From 9316145eb69d7600cc2ea3497a98376d604a56d4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 11 Nov 2025 08:37:59 +0000 Subject: [PATCH] fix: package.json & pnpm-lock.yaml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AI-13863465 --- package.json | 2 +- pnpm-lock.yaml | 169 ++++++++++++++++--------------------------------- 2 files changed, 57 insertions(+), 114 deletions(-) diff --git a/package.json b/package.json index 5d0a926..4d5a1a3 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "@browserbasehq/sdk": "^2.0.0", "@browserbasehq/stagehand": "^1.10.1", "@vercel/analytics": "^1.4.1", - "ai": "^4.1.2", + "ai": "^5.0.52", "framer-motion": "^11.0.3", "jotai": "^2.11.1", "motion": "^12.0.3", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c75d71c..b81a6e2 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -24,8 +24,8 @@ importers: specifier: ^1.4.1 version: 1.4.1(next@15.1.6(@opentelemetry/api@1.9.0)(@playwright/test@1.50.0)(react-dom@19.0.0(react@19.0.0))(react@19.0.0))(react@19.0.0) ai: - specifier: ^4.1.2 - version: 4.1.2(react@19.0.0)(zod@3.24.1) + specifier: ^5.0.92 + version: 5.0.92(zod@3.24.1) framer-motion: specifier: ^11.0.3 version: 11.18.2(react-dom@19.0.0(react@19.0.0))(react@19.0.0) @@ -93,6 +93,12 @@ importers: packages: + '@ai-sdk/gateway@2.0.8': + resolution: {integrity: sha512-cA5Sh5pjmsMOlzCxsX9B4bGB9qOn9/HRxKb8ry1OYmrXP3i1t34eZMHA7EVFoB09I41p0LPwkRBACYXm15xokw==} + engines: {node: '>=18'} + peerDependencies: + zod: ^3.25.76 || ^4.1.8 + '@ai-sdk/openai@1.1.2': resolution: {integrity: sha512-9rfcwjl4g1/Bdr2SmgFQr+aw81r62MvIKE7QDHMC4ulFd/Hej2oClROSMpDFZHXzs7RGeb32VkRyCHUWWgN3RQ==} engines: {node: '>=18'} @@ -108,30 +114,19 @@ packages: zod: optional: true + '@ai-sdk/provider-utils@3.0.17': + resolution: {integrity: sha512-TR3Gs4I3Tym4Ll+EPdzRdvo/rc8Js6c4nVhFLuvGLX/Y4V9ZcQMa/HTiYsHEgmYrf1zVi6Q145UEZUfleOwOjw==} + engines: {node: '>=18'} + peerDependencies: + zod: ^3.25.76 || ^4.1.8 + '@ai-sdk/provider@1.0.6': resolution: {integrity: sha512-hwj/gFNxpDgEfTaYzCYoslmw01IY9kWLKl/wf8xuPvHtQIzlfXWmmUwc8PnCwxyt8cKzIuV0dfUghCf68HQ0SA==} engines: {node: '>=18'} - '@ai-sdk/react@1.1.2': - resolution: {integrity: sha512-bBcRsDaNHzCKSIBbPngMeqbnwZ1RFadXQo9XzHoGrvLANYRwuphGNB8XTXYVLC/eXjoaGVGw2wWf/TYigEnCuA==} + '@ai-sdk/provider@2.0.0': + resolution: {integrity: sha512-6o7Y2SeO9vFKB8lArHXehNuusnpddKPk7xqL7T2/b+OvXMRIXUO1rR4wcv1hAFUAT9avGZshty3Wlua/XA7TvA==} engines: {node: '>=18'} - peerDependencies: - react: ^18 || ^19 || ^19.0.0-rc - zod: ^3.0.0 - peerDependenciesMeta: - react: - optional: true - zod: - optional: true - - '@ai-sdk/ui-utils@1.1.2': - resolution: {integrity: sha512-+0kfBF4Y9jmlg1KlbNKIxchmXx9PzuReSpgRNWhpU10vfl1eeer4xK/XL2qHnzAWhsMFe/SVZXJIQObk44zNEQ==} - engines: {node: '>=18'} - peerDependencies: - zod: ^3.0.0 - peerDependenciesMeta: - zod: - optional: true '@alloc/quick-lru@5.2.0': resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==} @@ -425,15 +420,15 @@ packages: '@rushstack/eslint-patch@1.10.5': resolution: {integrity: sha512-kkKUDVlII2DQiKy7UstOR1ErJP8kUKAQ4oa+SQtM0K+lPdmmjj0YnnxBgtTVYH7mUKtbsxeFC9y0AmK7Yb78/A==} + '@standard-schema/spec@1.0.0': + resolution: {integrity: sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==} + '@swc/counter@0.1.3': resolution: {integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==} '@swc/helpers@0.5.15': resolution: {integrity: sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g==} - '@types/diff-match-patch@1.0.36': - resolution: {integrity: sha512-xFdR6tkm0MWvBfO8xXCSsinYxHcqkQUlcHeSpMC2ukzOb6lwQAfDmW+Qt0AvlGd8HpsS28qKsB+oPeJn9I39jg==} - '@types/estree@1.0.6': resolution: {integrity: sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==} @@ -533,6 +528,10 @@ packages: vue-router: optional: true + '@vercel/oidc@3.0.3': + resolution: {integrity: sha512-yNEQvPcVrK9sIe637+I0jD6leluPxzwJKx/Haw6F4H77CdDsszUn5V3o96LPziXkSNE2B83+Z3mjqGKBK/R6Gg==} + engines: {node: '>= 20'} + abort-controller@3.0.0: resolution: {integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==} engines: {node: '>=6.5'} @@ -551,17 +550,11 @@ packages: resolution: {integrity: sha512-kja8j7PjmncONqaTsB8fQ+wE2mSU2DJ9D4XKoJ5PFWIdRMa6SLSN1ff4mOr4jCbfRSsxR4keIiySJU0N9T5hIQ==} engines: {node: '>= 8.0.0'} - ai@4.1.2: - resolution: {integrity: sha512-11efhPorWFphIpeCgjW6r/jk4wB5RWUGjxayHblBXCq6YEc7o5ki7vlmSnESprsDkMEfmONBWb/xM8pWjR5O2g==} + ai@5.0.92: + resolution: {integrity: sha512-EnPe3QXiD06Tg7iAt/oU3JSwedI1nuhEBnTjyfn1qTXaqmJ6qI4YG8wn/eBHRVXnmljDFDNYvGBC5pALYV1rAA==} engines: {node: '>=18'} peerDependencies: - react: ^18 || ^19 || ^19.0.0-rc - zod: ^3.0.0 - peerDependenciesMeta: - react: - optional: true - zod: - optional: true + zod: ^3.25.76 || ^4.1.8 ajv@6.12.6: resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==} @@ -701,10 +694,6 @@ packages: resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==} engines: {node: '>=10'} - chalk@5.4.1: - resolution: {integrity: sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==} - engines: {node: ^12.17.0 || ^14.13 || >=16.0.0} - chokidar@3.6.0: resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==} engines: {node: '>= 8.10.0'} @@ -803,10 +792,6 @@ packages: resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==} engines: {node: '>=0.4.0'} - dequal@2.0.3: - resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==} - engines: {node: '>=6'} - detect-libc@2.0.3: resolution: {integrity: sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==} engines: {node: '>=8'} @@ -814,9 +799,6 @@ packages: didyoumean@1.2.2: resolution: {integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==} - diff-match-patch@1.0.5: - resolution: {integrity: sha512-IayShXAgj/QMXgB0IWmKx+rOPuGMhqm5w6jvFxmVenXKIzRqTAAsbBPT3kWQeGANj3jGgvcvv4yK6SxqYmikgw==} - dlv@1.1.3: resolution: {integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==} @@ -1004,6 +986,10 @@ packages: resolution: {integrity: sha512-T1C0XCUimhxVQzW4zFipdx0SficT651NnkR0ZSH3yQwh+mFMdLfgjABVi4YtMTtaL4s168593DaoaRLMqryavA==} engines: {node: '>=18.0.0'} + eventsource-parser@3.0.6: + resolution: {integrity: sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg==} + engines: {node: '>=18.0.0'} + fast-deep-equal@3.1.3: resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==} @@ -1365,11 +1351,6 @@ packages: resolution: {integrity: sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==} hasBin: true - jsondiffpatch@0.6.0: - resolution: {integrity: sha512-3QItJOXp2AP1uv7waBkao5nCvhEv+QmJAd38Ybq7wNI74Q+BBmnLn4EDKz6yI9xGAIQoUF87qHt+kc1IVxB4zQ==} - engines: {node: ^18.0.0 || >=20.0.0} - hasBin: true - jsx-ast-utils@3.3.5: resolution: {integrity: sha512-ZZow9HBI5O6EPgSJLUb8n2NKgmVWTwCvHGwFuJlMjvLFqlGG6pjirPhtdsseaLZjSibD8eegzmYpUZwoIlj2cQ==} engines: {node: '>=4.0'} @@ -1912,11 +1893,6 @@ packages: resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==} engines: {node: '>= 0.4'} - swr@2.3.0: - resolution: {integrity: sha512-NyZ76wA4yElZWBHzSgEJc28a0u6QZvhb6w0azeL2k7+Q1gAzVK+IqQYXhVOC/mzi+HZIozrZvBVeSeOZNR2bqA==} - peerDependencies: - react: ^16.11.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 - tailwindcss@3.4.17: resolution: {integrity: sha512-w33E2aCvSDP0tW9RZuNXadXlkHXqFzSkQew/aIa2i/Sj8fThxwovwlXHSPXTbAHwEIhBFXAedUhP2tueAKP8Og==} engines: {node: '>=14.0.0'} @@ -1933,10 +1909,6 @@ packages: thenify@3.3.1: resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==} - throttleit@2.1.0: - resolution: {integrity: sha512-nt6AMGKW1p/70DF/hGBdJB57B8Tspmbp5gfJ8ilhLnt7kkr2ye7hzD6NVG8GGErk2HWF34igrL2CXmNIkzKqKw==} - engines: {node: '>=18'} - to-regex-range@5.0.1: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} @@ -1997,11 +1969,6 @@ packages: uri-js@4.4.1: resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==} - use-sync-external-store@1.4.0: - resolution: {integrity: sha512-9WXSPC5fMv61vaupRkCKCxsPxBocVnwakBEkMIHHpkTTg6icbJtg6jzgtLDm4bl3cSHAca52rYWih0k4K3PfHw==} - peerDependencies: - react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 - usehooks-ts@2.16.0: resolution: {integrity: sha512-bez95WqYujxp6hFdM/CpRDiVPirZPxlMzOH2QB8yopoKQMXpscyZoxOjpEdaxvV+CAWUDSM62cWnqHE0E/MZ7w==} engines: {node: '>=16.15.0'} @@ -2088,6 +2055,13 @@ packages: snapshots: + '@ai-sdk/gateway@2.0.8(zod@3.24.1)': + dependencies: + '@ai-sdk/provider': 2.0.0 + '@ai-sdk/provider-utils': 3.0.17(zod@3.24.1) + '@vercel/oidc': 3.0.3 + zod: 3.24.1 + '@ai-sdk/openai@1.1.2(zod@3.24.1)': dependencies: '@ai-sdk/provider': 1.0.6 @@ -2103,27 +2077,20 @@ snapshots: optionalDependencies: zod: 3.24.1 - '@ai-sdk/provider@1.0.6': + '@ai-sdk/provider-utils@3.0.17(zod@3.24.1)': dependencies: - json-schema: 0.4.0 + '@ai-sdk/provider': 2.0.0 + '@standard-schema/spec': 1.0.0 + eventsource-parser: 3.0.6 + zod: 3.24.1 - '@ai-sdk/react@1.1.2(react@19.0.0)(zod@3.24.1)': + '@ai-sdk/provider@1.0.6': dependencies: - '@ai-sdk/provider-utils': 2.1.2(zod@3.24.1) - '@ai-sdk/ui-utils': 1.1.2(zod@3.24.1) - swr: 2.3.0(react@19.0.0) - throttleit: 2.1.0 - optionalDependencies: - react: 19.0.0 - zod: 3.24.1 + json-schema: 0.4.0 - '@ai-sdk/ui-utils@1.1.2(zod@3.24.1)': + '@ai-sdk/provider@2.0.0': dependencies: - '@ai-sdk/provider': 1.0.6 - '@ai-sdk/provider-utils': 2.1.2(zod@3.24.1) - zod-to-json-schema: 3.24.1(zod@3.24.1) - optionalDependencies: - zod: 3.24.1 + json-schema: 0.4.0 '@alloc/quick-lru@5.2.0': {} @@ -2386,14 +2353,14 @@ snapshots: '@rushstack/eslint-patch@1.10.5': {} + '@standard-schema/spec@1.0.0': {} + '@swc/counter@0.1.3': {} '@swc/helpers@0.5.15': dependencies: tslib: 2.8.1 - '@types/diff-match-patch@1.0.36': {} - '@types/estree@1.0.6': {} '@types/json-schema@7.0.15': {} @@ -2503,6 +2470,8 @@ snapshots: next: 15.1.6(@opentelemetry/api@1.9.0)(@playwright/test@1.50.0)(react-dom@19.0.0(react@19.0.0))(react@19.0.0) react: 19.0.0 + '@vercel/oidc@3.0.3': {} + abort-controller@3.0.0: dependencies: event-target-shim: 5.0.1 @@ -2517,16 +2486,12 @@ snapshots: dependencies: humanize-ms: 1.2.1 - ai@4.1.2(react@19.0.0)(zod@3.24.1): + ai@5.0.92(zod@3.24.1): dependencies: - '@ai-sdk/provider': 1.0.6 - '@ai-sdk/provider-utils': 2.1.2(zod@3.24.1) - '@ai-sdk/react': 1.1.2(react@19.0.0)(zod@3.24.1) - '@ai-sdk/ui-utils': 1.1.2(zod@3.24.1) + '@ai-sdk/gateway': 2.0.8(zod@3.24.1) + '@ai-sdk/provider': 2.0.0 + '@ai-sdk/provider-utils': 3.0.17(zod@3.24.1) '@opentelemetry/api': 1.9.0 - jsondiffpatch: 0.6.0 - optionalDependencies: - react: 19.0.0 zod: 3.24.1 ajv@6.12.6: @@ -2686,8 +2651,6 @@ snapshots: ansi-styles: 4.3.0 supports-color: 7.2.0 - chalk@5.4.1: {} - chokidar@3.6.0: dependencies: anymatch: 3.1.3 @@ -2784,14 +2747,10 @@ snapshots: delayed-stream@1.0.0: {} - dequal@2.0.3: {} - detect-libc@2.0.3: {} didyoumean@1.2.2: {} - diff-match-patch@1.0.5: {} - dlv@1.1.3: {} doctrine@2.1.0: @@ -3118,6 +3077,8 @@ snapshots: eventsource-parser@3.0.0: {} + eventsource-parser@3.0.6: {} + fast-deep-equal@3.1.3: {} fast-glob@3.3.1: @@ -3485,12 +3446,6 @@ snapshots: dependencies: minimist: 1.2.8 - jsondiffpatch@0.6.0: - dependencies: - '@types/diff-match-patch': 1.0.36 - chalk: 5.4.1 - diff-match-patch: 1.0.5 - jsx-ast-utils@3.3.5: dependencies: array-includes: 3.1.8 @@ -4080,12 +4035,6 @@ snapshots: supports-preserve-symlinks-flag@1.0.0: {} - swr@2.3.0(react@19.0.0): - dependencies: - dequal: 2.0.3 - react: 19.0.0 - use-sync-external-store: 1.4.0(react@19.0.0) - tailwindcss@3.4.17: dependencies: '@alloc/quick-lru': 5.2.0 @@ -4123,8 +4072,6 @@ snapshots: dependencies: any-promise: 1.3.0 - throttleit@2.1.0: {} - to-regex-range@5.0.1: dependencies: is-number: 7.0.0 @@ -4200,10 +4147,6 @@ snapshots: dependencies: punycode: 2.3.1 - use-sync-external-store@1.4.0(react@19.0.0): - dependencies: - react: 19.0.0 - usehooks-ts@2.16.0(react@19.0.0): dependencies: lodash.debounce: 4.0.8