Skip to content

chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.75#534

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ai-sdk/google-3.0.64
Open

chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.75#534
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ai-sdk/google-3.0.64

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Bumps @ai-sdk/google from 1.2.22 to 3.0.75.

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​2.0.74

Patch Changes

  • 00a1e93: feat(provider/google): add gemini-3.5-flash
Changelog

Sourced from @​ai-sdk/google's changelog.

3.0.75

Patch Changes

  • ab15576: feat(google): update Interactions API implementation to cater for upstream breaking changes coming May 26

3.0.74

Patch Changes

  • 3ca0daa: fix(provider/google): support functionCall.id when returned by Gemini API and provide matching functionResponse.id

3.0.73

Patch Changes

  • bb1eb98: feat(google): add fileData support to embedding model

3.0.72

Patch Changes

  • b3642fe: feat(provider/google): support cancelling long-running Interactions API agents via AbortSignal, and process their intermittent stream

3.0.71

Patch Changes

  • 59530cf: fix(google): emit Vertex no-args streaming tool calls and preserve thoughtSignature

    Vertex emits a no-args function call as a single chunk shaped { functionCall: { name: 'X' } } with no args, no partialArgs, and no willContinue. The streaming parser had no branch for this shape, so the call was dropped along with any thoughtSignature it carried. For Gemini 3 thinking models this caused the next multi-turn step to 400 with missing thought_signature. The unary (doGenerate) path had the same drop.

    Both paths now emit the call as a complete tool call with '{}' input and propagate thoughtSignature provider metadata.

    Fixes #14847.

3.0.70

Patch Changes

  • 4f3f564: fix(provider/google): fix lack of image consistency when using Interactions API in stateless mode

3.0.69

Patch Changes

  • bb377ba: fix(google): omit passing includeServerSideToolInvocations for Vertex tool_config
  • Updated dependencies [f591416]
    • @​ai-sdk/provider-utils@​4.0.27

... (truncated)

Commits
  • f8d3003 Version Packages (#15356)
  • ab15576 Backport: feat(google): update Interactions API implementation to cater for u...
  • 2e7664b Version Packages (#15315)
  • 3ca0daa Backport: fix(provider/google): support functionCall.id when returned by Ge...
  • e2f1bca Version Packages (#15216)
  • bb1eb98 Backport: feat(google): add fileData support to embedding model (#15204)
  • d5bbdbc Version Packages (#15174)
  • b3642fe Backport: feat(provider/google): support cancelling long-running Interactions...
  • e70aab9 Version Packages (#15138)
  • 59530cf Backport: fix(google): emit no-args streaming tool calls and preserve thought...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ai-sdk/google since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026
@dependabot dependabot Bot mentioned this pull request Apr 20, 2026
Closed
@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.64 build(deps): bump @ai-sdk/google from 1.2.22 to 3.0.64 Apr 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from e2ce161 to 1a307eb Compare April 22, 2026 21:27
@dependabot dependabot Bot changed the title build(deps): bump @ai-sdk/google from 1.2.22 to 3.0.64 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.64 Apr 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 1a307eb to efe6900 Compare April 22, 2026 22:36
minsky-reviewer[bot]
minsky-reviewer Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

Findings

  • [BLOCKING] package.json:86 – Major version bump without corresponding code changes or migration

    • The dependency @ai-sdk/google is bumped from ^1.0.2 to ^3.0.64. This crosses at least one major version (1 → 3), which typically includes breaking API changes in the Vercel AI SDK providers. There are no accompanying code changes in the repo to adapt to potential API surface changes (imports, configuration options, model identifiers, tool-calling behavior, etc.). This creates a high risk of compile-time/type errors or runtime failures after install.
    • Evidence: Diff shows only the single-line change in package.json; no source changes or test updates included.

  • [BLOCKING] package.json:83-90 – Likely peer-dependency/compatibility mismatch across @ai-sdk/* packages

    • @ai-sdk/openai and @ai-sdk/anthropic remain at ^1.0.2 while @ai-sdk/google is moved to ^3.0.64. The provider packages in the vercel/ai monorepo tend to move in lockstep across major versions and may declare peerDependencies or share common types/APIs. Mixing v1.x providers with a v3.x provider is very likely to produce peer-dependency warnings/errors or incompatible API shapes at runtime/compile-time.
    • Evidence: package.json shows @ai-sdk/openai: ^1.0.2, @ai-sdk/anthropic: ^1.0.2, and @ai-sdk/google: ^3.0.64.

