CodeCow/typebot.io
1
0
Fork 0
mirror of https://github.com/baptisteArno/typebot.io.git synced 2026-06-05 21:04:43 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
main
typebot.io/apps/builder/package.json
Baptiste Arnaud 6f289f647f
🔒️ Upgrade vulnerable deps (ai v5, nodemailer v8, otel sdk-node 0.217) (#2491) 
## Summary

Fixes 18 open Dependabot alerts and migrates affected code to the new
major versions:

- `@opentelemetry/sdk-node` → `^0.217.0` (Prometheus exporter DoS,
GHSA-q7rr-3cgh-j5r3)
- `nodemailer` → `^8.0.5` across all manifests + root override
(GHSA-vvjj-xcjg-gr5g, GHSA-c7w3-x93f-qmm8)
- `ai` → `^5.0.52` (GHSA-rwvc-j5jr-mgvh); legacy 3.x dep removed from
`packages/deprecated/legacy` and replaced with a small in-tree
`OpenAIStream` + `StreamingTextResponse` shim
- Provider SDKs aligned to v5 peer: `@ai-sdk/openai`, `anthropic`,
`groq`, `mistral`, `perplexity`, `deepseek`, `togetherai`, `openRouter`,
`dify-ai-provider`

### AI SDK v4 → v5 migration

- `parseTools`: `parameters` renamed to `inputSchema`
- `runChatCompletion` / `runChatCompletionStream`: `maxSteps` replaced
by `stopWhen(stepCountIs(maxSteps))`;
`usage.{prompt,completion,total}Tokens` replaced by
`totalUsage.{input,output,total}Tokens`
- New `toLegacyDataStream` helper that re-emits the v4 data-stream
protocol (`0:text`, `3:error`, `9:tool_call`, …) so existing consumers
in `embeds/js` and the OpenAI `askAssistant` / `askModel` handlers keep
working
- `compatibility: "strict"` removed from `createOpenAI` (option dropped
in v5)
- `formatDataStreamPart` / `processDataStream` imports moved to
`@ai-sdk/ui-utils` (legacy package pinned at 1.2.11)

### E2E test follow-up

Second commit fixes Playwright tests that broke once the env-resolved
URLs / new SDK surface kicked in:
- `fileUpload`: assert exported URL contains `parseS3PublicBaseUrl()`
(not `S3_ENDPOINT`) so it works with `S3_PUBLIC_CUSTOM_DOMAIN`; verify
post-deletion via cache-busted `request.get` instead of a CDN-cached new
tab.
- `ssrf`: assert on the actual "Security validation failed" log emitted
by the pre-flight check; fixture now maps `response.statusCode` into a
`Status` variable so `Status: …` assertions resolve.
- Root `dev` script includes `@typebot.io/partykit` so the webhook
listener e2e test can hit PartyKit on `:1999`.

Also fixes a pre-existing broken anchor link in `whatsapp-ai-agent.mdx`
that blocked the landing-page link checker.

## Test plan

- [ ] `bunx nx test` passes
- [ ] `bunx nx typecheck` passes
- [ ] `bunx nx affected -t
format-and-lint,lint-repo,check-broken-links,test --parallel=4` passes
(pre-commit)
- [ ] `bun run dev` boots builder, viewer, workflows **and** PartyKit
- [ ] Viewer Playwright suite: `fileUpload.spec.ts`, `ssrf.spec.ts`,
`webhookListener.spec.ts` all green
- [ ] Manual smoke: OpenAI `askAssistant` block streams correctly in the
embed (v4 data-stream protocol preserved)
- [ ] Manual smoke: Anthropic / Mistral / Groq blocks still execute
end-to-end
- [ ] Manual smoke: send a test email through a workspace SMTP block
(nodemailer v8)

