a default 2 GiB size limit when downloading from user-provided URLs. Downloads that exceed this limit are aborted with a DownloadError instead of consuming unbounded memory and crashing the process. The abortSignal parameter is now passed through to fetch() in all download call sites.

Added download option to transcribe() and experimental_generateVideo() for providing a custom download function. Use the new createDownload({ maxBytes }) factory to configure download size limits.
Updated dependencies [20565b8]
- @ai-sdk/provider-utils@3.0.21
- @ai-sdk/gateway@2.0.36

`v5.0.129`

Compare Source

Patch Changes

Updated dependencies [a207442]
- @ai-sdk/gateway@2.0.35

`v5.0.128`

Compare Source

Patch Changes

Updated dependencies [7e6c81a]
- @ai-sdk/gateway@2.0.34

`v5.0.127`

Compare Source

Patch Changes

Updated dependencies [db2e810]
- @ai-sdk/gateway@2.0.33

`v5.0.126`

Compare Source

Patch Changes

Updated dependencies [beba89c]
- @ai-sdk/gateway@2.0.32

`v5.0.125`

Compare Source

Patch Changes

Updated dependencies [8d8fdd2]
- @ai-sdk/gateway@2.0.31

`v5.0.124`

Compare Source

Patch Changes

Updated dependencies [fad90dd]
Updated dependencies [8479fe8]
Updated dependencies [0d3fc21]
Updated dependencies [53e891c]
- @ai-sdk/gateway@2.0.30

`v5.0.123`

Compare Source

Patch Changes

Updated dependencies [5253b83]
- @ai-sdk/gateway@2.0.29

`v5.0.122`

Compare Source

Patch Changes

Updated dependencies [9158228]
- @ai-sdk/gateway@2.0.28

`v5.0.121`

Compare Source

Patch Changes

Updated dependencies [74676fa]
- @ai-sdk/gateway@2.0.27

`v5.0.120`

Compare Source

Patch Changes

Updated dependencies [655377e]
- @ai-sdk/gateway@2.0.26

`v5.0.119`

Compare Source

Patch Changes

Updated dependencies [f6b46d2]
- @ai-sdk/gateway@2.0.25

`v5.0.118`

Compare Source

Patch Changes

42bad72: https://ai-sdk.dev -> https://v5.ai-sdk.dev

Configuration

📅 Schedule: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cubic-dev-ai

No issues found across 2 files

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

socket-security · 2026-03-31T22:52:20Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	unist-util-visit@5.0.0
	tailwindcss@4.1.18
	tailwind-merge@3.4.0
	typescript@5.9.3
	zod@4.3.4
	ai@5.0.162

View full report

socket-security · 2026-03-31T22:52:21Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: npm `typescript` License: LicenseRef-W3C-Community-Final-Specification-Agreement - the applicable license policy does not allow this license (4) (package/ThirdPartyNoticeText.txt) From: package.json → `npm/typescript@5.9.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/typescript@5.9.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm `vscode-languageserver-textdocument` under LGPL-2.1-or-later License: LGPL-2.1-or-later - the applicable license policy does not allow this license (4) (package/thirdpartynotices.txt) From: `?` → `npm/mermaid@11.12.2` → `npm/vscode-languageserver-textdocument@1.0.12` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/vscode-languageserver-textdocument@1.0.12`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate bot added the dependencies Dependency updates label Jan 6, 2026

renovate bot enabled auto-merge (squash) January 6, 2026 02:11

renovate-approve bot approved these changes Jan 6, 2026

View reviewed changes

renovate-approve-2 bot approved these changes Jan 6, 2026

View reviewed changes

github-actions bot added qa:running QA workflow is currently running status:approved Pull request has been approved labels Jan 6, 2026

cubic-dev-ai bot reviewed Jan 6, 2026

View reviewed changes

renovate bot force-pushed the renovate/ai-5.x branch from a4cce57 to 6c4b687 Compare January 10, 2026 10:02

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.118~~ chore(deps): update dependency ai to v5.0.119 Jan 10, 2026

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.119~~ chore(deps): update dependency ai to v5.0.120 Jan 13, 2026

renovate bot force-pushed the renovate/ai-5.x branch 2 times, most recently from 0921fe1 to fca7cd2 Compare January 13, 2026 06:43

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.120~~ chore(deps): update dependency ai to v5.0.121 Jan 13, 2026

renovate bot force-pushed the renovate/ai-5.x branch from fca7cd2 to 4e4683a Compare January 21, 2026 22:47

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.121~~ chore(deps): update dependency ai to v5.0.122 Jan 21, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 4e4683a to 92052c2 Compare January 22, 2026 03:03

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.122~~ chore(deps): update dependency ai to v5.0.123 Jan 22, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 92052c2 to 55d4ca1 Compare January 30, 2026 02:51

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.123~~ chore(deps): update dependency ai to v5.0.124 Jan 30, 2026

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.124~~ chore(deps): update dependency ai to v5.0.125 Feb 2, 2026

renovate bot force-pushed the renovate/ai-5.x branch 2 times, most recently from 98fdd1f to 269da45 Compare February 4, 2026 23:14

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.125~~ chore(deps): update dependency ai to v5.0.126 Feb 4, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 269da45 to d79b69b Compare February 5, 2026 19:52

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.126~~ chore(deps): update dependency ai to v5.0.127 Feb 5, 2026

renovate bot force-pushed the renovate/ai-5.x branch from d79b69b to a7149ec Compare February 5, 2026 23:12

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.127~~ chore(deps): update dependency ai to v5.0.128 Feb 5, 2026

renovate bot force-pushed the renovate/ai-5.x branch from a7149ec to 76741d0 Compare February 7, 2026 10:11

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.128~~ chore(deps): update dependency ai to v5.0.129 Feb 7, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 76741d0 to 44c23e6 Compare February 13, 2026 03:39

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.140~~ chore(deps): update dependency ai to v5.0.141 Feb 26, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 3835c42 to 8882b98 Compare March 2, 2026 19:12

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.141~~ chore(deps): update dependency ai to v5.0.142 Mar 2, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 8882b98 to ca5536c Compare March 8, 2026 09:50

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.142~~ chore(deps): update dependency ai to v5.0.150 Mar 8, 2026

renovate bot force-pushed the renovate/ai-5.x branch from ca5536c to a42f847 Compare March 9, 2026 20:09

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.150~~ chore(deps): update dependency ai to v5.0.151 Mar 9, 2026

renovate bot force-pushed the renovate/ai-5.x branch from a42f847 to 7dc6341 Compare March 10, 2026 19:15

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.151~~ chore(deps): update dependency ai to v5.0.152 Mar 10, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 7dc6341 to 352c2b0 Compare March 11, 2026 19:34

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.152~~ chore(deps): update dependency ai to v5.0.153 Mar 11, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 352c2b0 to fa45b2f Compare March 13, 2026 23:08

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.153~~ chore(deps): update dependency ai to v5.0.154 Mar 13, 2026

renovate bot force-pushed the renovate/ai-5.x branch from fa45b2f to 10c229d Compare March 18, 2026 02:01

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.154~~ chore(deps): update dependency ai to v5.0.155 Mar 18, 2026

renovate bot force-pushed the renovate/ai-5.x branch from 10c229d to a0b368c Compare March 18, 2026 18:47

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.155~~ chore(deps): update dependency ai to v5.0.156 Mar 18, 2026

renovate bot force-pushed the renovate/ai-5.x branch from a0b368c to f255a2c Compare March 20, 2026 18:59

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.156~~ chore(deps): update dependency ai to v5.0.157 Mar 20, 2026

renovate bot force-pushed the renovate/ai-5.x branch from f255a2c to a808635 Compare March 23, 2026 19:29

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.157~~ chore(deps): update dependency ai to v5.0.158 Mar 23, 2026

renovate bot force-pushed the renovate/ai-5.x branch from a808635 to a8e400b Compare March 23, 2026 22:53

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.158~~ chore(deps): update dependency ai to v5.0.159 Mar 23, 2026

renovate bot force-pushed the renovate/ai-5.x branch from a8e400b to cddfb5d Compare March 24, 2026 19:07

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.159~~ chore(deps): update dependency ai to v5.0.160 Mar 24, 2026

renovate bot force-pushed the renovate/ai-5.x branch from cddfb5d to c985290 Compare March 27, 2026 10:42

renovate bot changed the title ~~chore(deps): update dependency ai to v5.0.160~~ chore(deps): update dependency ai to v5.0.161 Mar 27, 2026

chore(deps): update dependency ai to v5.0.162

d23c6ad

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency ai to v5.0.162#1056

chore(deps): update dependency ai to v5.0.162#1056
renovate[bot] wants to merge 1 commit intomainfrom
renovate/ai-5.x

renovate bot commented Jan 6, 2026 •

edited

Loading

Uh oh!

cubic-dev-ai bot left a comment

Uh oh!

socket-security bot commented Mar 31, 2026

Uh oh!

socket-security bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Jan 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Configuration

Uh oh!

cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

socket-security bot commented Mar 31, 2026

Uh oh!

socket-security bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Jan 6, 2026 •

edited

Loading