  • [BLOCKING] Lockfile not updated – Missing changes to package-lock.json / yarn.lock / pnpm-lock.yaml

    • For a dependency jump across major versions, the lockfile should also be updated to ensure reproducible installs. The diff shows no changes to any lockfile. This can lead to local/CI environments installing different versions than intended, masking or introducing failures.
    • Evidence: Diff includes only package.json; no lockfile updates are present.

  • [NON-BLOCKING] PR description and release notes snippet are inconsistent with the actual change

    • The description says “Bumps @ai-sdk/google from 1.2.22 to 3.0.64,” while package.json shows ^1.0.2 → ^3.0.64. The included release notes snippet references “2.0.70 patch changes,” which does not explain breaking changes from 1.x → 3.x. This makes it unclear what breaking changes were reviewed and whether a migration plan exists.
    • Evidence: PR description vs. package.json diff.

  • [NON-BLOCKING] Engines/runtime compatibility not assessed

    • Major version updates can change Node.js engine requirements or transitive dependencies requiring newer runtimes. No evidence is provided that our project’s engines field and deployment environment are compatible.
    • Evidence: No engines or CI/runtime notes in this PR; only dependency bump.

Spec verification

  • No task spec provided. All criteria N/A.

Documentation impact

  • Yes. A major provider upgrade likely changes:
    • Initialization/configuration examples for the Google provider
    • Model identifiers and defaults
    • Tool/function-calling configuration semantics
    • Any internal integration docs that mention @ai-sdk/google usage, env vars, or behavior
  • Recommend adding an entry to CHANGELOG and updating any README/architecture notes covering AI provider usage to reflect the v3 API and any migration steps taken.

Event: REQUEST_CHANGES

Requested actions before merge:

  1. Audit vercel/ai changelogs/migration guides for @ai-sdk/google from 1.x → 2.x → 3.x and update our code accordingly (imports, config, model names, tool-calling, streaming APIs, etc.).
  2. Verify and align versions of other @ai-sdk/* packages (e.g., @ai-sdk/openai, @ai-sdk/anthropic) to compatible majors if required by peerDependencies or shared APIs.
  3. Update the lockfile (package-lock.json / yarn.lock / pnpm-lock.yaml) and ensure CI passes.
  4. Expand the PR description with the relevant breaking changes and confirm test coverage for impacted paths.
  5. If runtime/engine requirements changed, document and enforce them (engines in package.json, CI images, deployment config).

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from efe6900 to b4aac0c Compare April 27, 2026 23:15
minsky-reviewer[bot]
minsky-reviewer Bot reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

reviewer-service error: chain-of-thought leakage detected

The upstream model emitted raw internal reasoning into the review body. The reviewer service sanitised the output but could not locate a valid Findings section to preserve, so the leaked content was discarded. The PR will receive a fresh review on the next commit. See docs/architecture/critic-constitution-reliability.md for details.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from b4aac0c to 4919ddc Compare April 28, 2026 07:46
minsky-reviewer[bot]
minsky-reviewer Bot reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

Findings

  • [BLOCKING] package.json:87 (RIGHT) — Major version bump of @ai-sdk/google (1.x → 3.x) without corresponding code or tests to adapt to potential breaking changes

    • This PR updates "@ai-sdk/google" from ^1.0.2 to ^3.0.64 but includes no source or test updates. Crossing major versions for Vercel AI SDK provider packages often introduces breaking API changes (e.g., changed option shapes, function calling modes like VALIDATED vs AUTO, updated model IDs, return types). Without adaptation and validation (typecheck/tests), this creates high risk of compile-time failures or runtime behavior changes post-install.
    • Suggested action: Include necessary migration changes and demonstrate compatibility by running typecheck and tests, or hold/off pin until migrations are ready.

  • [BLOCKING] package.json:85 (RIGHT) — Potential version skew across @ai-sdk/* ecosystem packages (google at 3.x while anthropic/openai remain 1.x)

    • "@ai-sdk/google" is bumped to ^3.0.64 while "@ai-sdk/anthropic" and "@ai-sdk/openai" remain at ^1.0.2. The AI SDK providers typically coordinate breaking changes by major version. Mixing majors can lead to peer dependency/compatibility issues or subtle runtime edge cases once resolved by the "ai" meta package (here "ai": ^4.1.5).
    • Suggested action: Verify the peerDependencies and compatibility matrix for @ai-sdk/google@3.x against the versions of ai, @ai-sdk/anthropic, and @ai-sdk/openai in use. If mismatched, either bump the other providers to compatible majors or keep @ai-sdk/google on a compatible major.

Spec verification

  • No task spec provided. All criteria: N/A

Documentation impact

  • If proceeding with @ai-sdk/google v3, update any internal docs or examples that reference Google model configuration or tool-calling behavior to reflect v3 changes (e.g., function calling/strict tools behavior, model IDs, config options).
  • Consider adding a brief migration note in CHANGELOG or README if user-facing commands or examples change.

Conclusion: REQUEST_CHANGES

Summary: This PR makes a major dependency upgrade without corresponding code or test updates. Given the likelihood of breaking changes in @ai-sdk/google v3 and the introduced cross-version skew with other @ai-sdk providers, this poses a correctness/regression risk. Please either include necessary migrations and validation or align the provider versions to a known-compatible set before merging.

@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.64 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.67 May 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 4919ddc to ad6e6d9 Compare May 2, 2026 05:38
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 2, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

This PR upgrades @ai-sdk/google from 1.x to 3.x with no corresponding migration or validation, which risks breaking API and runtime behavior. It also introduces version skew with other @ai-sdk providers still at 1.x, likely causing compatibility issues. Additionally, the lockfile update appears missing, risking inconsistent installs. Please include necessary migration code/tests or align provider versions, update bun.lock, and correct the PR description to reflect the actual bump and any breaking changes before merging.

Findings

  • [BLOCKING] package.json:88 — Major version bump of @ai-sdk/google (1.x → 3.x) without corresponding migration/code/test updates risks breaking API changes
    This PR updates "@ai-sdk/google" from ^1.0.2 to ^3.0.67 at package.json:88, but includes no accompanying source or test updates to adapt to potential breaking changes introduced across v2/v3 of the Vercel AI SDK Google provider (e.g., changed option shapes, model identifiers, tool/function-calling semantics, return types). Crossing multiple major versions without validating or adjusting call sites can cause compile-time/type errors or runtime failures after install. Please include the necessary migration changes and validate via typecheck/tests, or defer the upgrade until a coordinated migration PR is prepared.
  • [BLOCKING] package.json:86 — Version skew across @ai-sdk/* packages (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    In dependencies (package.json:84-102), "@ai-sdk/google" is bumped to ^3.0.67 while "@ai-sdk/anthropic" and "@ai-sdk/openai" remain at ^1.0.2. The provider packages in vercel/ai typically coordinate breaking changes by major version or rely on shared provider-utils/provider packages. Mixing majors can cause peer-dependency conflicts, incompatible types, or subtle runtime behavior. Action: Verify the compatibility matrix/peerDependencies for @ai-sdk/google@3.x with our versions of "ai" (^4.1.5), @ai-sdk/anthropic, and @ai-sdk/openai. If required, align the other providers to compatible majors or keep google on a compatible major.
  • [NON-BLOCKING] package.json:1 — Lockfile update likely missing for a major dependency bump
    This PR changes package.json to bump @ai-sdk/google to ^3.0.67 but does not appear to include a corresponding lockfile update (bun.lock) in the diff. Without updating and committing the lockfile, local/CI environments may resolve inconsistent versions, masking or introducing failures. Action: run your package manager (bun install) and commit bun.lock changes. [NEEDS VERIFICATION: reviewer cannot view the full diff here to confirm whether bun.lock changed; please ensure it is updated.]

Inline comments

  • package.json:1 — Nit: The PR description states 1.2.22 → 3.0.67, but package.json shows ^1.0.2 → ^3.0.67. Consider correcting the description to reflect the actual bump range and summarise any notable breaking changes encountered during review/testing.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json is changed (package.json: dependencies @ai-sdk/google ^1.0.2 → ^3.0.67). No source or test files were modified under src/ or tests/ to adapt to potential API changes.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json: "@ai-sdk/google": ^3.0.67 vs "@ai-sdk/anthropic": ^1.0.2 and "@ai-sdk/openai": ^1.0.2. Mixed majors across @ai-sdk/*.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met Repository root contains bun.lock (list_directory: repo root). The diff appears to only modify package.json; no lockfile update is included in this PR.