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-19 16:30:36 +02:00

181 lines
5.4 KiB
JSON
Raw Permalink Blame History

{
"name": "builder",
"private": true,
"engines": {
"node": "24.x"
},
"nx": {
"targets": {
"dev": {
"dependsOn": [
{
"projects": [
"@typebot.io/react"
],
"target": "build"
}
]
},
"typecheck": {
"executor": "nx:run-commands",
"inputs": [
"default",
"^default"
],
"dependsOn": [
"^typecheck"
],
"options": {
"cwd": "apps/builder",
"command": "tsc --noEmit"
}
},
"test": {
"executor": "nx:run-commands",
"inputs": [
"default",
"^default"
],
"options": {
"cwd": "apps/builder",
"command": "bun test"
}
}
}
},
"dependencies": {
"@auth/core": "^0.39.1",
"@braintree/sanitize-url": "^7.0.1",
"@dnd-kit/helpers": "^0.1.21",
"@dnd-kit/react": "^0.1.21",
"@effect/opentelemetry": "4.0.0-beta.38",
"@giphy/js-fetch-api": "^5.7.0",
"@giphy/react-components": "^10.1.0",
"@opentelemetry/exporter-trace-otlp-http": "^0.217.0",
"@opentelemetry/sdk-node": "^0.217.0",
"@opentelemetry/sdk-trace-base": "^2.5.0",
"@orpc/client": "^1.13.9",
"@orpc/openapi": "^1.13.9",
"@orpc/otel": "^1.13.9",
"@orpc/server": "^1.13.9",
"@orpc/tanstack-query": "^1.13.9",
"@orpc/zod": "^1.13.9",
"@paralleldrive/cuid2": "^2.2.1",
"@sentry/nextjs": "^10.43.0",
"@tanstack/react-query": "^5.80.6",
"@tanstack/react-table": "^8.9.3",
"@tolgee/format-icu": "^6.2.7",
"@tolgee/react": "^6.2.7",
"@typebot.io/auth": "workspace:*",
"@typebot.io/blocks-bubbles": "workspace:*",
"@typebot.io/blocks-core": "workspace:*",
"@typebot.io/blocks-inputs": "workspace:*",
"@typebot.io/blocks-integrations": "workspace:*",
"@typebot.io/blocks-logic": "workspace:*",
"@typebot.io/bot-engine": "workspace:*",
"@typebot.io/chat-api": "workspace:*",
"@typebot.io/chat-session": "workspace:*",
"@typebot.io/conditions": "workspace:*",
"@typebot.io/config": "workspace:*",
"@typebot.io/credentials": "workspace:*",
"@typebot.io/emails": "workspace:*",
"@typebot.io/env": "workspace:*",
"@typebot.io/events": "workspace:*",
"@typebot.io/feature-flags": "workspace:*",
"@typebot.io/groups": "workspace:*",
"@typebot.io/logs": "workspace:*",
"@typebot.io/react": "workspace:*",
"@typebot.io/runtime-session-store": "workspace:*",
"@typebot.io/settings": "workspace:*",
"@typebot.io/spaces": "workspace:*",
"@typebot.io/shared-core": "workspace:*",
"@typebot.io/telemetry": "workspace:*",
"@typebot.io/templates": "workspace:*",
"@typebot.io/theme": "workspace:*",
"@typebot.io/typebot": "workspace:*",
"@typebot.io/ui": "workspace:*",
"@typebot.io/user": "workspace:*",
"@typebot.io/whatsapp": "workspace:*",
"@typebot.io/workspaces": "workspace:*",
"@uiw/codemirror-extensions-langs": "^4.25.8",
"@uiw/codemirror-theme-github": "^4.25.8",
"@uiw/codemirror-theme-tokyo-night": "^4.25.8",
"@uiw/react-codemirror": "^4.25.8",
"@upstash/ratelimit": "^0.4.3",
"@use-gesture/react": "^10.3.1",
"@vercel/otel": "^2.1.1",
"ai": "^5.0.52",
"canvas-confetti": "^1.6.0",
"codemirror": "^6.0.2",
"date-fns": "^2.30.0",
"date-fns-tz": "^2.0.0",
"deep-object-diff": "^1.1.9",
"dequal": "^2.0.3",
"effect": "4.0.0-beta.38",
"google-auth-library": "^10.1.0",
"immer": "^10.0.2",
"ioredis": "^5.4.1",
"jsonwebtoken": "^9.0.1",
"ky": "^1.2.4",
"mailchecker": "^6.0.16",
"micro-cors": "^0.1.1",
"motion": "^12.23.25",
"nanoid": "^5.1.5",
"next": "^16.1.6",
"next-auth": "^5.0.0-beta.30",
"next-themes": "^0.4.6",
"nextjs-cors": "^2.1.2",
"nodemailer": "^8.0.5",
"nuqs": "^2.3.2",
"openai": "^6.9.1",
"papaparse": "^5.4.1",
"partysocket": "^1.0.2",
"pexels": "^1.4.0",
"posthog-node": "^5.8.2",
"prettier": "^2.8.8",
"qs": "^6.11.2",
"react": "^19.2.4",
"react-dom": "^19.2.4",
"react-markdown": "^9.0.1",
"shared-zustand": "^2.1.0",
"stripe": "17.1.0",
"svg-round-corners": "^0.4.1",
"svix": "^1.74.1",
"tinycolor2": "^1.6.0",
"unsplash-js": "^7.0.18",
"use-debounce": "^9.0.4",
"zod": "^4.3.5",
"zod-validation-error": "^5.0.0",
"zustand": "^5.0.8"
},
"devDependencies": {
"@tailwindcss/postcss": "^4.1.16",
"@typebot.io/billing": "workspace:*",
"@typebot.io/forge": "workspace:*",
"@typebot.io/forge-repository": "workspace:*",
"@typebot.io/lib": "workspace:*",
"@typebot.io/prisma": "workspace:*",
"@typebot.io/radar": "workspace:*",
"@typebot.io/results": "workspace:*",
"@typebot.io/schemas": "workspace:*",
"@typebot.io/variables": "workspace:*",
"@types/bun": "^1.3.9",
"@types/canvas-confetti": "^1.6.0",
"@types/jsonwebtoken": "^9.0.2",
"@types/micro-cors": "^0.1.3",
"@types/node": "^24.10.13",
"@types/papaparse": "^5.3.7",
"@types/prettier": "^2.7.3",
"@types/qs": "^6.9.7",
"@types/react": "^19.2.14",
"@types/react-dom": "^19.2.3",
"@types/tinycolor2": "^1.4.3",
"dotenv": "^16.4.5",
"dotenv-cli": "^8.0.0",
"next-runtime-env": "^1.6.2",
"superjson": "^1.12.4",
"tailwindcss": "^4.1.16",
"vite-tsconfig-paths": "^6.1.1"
}
}
Reference in New Issue View Git Blame Copy Permalink