mirror of
https://github.com/baptisteArno/typebot.io.git
synced 2026-06-05 21:04:43 +08:00
6f289f647f
## Summary
Fixes 18 open Dependabot alerts and migrates affected code to the new
major versions:
- `@opentelemetry/sdk-node` → `^0.217.0` (Prometheus exporter DoS,
GHSA-q7rr-3cgh-j5r3)
- `nodemailer` → `^8.0.5` across all manifests + root override
(GHSA-vvjj-xcjg-gr5g, GHSA-c7w3-x93f-qmm8)
- `ai` → `^5.0.52` (GHSA-rwvc-j5jr-mgvh); legacy 3.x dep removed from
`packages/deprecated/legacy` and replaced with a small in-tree
`OpenAIStream` + `StreamingTextResponse` shim
- Provider SDKs aligned to v5 peer: `@ai-sdk/openai`, `anthropic`,
`groq`, `mistral`, `perplexity`, `deepseek`, `togetherai`, `openRouter`,
`dify-ai-provider`
### AI SDK v4 → v5 migration
- `parseTools`: `parameters` renamed to `inputSchema`
- `runChatCompletion` / `runChatCompletionStream`: `maxSteps` replaced
by `stopWhen(stepCountIs(maxSteps))`;
`usage.{prompt,completion,total}Tokens` replaced by
`totalUsage.{input,output,total}Tokens`
- New `toLegacyDataStream` helper that re-emits the v4 data-stream
protocol (`0:text`, `3:error`, `9:tool_call`, …) so existing consumers
in `embeds/js` and the OpenAI `askAssistant` / `askModel` handlers keep
working
- `compatibility: "strict"` removed from `createOpenAI` (option dropped
in v5)
- `formatDataStreamPart` / `processDataStream` imports moved to
`@ai-sdk/ui-utils` (legacy package pinned at 1.2.11)
### E2E test follow-up
Second commit fixes Playwright tests that broke once the env-resolved
URLs / new SDK surface kicked in:
- `fileUpload`: assert exported URL contains `parseS3PublicBaseUrl()`
(not `S3_ENDPOINT`) so it works with `S3_PUBLIC_CUSTOM_DOMAIN`; verify
post-deletion via cache-busted `request.get` instead of a CDN-cached new
tab.
- `ssrf`: assert on the actual "Security validation failed" log emitted
by the pre-flight check; fixture now maps `response.statusCode` into a
`Status` variable so `Status: …` assertions resolve.
- Root `dev` script includes `@typebot.io/partykit` so the webhook
listener e2e test can hit PartyKit on `:1999`.
Also fixes a pre-existing broken anchor link in `whatsapp-ai-agent.mdx`
that blocked the landing-page link checker.
## Test plan
- [ ] `bunx nx test` passes
- [ ] `bunx nx typecheck` passes
- [ ] `bunx nx affected -t
format-and-lint,lint-repo,check-broken-links,test --parallel=4` passes
(pre-commit)
- [ ] `bun run dev` boots builder, viewer, workflows **and** PartyKit
- [ ] Viewer Playwright suite: `fileUpload.spec.ts`, `ssrf.spec.ts`,
`webhookListener.spec.ts` all green
- [ ] Manual smoke: OpenAI `askAssistant` block streams correctly in the
embed (v4 data-stream protocol preserved)
- [ ] Manual smoke: Anthropic / Mistral / Groq blocks still execute
end-to-end
- [ ] Manual smoke: send a test email through a workspace SMTP block
(nodemailer v8)
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
71 lines
2.2 KiB
JSON
71 lines
2.2 KiB
JSON
{
|
|
"name": "@typebot.io/bot-engine",
|
|
"version": "0.0.1",
|
|
"type": "module",
|
|
"private": true,
|
|
"exports": {
|
|
"./*": {
|
|
"types": "./src/*.ts",
|
|
"import": "./src/*.ts",
|
|
"default": "./src/*.ts"
|
|
},
|
|
"./package.json": "./package.json"
|
|
},
|
|
"scripts": {
|
|
"test": "bun test .test.ts"
|
|
},
|
|
"dependencies": {
|
|
"@orpc/server": "^1.13.9",
|
|
"@paralleldrive/cuid2": "^2.2.1",
|
|
"@planetscale/database": "^1.8.0",
|
|
"@sentry/nextjs": "^10.43.0",
|
|
"@typebot.io/blocks-bubbles": "workspace:*",
|
|
"@typebot.io/blocks-core": "workspace:*",
|
|
"@typebot.io/blocks-inputs": "workspace:*",
|
|
"@typebot.io/blocks-integrations": "workspace:*",
|
|
"@typebot.io/blocks-logic": "workspace:*",
|
|
"@typebot.io/chat-api": "workspace:*",
|
|
"@typebot.io/chat-session": "workspace:*",
|
|
"@typebot.io/conditions": "workspace:*",
|
|
"@typebot.io/config": "workspace:*",
|
|
"@typebot.io/credentials": "workspace:*",
|
|
"@typebot.io/emails": "workspace:*",
|
|
"@typebot.io/env": "workspace:*",
|
|
"@typebot.io/events": "workspace:*",
|
|
"@typebot.io/groups": "workspace:*",
|
|
"@typebot.io/legacy": "workspace:*",
|
|
"@typebot.io/lib": "workspace:*",
|
|
"@typebot.io/logs": "workspace:*",
|
|
"@typebot.io/prisma": "workspace:*",
|
|
"@typebot.io/results": "workspace:*",
|
|
"@typebot.io/rich-text": "workspace:*",
|
|
"@typebot.io/runtime-session-store": "workspace:*",
|
|
"@typebot.io/schemas": "workspace:*",
|
|
"@typebot.io/settings": "workspace:*",
|
|
"@typebot.io/theme": "workspace:*",
|
|
"@typebot.io/typebot": "workspace:*",
|
|
"@typebot.io/variables": "workspace:*",
|
|
"chrono-node": "2.7.6",
|
|
"date-fns": "^2.30.0",
|
|
"date-fns-tz": "^2.0.0",
|
|
"google-spreadsheet": "^4.1.4",
|
|
"ky": "^1.2.4",
|
|
"libphonenumber-js": "1.10.37",
|
|
"node-html-parser": "6.1.5",
|
|
"nodemailer": "^8.0.5",
|
|
"openai": "^6.9.1",
|
|
"qs": "^6.11.2",
|
|
"stripe": "17.1.0",
|
|
"undici": "7.24.4",
|
|
"zod": "^4.3.5"
|
|
},
|
|
"devDependencies": {
|
|
"@typebot.io/forge": "workspace:*",
|
|
"@typebot.io/forge-repository": "workspace:*",
|
|
"@types/qs": "^6.9.7",
|
|
"@types/nodemailer": "^8.0.0",
|
|
"@types/bun": "^1.3.9",
|
|
"dotenv-cli": "^8.0.0"
|
|
}
|
|
}
|