chore(deps): update dependency ai to v6.0.204#3496
Merged
Conversation
renovate
Bot
force-pushed
the
renovate/ai-6.x-lockfile
branch
2 times, most recently
from
June 13, 2026 02:07
285b913 to
bb92d2f
Compare
renovate
Bot
force-pushed
the
renovate/ai-6.x-lockfile
branch
from
June 13, 2026 02:08
bb92d2f to
181684c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.0.202→6.0.204Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
vercel/ai (ai)
v6.0.204Compare Source
v6.0.203Compare Source
Patch Changes
f42aa79: fix: harden download URL SSRF guard against hostname and redirect bypassesvalidateDownloadUrland the file download helpers (downloadBlob,download) could be bypassed in several ways when handling untrusted URLs:localhost.,myhost.local.) skipped the localhost/.localblocklist.::127.0.0.1), IPv4-translated (::ffff:0:127.0.0.1), and NAT64 (64:ff9b::127.0.0.1, including the64:ff9b:1::/48local-use prefix) — were not decoded and checked against the private IPv4 ranges.fetchhad already followed them, so the request to a redirect target (e.g. an internal/metadata address) had already been issued before the check ran.100.64.0.0/10, used by some cloud providers for internal traffic), benchmarking (198.18.0.0/15), IETF protocol assignments (192.0.0.0/24), the reserved240.0.0.0/4block (including the255.255.255.255broadcast address), and IPv6 site-local (fec0::/10) and multicast (ff00::/8).The validator now strips trailing dots before the hostname checks and fully expands IPv6 addresses to detect embedded private IPv4 targets. The download helpers now follow redirects manually (
redirect: 'manual'), re-validating each hop before requesting it, so an unsafe redirect target is never fetched. When a redirect cannot be inspected because the runtime returns an opaque response, the helpers fail closed (reject the redirect) on the server; only in a real browser — where SSRF is not reachable (fetch is constrained by CORS and cannot reach a server's internal network or cloud-metadata endpoints) — is the redirect followed natively so legitimate redirected downloads keep working.5291f7e: Harden stream text processing and middleware against prototype pollution from stream part IDs.b4b575a: fix: redact server error details from UI message streams by defaultstreamText(...).toUIMessageStream()andcreateUIMessageStreamdefaulted theironErrorcallback togetErrorMessage, which serializes the raw error (error.toString()/JSON.stringify(error)) into the client-facing{ type: 'error', errorText }chunk — and also intotool-output-errorparts. The documented default was() => 'An error occurred.', so applications relying on the documented behavior were unknowingly streaming server exception details (internal hostnames, paths, provider request data, validation inputs) to end users.The default
onErrornow returns the documented generic'An error occurred.'. Raw error details are only emitted when the developer explicitly supplies anonErrorhandler. This also redactstool-output-errorand invalid-tool-input error text by default; pass anonErrorto surface richer messages.Updated dependencies [
bfa5864]Updated dependencies [
f42aa79]Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.