Skip to content

deps: bump ai from 6.0.201 to 7.0.0#127

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ai-7.0.0
Closed

deps: bump ai from 6.0.201 to 7.0.0#127
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ai-7.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps ai from 6.0.201 to 7.0.0.

Release notes

Sourced from ai's releases.

ai@6.0.218

Patch Changes

  • ea1e95b: feat(mcp): add maxRetries option for failed mcp tool calls
  • Updated dependencies [ea1e95b]
    • @​ai-sdk/provider-utils@​4.0.35
    • @​ai-sdk/gateway@​3.0.142
Changelog

Sourced from ai's changelog.

7.0.0

Major Changes

  • 986c6fd: feat(ai): change type of experimental_context from unknown to generic

  • b0c2869: chore(ai): remove deprecated media type part from ToolResultOutput

  • 1949571: feat(ai): make experimental_telemetry stable

  • 6542d93: feat(ai): change naming nomenclature for *TelemetryIntegration to *Telemetry

  • 31f69de: fix(ai): carry prepareStep message overrides forward across steps

  • 7c71ac6: fix(ai): limit response messages in StepResult to messages created in that step

  • cf93359: feat(ai): remove/refactor event data sent via callbacks

  • 776b617: feat(provider): adding new 'custom' content type

  • 34bd95d: feat(ai): add support for uploading provider skills using the provider references abstraction

  • 1f7db50: fix(ai): remove experimental_customProvider

  • 3debdb7: feat(ai): rename stepCountIs to isStepCount

  • fcc6869: refactor(ai/core): rename ModelCallStreamPart to LanguageModelStreamPart and align stream model call naming (streamLanguageModelCall, experimental_streamLanguageModelCall).

    This updates experimental low-level stream primitives to use "language model call" terminology consistently.

  • ef992f8: Remove CommonJS exports from all packages. All packages are now ESM-only ("type": "module"). Consumers using require() must switch to ESM import syntax.

  • 493295c: Remove the deprecated ToolCallOptions export.

    Use ToolExecutionOptions instead.

  • 116c89f: feat(ai): remove telemetry data from the user-facing event data

  • c29a26f: feat(provider): add support for provider references and uploading files as supported per provider

  • 3887c70: feat(provider): add new top-level reasoning parameter to spec and support it in generateText and streamText

  • 9bd6512: feat(provider): change file part data property to be tagged with a type and remove the image part type

  • 4b46062: refactoring(ai): extract tool callback invocation into separate function and forward chunks before callback invocation

  • 7e26e81: chore: rename experimental_context to context

  • 8359612: Start v7 pre-release

  • 5463d0d: feat(provider): align tool result output content file part types with top-level message file part types

  • 72223e7: chore(ai): remove deprecated isToolOrDynamicToolUIPart function

  • 57bf606: chore(ai): simplify unified telemetry creation

  • b3c9f6a: feat(ai): create new opentelemetry package (@​ai-sdk/otel)

  • b9cf502: refactoring(ai): delay tool execution in stream text until model call is finished

  • 5b8c58f: feat(ai): decouple otel from core functions

  • 4e095b0: fix(ai): reject system messages in messages or prompt by default (opt-in)

Patch Changes

  • e3d9c0e: Add allowSystemInMessages option to ToolLoopAgent.

    This exposes the same option that exists on streamText and generateText, whether role: "system" messages are allowed in the prompt or messages fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the instructions option instead. Set to true to allow system messages, or false to explicitly reject them.

    const agent = new ToolLoopAgent({
      model,
      allowSystemInMessages: true,
    });

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ai](https://github.com/vercel/ai/tree/HEAD/packages/ai) from 6.0.201 to 7.0.0.
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/main/packages/ai/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/ai@7.0.0/packages/ai)

---
updated-dependencies:
- dependency-name: ai
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@dependabot dependabot Bot requested a review from lgruen-vcgs as a code owner July 2, 2026 16:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #138.

@dependabot dependabot Bot closed this Jul 9, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/ai-7.0.0 branch July 9, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants