feat: upgrade to ai sdk 5 #1559
Conversation
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
|
Don't merge yet, please, as I am still manually testing locally. I'll provide an update here if all my manual tests do fine. |
The-Best-Codes
left a comment
The-Best-Codes
left a comment
There was a problem hiding this comment.
Ready to merge. Tested locally with Google, Groq, and OpenRouter.
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the AI SDK from v4 to v5 (specifically v5.0.89) to address a security advisory (GHSA-rwvc-j5jr-mgvh) that was affecting production deployments with SOC 2 compliance requirements.
Key changes:
- Upgraded core
aipackage from v4.3.15 to v5.0.89 - Upgraded all AI SDK provider packages to v2 versions (anthropic, google, groq, mistral, openai, openrouter)
- Replaced
ollama-ai-providerwithollama-ai-provider-v2as recommended by AI SDK v5 documentation - Updated TypeScript types to match AI SDK v5 API (
LanguageModelV1→LanguageModel,Message→ModelMessage)
Reviewed Changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pnpm-lock.yaml | Updated dependency versions for AI SDK v5 and all provider packages |
| packages/cli/package.json | Upgraded AI SDK dependencies to v2 and core ai package to v5.0.89 |
| packages/compiler/package.json | Upgraded AI SDK dependencies to v2 and core ai package to v5.0.89 |
| packages/cli/src/cli/processor/index.ts | Updated import to use ollama-ai-provider-v2 |
| packages/cli/src/cli/processor/basic.ts | Updated type from LanguageModelV1 to LanguageModel |
| packages/cli/src/cli/localizer/explicit.ts | Updated import to ollama-ai-provider-v2 and type from Message to ModelMessage |
| packages/compiler/src/lib/lcp/api/index.ts | Updated import to use ollama-ai-provider-v2 |
| .changeset/pink-lemons-buy.md | Added changeset documenting the upgrade |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
| name: "I18nConfig", | ||
| markdownDescription: true, | ||
| const schema = toJSONSchema(LATEST_CONFIG_DEFINITION.schema, { | ||
| target: "openapi-3.0", |
There was a problem hiding this comment.
Note to self: Ensure this is the correct way to migrate this
There was a problem hiding this comment.
@maxprilutskiy The file this script generates does change quite a bit after the Zod 4 upgrade, but I'm not sure how much that matters... I think the docs script is used internally in some way? Can you give me any details on what the generate-config-docs.ts script does and if it's important for the output schema to stay the same?
The-Best-Codes
left a comment
The-Best-Codes
left a comment
There was a problem hiding this comment.
Still working on migrating to Zod 4, don't merge this!
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
everything still works fine) Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
| { | ||
| text: Z.string(), | ||
| targetLocale: Z.string().regex(/^[a-z]{2}(-[A-Z]{2})?$/), | ||
| text: Z.string() as any, |
There was a problem hiding this comment.
Need to manually test the MCP server
The-Best-Codes
left a comment
The-Best-Codes
left a comment
There was a problem hiding this comment.
Ready for review, I have a couple of things to manually test so don't merge unless you test everything yourself and it works fine 😄
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 22 out of 23 changed files in this pull request and generated 18 comments.
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@The-Best-Codes have a look - a couple of interesting comments, and some prefault vs default issues that look a bit odd to me (is "prefault" a thing? what does it do?) |
|
@maxprilutskiy Copilot mostly doesn't have a clue what it's talking about. Zod v4 change the |
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
Signed-off-by: The-Best-Codes <[email protected]>
|
hi @The-Best-Codes please resolve the merge conflicts. Thanks! |
Signed-off-by: The-Best-Codes <[email protected]>
|
Just need maintainer feedback on this: Also need to test the MCP server manually. Otherwise, this is read to merge. |
3 participants
Closes #1556
This upgrades the project to use the latest version of the AI SDK (v5.0.89). It also upgrades provider packages to versions compatible with AI SDK 5.
Note: The
ollama-ai-providerpackage doesn't support AI SDK 5, so I swapped it out for theollama-ai-provider-v2package, which is recommended in AI SDK's docs.The point of these upgrades is to address a security advisory which, though minor, was affecting some users' ability to ship Lingo.dev in production as it failed SOC 2 checks.