Skip to content

chore(deps): bump ai from 6.0.206 to 6.0.208#65

Merged
yogeshchoudhary147 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/ai-6.0.208
Jun 23, 2026
Merged

chore(deps): bump ai from 6.0.206 to 6.0.208#65
yogeshchoudhary147 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/ai-6.0.208

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps ai from 6.0.206 to 6.0.208.

Release notes

Sourced from ai's releases.

ai@6.0.208

Patch Changes

  • 8261640: fix(ai): handle partial unicode escapes in fixJson
  • f994df3: Serialize undefined tool output to null in UI message chunks
Changelog

Sourced from ai's changelog.

6.0.208

Patch Changes

  • 8261640: fix(ai): handle partial unicode escapes in fixJson
  • f994df3: Serialize undefined tool output to null in UI message chunks

6.0.207

Patch Changes

  • 779f5cd: fix(provider-utils): cancel response body on download rejection to prevent socket leak

    When a download was rejected early — because the Content-Length header exceeded the size limit, the response status was not ok, or a redirect resolved to a blocked URL — the fetch response body was left unconsumed and uncancelled. With WHATWG Fetch/undici this leaves the underlying TCP socket open instead of returning it to the connection pool, allowing an attacker-controlled origin to exhaust file descriptors and cause a denial of service. The body is now cancelled on all early-rejection paths in readResponseWithSizeLimit, download, and downloadBlob, and fetchWithValidatedRedirects cancels each redirect hop's body before following or rejecting the next hop.

  • Updated dependencies [5bfde36]

  • Updated dependencies [779f5cd]

    • @​ai-sdk/gateway@​3.0.133
    • @​ai-sdk/provider-utils@​4.0.30
Commits

@dependabot
chore(deps): bump ai from 6.0.206 to 6.0.208
3a6bea8 
Bumps [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) from 6.0.206 to 6.0.208.
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/ai@6.0.208/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/ai@6.0.208/packages/ai)

---
updated-dependencies:
- dependency-name: ai
  dependency-version: 6.0.208
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-6.0.208 branch from d504d6d to 3a6bea8 Compare June 23, 2026 13:22
@yogeshchoudhary147 yogeshchoudhary147 merged commit 034b8ca into main Jun 23, 2026
5 checks passed
@yogeshchoudhary147 yogeshchoudhary147 deleted the dependabot/npm_and_yarn/ai-6.0.208 branch June 23, 2026 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yogeshchoudhary147 yogeshchoudhary147 yogeshchoudhary147 approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yogeshchoudhary147