@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.67 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.68 May 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from ad6e6d9 to 81086f5 Compare May 7, 2026 16:17
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

This PR upgrades @ai-sdk/google across major versions (1.x → 3.x) without any accompanying code or test migrations, and introduces version skew with other @ai-sdk providers that remain on 1.x. Additionally, the lockfile was not updated: bun.lock still resolves @ai-sdk/google to 1.x, which breaks reproducible installs and can mask failures. These are correctness and reliability risks, not just cosmetic. Please (1) include necessary migration changes and validate via typecheck/tests, (2) align related @ai-sdk/* package majors or confirm compatibility, and (3) regenerate and commit bun.lock. The PR description should also reflect the true bump range and note any breaking changes addressed.

Findings

  • [BLOCKING] package.json:1 — Major version bump of @ai-sdk/google (1.x → 3.x) with no accompanying migration/code/test updates risks breaking changes
    This PR updates @ai-sdk/google from ^1.0.2 to ^3.0.68 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, tool/function-calling behavior, return types). Crossing multiple majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence: package.json shows "@ai-sdk/google": "^3.0.68" under dependencies while no files under src/ or tests/ were changed in this PR. Please include necessary migration changes and validate via bun run typecheck and tests, or postpone the upgrade until a coordinated migration is prepared.

  • [BLOCKING] package.json:1 — Version skew across @ai-sdk/* packages (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    @ai-sdk/google is bumped to ^3.0.68 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. Provider packages in the Vercel AI SDK often coordinate breaking changes by major version or rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (^4.1.5).

Evidence: package.json dependencies section shows @ai-sdk/google: ^3.0.68, @ai-sdk/anthropic: ^1.0.2, @ai-sdk/openai: ^1.0.2. Action: verify the compatibility matrix/peerDependencies for @ai-sdk/google@3.x with ai@^4.1.5 and align other providers to compatible majors, or keep @ai-sdk/google on a compatible major.

  • [BLOCKING] bun.lock:1 — Lockfile not updated: bun.lock still resolves @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json updates "@ai-sdk/google" to ^3.0.68, but bun.lock still lists "@ai-sdk/google": "^1.0.2" in the workspace dependencies and resolves the package to @ai-sdk/google@1.2.19 under packages. This mismatch breaks reproducible installs and can mask or introduce failures between local/CI environments.

Evidence:

  • package.json: "@ai-sdk/google": "^3.0.68".
  • bun.lock (root workspaces."".dependencies): "@ai-sdk/google": "^1.0.2".
  • bun.lock (resolved): "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …].

Action: Run bun install to regenerate bun.lock and commit it, ensuring it resolves @ai-sdk/google@3.0.68 and any transitive updates.

Inline comments

  • package.json:1 — PR description says “1.2.22 → 3.0.68,” but the repo previously had ^1.0.2. Please reconcile the description with the actual bump range and call out any breaking changes encountered during validation/migration.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was changed to bump @ai-sdk/google to ^3.0.68; no src/ or tests/ updates are present. See package.json:dependencies and absence of other file diffs.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json shows @ai-sdk/google: ^3.0.68 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. Mixed majors across @ai-sdk/* packages.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still declares @ai-sdk/google: ^1.0.2 and resolves to @ai-sdk/google@1.x (1.2.19). It has not been regenerated to reflect ^3.0.68 from package.json.

@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.68 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.70 May 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 81086f5 to 8be3a98 Compare May 8, 2026 18:50
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

Prior blocking issues remain unresolved. The PR bumps @ai-sdk/google from 1.x to 3.x but includes no migration or test/code updates to address potential breaking changes, and it introduces version skew with other @ai-sdk/* providers that remain on 1.x. Additionally, the bun.lock file still pins @ai-sdk/google to 1.x, indicating the lockfile was not regenerated, risking non-reproducible installs. Please align provider versions or include necessary migrations, update the lockfile via bun install, and verify via typecheck/tests before merging.

Findings

  • [BLOCKING] bun.lock:7 — Lockfile not updated: bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json updates "@ai-sdk/google" to ^3.0.70, but bun.lock still lists "@ai-sdk/google": "^1.0.2" under the root workspace dependencies and resolves the package to @ai-sdk/google@1.2.19 in the packages map. This mismatch breaks reproducible installs and can mask or introduce CI/local differences.

