feat: upgrade to ai sdk 6#1559
Conversation
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
|
Don't merge yet, please, as I am still manually testing locally. I'll provide an update here if all my manual tests do fine. |
The-Best-Codes
left a comment
The-Best-Codes
left a comment
There was a problem hiding this comment.
Ready to merge. Tested locally with Google, Groq, and OpenRouter.
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the AI SDK from v4 to v5 (specifically v5.0.89) to address a security advisory (GHSA-rwvc-j5jr-mgvh) that was affecting production deployments with SOC 2 compliance requirements.
Key changes:
- Upgraded core
aipackage from v4.3.15 to v5.0.89 - Upgraded all AI SDK provider packages to v2 versions (anthropic, google, groq, mistral, openai, openrouter)
- Replaced
ollama-ai-providerwithollama-ai-provider-v2as recommended by AI SDK v5 documentation - Updated TypeScript types to match AI SDK v5 API (
LanguageModelV1→LanguageModel,Message→ModelMessage)
Reviewed Changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pnpm-lock.yaml | Updated dependency versions for AI SDK v5 and all provider packages |
| packages/cli/package.json | Upgraded AI SDK dependencies to v2 and core ai package to v5.0.89 |
| packages/compiler/package.json | Upgraded AI SDK dependencies to v2 and core ai package to v5.0.89 |
| packages/cli/src/cli/processor/index.ts | Updated import to use ollama-ai-provider-v2 |
| packages/cli/src/cli/processor/basic.ts | Updated type from LanguageModelV1 to LanguageModel |
| packages/cli/src/cli/localizer/explicit.ts | Updated import to ollama-ai-provider-v2 and type from Message to ModelMessage |
| packages/compiler/src/lib/lcp/api/index.ts | Updated import to use ollama-ai-provider-v2 |
| .changeset/pink-lemons-buy.md | Added changeset documenting the upgrade |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
| name: "I18nConfig", | ||
| markdownDescription: true, | ||
| const schema = toJSONSchema(LATEST_CONFIG_DEFINITION.schema, { | ||
| target: "openapi-3.0", |
There was a problem hiding this comment.
Note to self: Ensure this is the correct way to migrate this
There was a problem hiding this comment.
@maxprilutskiy The file this script generates does change quite a bit after the Zod 4 upgrade, but I'm not sure how much that matters... I think the docs script is used internally in some way? Can you give me any details on what the generate-config-docs.ts script does and if it's important for the output schema to stay the same?
There was a problem hiding this comment.
One option here is to keep this as zod-to-json-schema with a zod/v3 import.
The-Best-Codes
left a comment
The-Best-Codes
left a comment
There was a problem hiding this comment.
Still working on migrating to Zod 4, don't merge this!
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
everything still works fine) Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
| { | ||
| text: Z.string(), | ||
| targetLocale: Z.string().regex(/^[a-z]{2}(-[A-Z]{2})?$/), | ||
| text: Z.string() as any, |
There was a problem hiding this comment.
Need to manually test the MCP server
There was a problem hiding this comment.
One option here is to keep backward compat by importing zod/v3 here.
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
|
They still haven't released AI SDK 6 support in stable, but I've bumped it to alpha. Tests passing locally (but not in CI for some reason). |
The-Best-Codes
left a comment
The-Best-Codes
left a comment
There was a problem hiding this comment.
Ready to review, if that failing test will pass. The @openrouter/ai-sdk-provider dep will need to be bumped to stable later once they release it in stable
Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com>
|
@The-Best-Codes please have a look at the lockfile again 🙏 |
Head branch was pushed to by a user without write access
|
All tests passing :) 
|
|
cc @vrcprl |
|
wohooo @The-Best-Codes 🕺 |
|
🥳 |
* chore: upgrade to ai sdk 5 to resolve security vulns Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * chore: changeset Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * feat: upgrade to zod 4 Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * chore: remove zod-to-json-schema from the codebase Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: use "Z" not "z" Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: use error.issues Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: perform more zod 4 migrations Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: resolve type errors in mcp.ts (used any, might manually verify everything still works fine) Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: remove defaults from optional fields in zod 4 (fixes failing tests) Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * chore: fmt Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * chore: remove unused zod-to-json-schema dep Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: use prefault Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: revert Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: upgrade new deps Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: sort deps Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * fix: revert to zod 3 for docs script Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * chore: upgrade to ai sdk 6 Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> * chore: sync lockfile Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> --------- Signed-off-by: The-Best-Codes <bestcodes.official@gmail.com> Co-authored-by: Max Prilutskiy <5614659+maxprilutskiy@users.noreply.github.com>
3 participants
Closes #1556
This upgrades the project to use the latest version of the AI SDK (v5.0.89). It also upgrades provider packages to versions compatible with AI SDK 5.
Note: The
ollama-ai-providerpackage doesn't support AI SDK 5, so I swapped it out for theollama-ai-provider-v2package, which is recommended in AI SDK's docs.The point of these upgrades is to address a security advisory which, though minor, was affecting some users' ability to ship Lingo.dev in production as it failed SOC 2 checks.