@ai-sdk/provider-utils 4.0.29 → 4.0.30

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ai-sdk/provider-utils",
-  "version": "4.0.29",
+  "version": "4.0.30",
   "license": "Apache-2.0",
   "sideEffects": false,
   "main": "./dist/index.js",

package/src/cancel-response-body.ts

@@ -0,0 +1,19 @@
+/**
+ * Cancels a response body to release the underlying connection.
+ *
+ * When a fetch Response is rejected without consuming its body (e.g. a failed
+ * status code, an open-redirect rejection, or a Content-Length that exceeds the
+ * size limit), the underlying TCP socket is not returned to the connection pool
+ * and may stay open until the process runs out of file descriptors. Cancelling
+ * the body avoids this leak.
+ *
+ * Errors thrown while cancelling are ignored: the body may already be locked,
+ * disturbed, or absent, none of which should mask the original rejection.
+ */
+export async function cancelResponseBody(response: Response): Promise<void> {
+  try {
+    await response.body?.cancel();
+  } catch {
+    // Ignore cancel errors so the original rejection is preserved.
+  }
+}

package/src/download-blob.ts

@@ -1,3 +1,4 @@
+import { cancelResponseBody } from './cancel-response-body';
 import { DownloadError } from './download-error';
 import { fetchWithValidatedRedirects } from './fetch-with-validated-redirects';
 import {
@@ -27,6 +28,9 @@ export async function downloadBlob(
     });
 
     if (!response.ok) {
+      // Release the connection before rejecting so an error status from an
+      // attacker-controlled origin cannot leak open sockets.
+      await cancelResponseBody(response);
       throw new DownloadError({
         url,
         statusCode: response.status,

package/src/fetch-with-validated-redirects.ts

@@ -1,3 +1,4 @@
+import { cancelResponseBody } from './cancel-response-body';
 import { DownloadError } from './download-error';
 import { isBrowserRuntime } from './is-browser-runtime';
 import { validateDownloadUrl } from './validate-download-url';
@@ -68,6 +69,10 @@ export async function fetchWithValidatedRedirects({
 
     const location = response.headers.get('location');
     if (response.status >= 300 && response.status < 400 && location) {
+      // Release the redirect response's connection before moving to the next
+      // hop. Whether that hop is followed or rejected by the SSRF guard, an
+      // unconsumed 3xx body would leak the underlying socket.
+      await cancelResponseBody(response);
       currentUrl = new URL(location, currentUrl).toString();
       continue;
     }

package/src/index.ts

@@ -43,6 +43,7 @@ export {
   type ProviderToolFactory,
   type ProviderToolFactoryWithOutputSchema,
 } from './provider-tool-factory';
+export { cancelResponseBody } from './cancel-response-body';
 export * from './remove-undefined-entries';
 export * from './resolve';
 export * from './response-handler';

package/src/read-response-with-size-limit.ts

@@ -1,3 +1,4 @@
+import { cancelResponseBody } from './cancel-response-body';
 import { DownloadError } from './download-error';
 
 /**
@@ -40,6 +41,9 @@ export async function readResponseWithSizeLimit({
   if (contentLength != null) {
     const length = parseInt(contentLength, 10);
     if (!isNaN(length) && length > maxBytes) {
+      // Cancel the body so the underlying connection is released back to the
+      // pool instead of being left open until the socket is exhausted.
+      await cancelResponseBody(response);
       throw new DownloadError({
         url,
         message: `Download of ${url} exceeded maximum size of ${maxBytes} bytes (Content-Length: ${length}).`,