Evidence:

  • package.json dependencies: "@ai-sdk/google": "^3.0.70".
  • bun.lock root workspace deps show "@ai-sdk/google": "^1.0.2" near the top of the file, and further down the packages section lists "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …].

Action: Run bun install to regenerate bun.lock and commit it, ensuring it resolves @ai-sdk/google@^3.x and updates any transitive dependencies accordingly.

  • [BLOCKING] package.json:85 — Major version bump of @ai-sdk/google (1.x → 3.x) with no accompanying migration/code/test updates risks breaking changes
    This PR upgrades @ai-sdk/google from ^1.0.2 to ^3.0.70 but includes no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., changed option shapes, model identifiers, tool/function-calling behavior, return types). Crossing majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence: Only package.json changes the dependency; no files under src/ or tests/ were modified. This repeats the risk identified in prior iterations, and the latest commit still lacks migration commits.

Action: Either (a) include necessary migration changes and validate via bun run typecheck and tests, or (b) keep @ai-sdk/google on a compatible major until a coordinated migration PR is ready.

  • [BLOCKING] package.json:85 — Version skew across @ai-sdk/* providers (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    @ai-sdk/google is bumped to ^3.0.70 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The AI SDK provider packages often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (^4.1.5).

Evidence: package.json dependencies show "@ai-sdk/google": "^3.0.70", "@ai-sdk/anthropic": "^1.0.2", "@ai-sdk/openai": "^1.0.2". Prior rounds flagged this; current diff retains the skew without alignment.

Action: Verify compatibility/peerDeps for @ai-sdk/google@3.x with our ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Inline comments

  • package.json:1 — PR description says “1.2.22 → 3.0.70,” but the repo previously pinned ^1.0.2. Please reconcile the description to reflect the actual bump range and summarize any breaking changes or verification you performed.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was modified to bump @ai-sdk/google to ^3.0.70; no files under src/ or tests/ were changed. See package.json:dependencies and absence of any other diffs.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json shows mixed majors: @ai-sdk/google: ^3.0.70 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2. See package.json:dependencies.

@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.70 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.71 May 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 8be3a98 to 6792814 Compare May 9, 2026 00:26
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

Prior blocking issues persist. The PR bumps @ai-sdk/google to ^3.0.71 but the lockfile still pins 1.x, breaking reproducible installs. No accompanying code/tests are included to handle potential breaking changes across v2/v3, and version skew remains with @ai-sdk/anthropic and @ai-sdk/openai at 1.x. Please regenerate bun.lock to resolve 3.x, align provider majors or verify cross-version compatibility, and include any necessary migration changes validated by typecheck/tests before merging.

Findings

  • [BLOCKING] bun.lock:7 — Lockfile not updated: bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json upgrades "@ai-sdk/google" to ^3.0.71, but bun.lock still lists "@ai-sdk/google": "^1.0.2" under the root workspace dependencies and resolves the package to @ai-sdk/google@1.2.19 in the packages map.

Evidence:

  • package.json: dependencies include "@ai-sdk/google": "^3.0.71".
  • bun.lock:1-40 (near the top): workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2".
  • bun.lock packages section: "@ai-sdk/google": ["@ai-sdk/google@1.2.19", … ].

This mismatch breaks reproducible installs and can cause CI/local environments to use different versions, masking or introducing failures. Action: run bun install to regenerate bun.lock and commit it so it resolves @ai-sdk/google@^3.x and updates any transitive deps accordingly.

  • [BLOCKING] package.json:90 — Major version bump of @ai-sdk/google (1.x → 3.x) with no accompanying migration/code/test updates risks breaking changes
    This PR updates @ai-sdk/google from ^1.0.2 to ^3.0.71 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, tool/function-calling behavior, return types). Crossing multiple majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json: "@ai-sdk/google": "^3.0.71".
  • Repo diff contains no changes to src/ or tests; and bun.lock still resolves 1.x, indicating no local install/migration was performed.

Requested action: either (a) include the necessary migration changes and demonstrate compatibility via bun run typecheck and tests, or (b) defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:90 — Version skew across @ai-sdk/* providers (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    @ai-sdk/google is bumped to ^3.0.71 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The AI SDK provider packages in the vercel/ai monorepo often coordinate breaking changes by major version and share @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (here ai@^4.1.5).

