fix(deps): update dependency ai to v5.0.52 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
ai (source)	5.0.28 -> 5.0.52

GitHub Vulnerability Alerts

CVE-2025-48985

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

---

Release Notes

vercel/ai (ai)

v5.0.52

Patch Changes

• c56822d: fix(ai): update uiMessageChunkSchema to satisfy the UIMessageChunk type
• 930399b: fix(ai): download files when intermediate file cannot be downloaded
• Updated dependencies [7ca78f1]
  • @​ai-sdk/gateway@​1.0.29

v5.0.51

Patch Changes

• 27645bb: Export parseJsonEventStream and uiMessageChunkSchema from "ai" package
• Updated dependencies [322901b]
  • @​ai-sdk/gateway@​1.0.28

v5.0.50

Patch Changes

• Updated dependencies [c5f403a]
  • @​ai-sdk/gateway@​1.0.27

v5.0.49

Compare Source

Patch Changes

• Updated dependencies [e304478]
  • @​ai-sdk/gateway@​1.0.26

v5.0.48

Compare Source

Patch Changes

• Updated dependencies [4d3ff64]
  • @​ai-sdk/gateway@​1.0.25

v5.0.47

Compare Source

Patch Changes

• Updated dependencies [c86e0f7]
• Updated dependencies [6bbae01]
  • @​ai-sdk/gateway@​1.0.24

v5.0.46

Compare Source

Patch Changes

• c580fbd: Add safeValidateUIMessages utility to validate UI messages without throwing, returning a success/failure result object like Zod’s safeParse

v5.0.45

Compare Source

Patch Changes

• 76024fc: fix(ai): fix static tool call and result detection when dynamic is undefined
• 93d8b60: fix(ai): do not filter zero-length text parts that have provider options
• d8eb31f: fix(ai): fix webp image detection from base64

v5.0.44

Compare Source

Patch Changes

• Updated dependencies [f49f924]
  • @​ai-sdk/gateway@​1.0.23

v5.0.43

Compare Source

Patch Changes

• 0294b58: feat(ai): set ai, @ai-sdk/provider-utils, and runtime in user-agent header
• Updated dependencies [0294b58]
  • @​ai-sdk/provider-utils@​3.0.9
  • @​ai-sdk/gateway@​1.0.22

v5.0.42

Compare Source

Patch Changes

• de5c066: fix(ai): forwarded providerExecuted flag in validateUIMessages

v5.0.41

Compare Source

Patch Changes

• cd91e4b: fix(ai): use correct type for reasoning outputs

v5.0.40

Compare Source

Patch Changes

• Updated dependencies [4ee3719]
  • @​ai-sdk/gateway@​1.0.21

v5.0.39

Compare Source

Patch Changes

• a0a725f: feat (ai): export createGateway

v5.0.38

Compare Source

Patch Changes

• Updated dependencies [350a328]
  • @​ai-sdk/gateway@​1.0.20

v5.0.37

Compare Source

Patch Changes

• d6785d7: feat (ai): add tool and agent helpers

v5.0.36

Compare Source

Patch Changes

• ccc2ded: feat (ai): export gateway provider

v5.0.35

Compare Source

Patch Changes

• 99c946a: export missing type

v5.0.34

Compare Source

Patch Changes

• Updated dependencies [034287f]
• Updated dependencies [dee1afe]
  • @​ai-sdk/gateway@​1.0.19

v5.0.33

Compare Source

Patch Changes

• Updated dependencies [5d59a8c]
  • @​ai-sdk/gateway@​1.0.18

v5.0.32

Compare Source

Patch Changes

• Updated dependencies [b6005cd]
  • @​ai-sdk/gateway@​1.0.17

v5.0.31

Compare Source

Patch Changes

• Updated dependencies [99964ed]
  • @​ai-sdk/provider-utils@​3.0.8
  • @​ai-sdk/gateway@​1.0.16

v5.0.30

Compare Source

Patch Changes

• 7fcc6be: feat(ai): throw InvalidArgumentError when messages is not provided

v5.0.29

Compare Source

Patch Changes

• e0e9449: feat(ui): sent isAbort, isDisconnect, isError in useChat onFinish callback

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
@ai-sdk/gateway @ 1.0.29 pnpm-lock.yaml				🔗
@ai-sdk/provider-utils @ 3.0.9 pnpm-lock.yaml				🔗
@napi-rs/wasm-runtime @ 1.0.7 pnpm-lock.yaml				🔗
@oxc-project/types @ 0.96.0 pnpm-lock.yaml				🔗
@rolldown/binding-android-arm64 @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-darwin-arm64 @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-darwin-x64 @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-freebsd-x64 @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-linux-arm-gnueabihf @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-linux-arm64-gnu @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-linux-arm64-musl @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-linux-x64-gnu @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-linux-x64-musl @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-openharmony-arm64 @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-wasm32-wasi @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-win32-arm64-msvc @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-win32-ia32-msvc @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/binding-win32-x64-msvc @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
@rolldown/pluginutils @ 1.0.0-beta.47 pnpm-lock.yaml				🔗
ai @ 5.0.52 apps/core/package.json pnpm-lock.yaml				🔗
rolldown @ 1.0.0-beta.47 pnpm-lock.yaml				🔗

_{This report is generated by SafeDep Github App}