ai 5.0.148 → 5.0.150
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +4 -1
- package/dist/index.mjs.map +1 -1
- package/dist/internal/index.js +4 -1
- package/dist/internal/index.js.map +1 -1
- package/dist/internal/index.mjs +4 -1
- package/dist/internal/index.mjs.map +1 -1
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# ai
|
|
2
2
|
|
|
3
|
+
## 5.0.150
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [ee7582f]
|
|
8
|
+
- @ai-sdk/gateway@2.0.55
|
|
9
|
+
|
|
10
|
+
## 5.0.149
|
|
11
|
+
|
|
12
|
+
### Patch Changes
|
|
13
|
+
|
|
14
|
+
- c66afc5: fix(security): validate redirect targets in download functions to prevent SSRF bypass
|
|
15
|
+
|
|
16
|
+
`download` now validates the final URL after following HTTP redirects, preventing attackers from bypassing SSRF protections via open redirects to internal/private addresses.
|
|
17
|
+
|
|
3
18
|
## 5.0.148
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
|
@@ -136,7 +151,7 @@
|
|
|
136
151
|
|
|
137
152
|
- 20565b8: security: prevent unbounded memory growth in download functions
|
|
138
153
|
|
|
139
|
-
The `download()`
|
|
154
|
+
The `download()` function now enforces a default 2 GiB size limit when downloading from user-provided URLs. Downloads that exceed this limit are aborted with a `DownloadError` instead of consuming unbounded memory and crashing the process. The `abortSignal` parameter is now passed through to `fetch()` in all download call sites.
|
|
140
155
|
|
|
141
156
|
Added `download` option to `transcribe()` and `experimental_generateVideo()` for providing a custom download function. Use the new `createDownload({ maxBytes })` factory to configure download size limits.
|
|
142
157
|
|
package/dist/index.js
CHANGED
|
@@ -779,7 +779,7 @@ var import_provider_utils2 = require("@ai-sdk/provider-utils");
|
|
|
779
779
|
var import_provider_utils3 = require("@ai-sdk/provider-utils");
|
|
780
780
|
|
|
781
781
|
// src/version.ts
|
|
782
|
-
var VERSION = true ? "5.0.
|
|
782
|
+
var VERSION = true ? "5.0.150" : "0.0.0-test";
|
|
783
783
|
|
|
784
784
|
// src/util/download/download.ts
|
|
785
785
|
var download = async ({
|
|
@@ -799,6 +799,9 @@ var download = async ({
|
|
|
799
799
|
),
|
|
800
800
|
signal: abortSignal
|
|
801
801
|
});
|
|
802
|
+
if (response.redirected) {
|
|
803
|
+
(0, import_provider_utils2.validateDownloadUrl)(response.url);
|
|
804
|
+
}
|
|
802
805
|
if (!response.ok) {
|
|
803
806
|
throw new DownloadError({
|
|
804
807
|
url: urlText,
|