Evidence: package.json deps show "@ai-sdk/google": "^3.0.71", "@ai-sdk/anthropic": "^1.0.2", "@ai-sdk/openai": "^1.0.2".

Action: verify compatibility/peerDeps for @ai-sdk/google@3.x with ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json is changed to bump @ai-sdk/google to ^3.0.71; no src/ or tests/ updates are present. bun.lock also still pins @ai-sdk/google@1.x, indicating no validated migration. See package.json:dependencies and bun.lock top workspace deps.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json shows mixed majors: @ai-sdk/google: ^3.0.71 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2. See package.json:dependencies lines 90-98.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still declares @ai-sdk/google: ^1.0.2 in the root workspace and resolves to @ai-sdk/google@1.2.19. It has not been regenerated to reflect ^3.0.71 from package.json. See bun.lock: workspaces."".dependencies and packages['@ai-sdk/google'] entries.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 6792814 to 7d3ae12 Compare May 9, 2026 01:22
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

The prior BLOCKING findings remain unresolved. package.json bumps @ai-sdk/google to ^3.0.71, but bun.lock still pins @ai-sdk/google to 1.x, breaking reproducible installs. No migration code or tests accompany the major upgrade, and version skew persists across @ai-sdk/* providers (google at 3.x; anthropic/openai at 1.x). Please regenerate bun.lock, align provider versions or verify compatibility, and include any necessary migration updates validated by typecheck/tests before merging.

Findings

  • [BLOCKING] bun.lock:7 — Lockfile not updated: bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json upgrades "@ai-sdk/google" to ^3.0.71, but the lockfile still lists "@ai-sdk/google": "^1.0.2" under the root workspace dependencies and resolves the package to @ai-sdk/google@1.2.19 in the packages map. This breaks reproducible installs and can mask or introduce CI/local differences.

Evidence:

  • package.json: dependencies include "@ai-sdk/google": "^3.0.71" (see package.json:dependencies).
  • bun.lock top-level workspace deps: "@ai-sdk/google": "^1.0.2" (near the top of the file), and further down packages["@ai-sdk/google"] = ["@ai-sdk/google@1.2.19", …].

Action: Run bun install to regenerate bun.lock and commit it so it resolves @ai-sdk/google@^3.x and updates any transitive deps accordingly.

  • [BLOCKING] package.json:98 — Major version bump of @ai-sdk/google (1.x → 3.x) without migrations/tests risks breaking changes
    This PR updates "@ai-sdk/google" from ^1.0.2 to ^3.0.71 in package.json but contains no accompanying source or test changes to adapt to potential breaking changes across the v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, function/tool-calling semantics, metadata). Crossing majors without validation can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json:98-112 shows "@ai-sdk/google": "^3.0.71".
  • No other files under src/ or tests/ are modified in this PR; bun.lock still resolves to 1.x, indicating no local install/migration was performed.

Requested action: Either include necessary migration changes validated by bun run typecheck/tests, or defer the upgrade until a coordinated migration PR is ready.

  • [BLOCKING] package.json:100 — Version skew across @ai-sdk/* providers (google at 3.x while anthropic/openai remain 1.x) risks incompatibility
    @ai-sdk/google is bumped to ^3.0.71 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The AI SDK provider packages in the vercel/ai monorepo often coordinate breaking changes by major version and share @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (^4.1.5).

Evidence: package.json dependencies show "@ai-sdk/google": "^3.0.71", "@ai-sdk/anthropic": "^1.0.2", "@ai-sdk/openai": "^1.0.2" at package.json:98-112.

Action: Verify compatibility/peerDeps for @ai-sdk/google@3.x with our ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met package.json updates "@ai-sdk/google": "^3.0.71" (package.json:98-112), but no src/ or tests/ files were changed. bun.lock still pins 1.x, indicating no local install/migration occurred (bun.lock top workspace deps and packages mapping).
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json shows mixed majors: @ai-sdk/google: ^3.0.71 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2 (package.json:98-112).
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still lists "@ai-sdk/google": "^1.0.2" under root workspace deps and resolves to @ai-sdk/google@1.2.19 in the packages map, while package.json declares ^3.0.71 (see bun.lock top section and packages["@ai-sdk/google"], and package.json:98-112).

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 7d3ae12 to 9bee6ff Compare May 11, 2026 11:13
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

The prior BLOCKING findings persist in the latest commit. package.json bumps @ai-sdk/google to ^3.0.71, but bun.lock still pins the package to 1.x, breaking reproducible installs. No migration or test updates accompany this major upgrade, and @ai-sdk/anthropic/@ai-sdk/openai remain at 1.x, creating cross-provider version skew that is likely incompatible. Please regenerate the lockfile, align provider versions or document compatibility, and include necessary code/test changes to handle v3 before merging.

Findings

  • [BLOCKING] bun.lock:7 — Lockfile not updated: bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json declares "@ai-sdk/google": "^3.0.71", but the lockfile still lists "@ai-sdk/google": "^1.0.2" under the root workspace dependencies and resolves the package to @ai-sdk/google@1.2.19 in the packages map. This breaks reproducible installs and can cause CI/local environments to use different versions than intended.

Evidence:

  • bun.lock top-level workspace deps: see the opening object for workspaces[""] .dependencies where "@ai-sdk/google": "^1.0.2" is present (near the top of the file).
  • bun.lock packages section: the "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …] entry confirms resolution to 1.x.

Action: Run bun install to regenerate bun.lock and commit it so it resolves @ai-sdk/google@^3.x and updates any transitive dependencies accordingly.

  • [BLOCKING] package.json:98 — Major version bump of @ai-sdk/google (1.x → 3.x) with no accompanying migration/code/test updates risks breaking changes
    This PR updates "@ai-sdk/google" from ^1.0.2 to ^3.0.71 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, tool/function-calling semantics, return types). Crossing multiple majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json:98-118 shows "@ai-sdk/google": "^3.0.71" under dependencies.
  • No other source or test files changed in this PR; the only modified file is package.json. The stale bun.lock still resolving 1.x further suggests no local install/migration was performed.

Requested action: Either include the necessary migration changes validated by bun run typecheck/tests, or defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:100 — Version skew across @ai-sdk/* providers (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    @ai-sdk/google is bumped to ^3.0.71 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. Provider packages in the Vercel AI SDK often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (^4.1.5).

Evidence:

  • package.json:98-118 shows "@ai-sdk/google": "^3.0.71", "@ai-sdk/anthropic": "^1.0.2", "@ai-sdk/openai": "^1.0.2".

Action: Verify compatibility/peerDeps for @ai-sdk/google@3.x with ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json is changed to bump @ai-sdk/google to ^3.0.71 (package.json:98-118). No src/ or tests/ updates are present. bun.lock still pins 1.x, indicating no validated migration.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json:98-118 shows mixed majors: @ai-sdk/google: ^3.0.71 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still declares @ai-sdk/google: ^1.0.2 under the root workspace deps and resolves to @ai-sdk/google@1.2.19 in the packages map, while package.json declares ^3.0.71 (see bun.lock top section and packages["@ai-sdk/google"]).

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 9bee6ff to 506cb21 Compare May 11, 2026 18:56
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

Prior blocking findings remain unresolved. The lockfile still pins @ai-sdk/google to 1.x despite package.json declaring ^3.0.71, leading to non-reproducible installs. Additionally, this PR performs a major upgrade of @ai-sdk/google (1.x → 3.x) without any migration or validation changes, and introduces version skew across @ai-sdk providers (google@3.x vs anthropic/openai@1.x), risking peer/type incompatibilities. Please regenerate bun.lock to reflect the new version and either include the necessary migration/compatibility updates (and validate via typecheck/tests) or align provider versions to a compatible set before merging.

Findings

  • [BLOCKING] bun.lock:7 — Lockfile not updated: bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json declares "@ai-sdk/google": "^3.0.71", but the lockfile still lists "@ai-sdk/google": "^1.0.2" under the root workspace dependencies and resolves the package to @ai-sdk/google@1.2.19 in the packages map. This mismatch breaks reproducible installs and can cause CI/local environments to use different versions than intended.

Evidence:

  • bun.lock (top section): workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2" (near the beginning of the file).
  • bun.lock (packages map): "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …].
  • package.json: dependencies include "@ai-sdk/google": "^3.0.71".

Action: Run your package manager (e.g., bun install) to regenerate bun.lock and commit it so it resolves @ai-sdk/google@^3.x and updates any transitive deps accordingly.

  • [BLOCKING] package.json:98 — Major version bump of @ai-sdk/google (1.x → 3.x) with no accompanying migration/code/test updates risks breaking changes
    This PR updates @ai-sdk/google from ^1.0.2 to ^3.0.71 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, tool/function-calling behavior, provider-utils versions). Crossing multiple majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json:98-120 shows "@ai-sdk/google": "^3.0.71" under dependencies.
  • No other files under src/ or tests/ were changed in this PR; the only modified file in the diff is package.json. The stale bun.lock still resolving 1.x indicates no local install/migration was performed.

Requested action: either (a) include the necessary migration changes validated by bun run typecheck and tests, or (b) defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:100 — Version skew across @ai-sdk/* providers (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    @ai-sdk/google is bumped to ^3.0.71 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The Vercel AI SDK provider packages often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can cause peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (^4.1.5).

Evidence: package.json dependencies show:

  • "@ai-sdk/google": "^3.0.71"
  • "@ai-sdk/anthropic": "^1.0.2"
  • "@ai-sdk/openai": "^1.0.2"

Action: Verify the compatibility/peerDependencies for @ai-sdk/google@3.x with our ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was modified to bump @ai-sdk/google to ^3.0.71 (package.json:98-120); no src/ or tests/ updates are present. bun.lock still pins @ai-sdk/google to 1.x (see bun.lock top workspace deps and packages map), indicating no validated migration.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json shows mixed majors: @ai-sdk/google: ^3.0.71 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2 (package.json:98-120).
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still lists @ai-sdk/google: ^1.0.2 under the root workspace deps and resolves to @ai-sdk/google@1.2.19 in the packages map, while package.json declares ^3.0.71 (see bun.lock header and packages["@ai-sdk/google"]).

@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.71 build(deps): bump @ai-sdk/google from 1.2.22 to 3.0.72 May 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 506cb21 to a5fb9bb Compare May 11, 2026 21:37
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

The prior blocking issues remain unresolved. package.json now bumps @ai-sdk/google to ^3.0.72, but bun.lock still pins 1.x and has not been regenerated, breaking reproducibility. Additionally, this is a major upgrade with no accompanying migration or validation changes, and the @ai-sdk/* providers are now on mixed majors (google 3.x vs anthropic/openai 1.x), which risks incompatibilities. Please regenerate the lockfile, align provider versions or verify compatibility, and include any necessary code/test updates to handle breaking changes before merging.

Findings

  • [BLOCKING] bun.lock:1 — Lockfile not updated: bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json declares "@ai-sdk/google": "^3.0.72", but the lockfile still lists "@ai-sdk/google": "^1.0.2" under the root workspace deps and resolves the package to @ai-sdk/google@1.2.19 in the packages map. This mismatch breaks reproducible installs and can cause CI/local environments to use different versions than intended.

Evidence (from bun.lock):

  • Top workspace deps: workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2" (near the start of the file).
  • Packages resolution: "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …] (see the packages section).

Action: Run your package manager (bun install) to regenerate bun.lock and commit it so it resolves @ai-sdk/google@^3.x and updates transitives accordingly.

  • [BLOCKING] package.json:107 — Major version bump of @ai-sdk/google (1.x → 3.x) with no accompanying migration/code/test updates risks breaking changes
    This PR upgrades @ai-sdk/google from ^1.0.2 to ^3.0.72 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, tool/function-calling behavior, provider-utils versions). Crossing multiple majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json:107-137 now shows "@ai-sdk/google": "^3.0.72" while other provider deps remain unchanged.
  • Repo diff shows no changes under src/ or tests in this PR; and the bun.lock still resolves 1.x, indicating no local install/migration was performed.

Requested action: either (a) include the necessary migration changes validated by bun run typecheck and tests, or (b) defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:109 — Version skew across @ai-sdk/* providers (google at 3.x while anthropic/openai remain 1.x) likely incompatible
    @ai-sdk/google is bumped to ^3.0.72 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The Vercel AI SDK provider packages often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside the ai package (^4.x).

Evidence: package.json dependencies show:

  • "@ai-sdk/google": "^3.0.72"
  • "@ai-sdk/anthropic": "^1.0.2"
  • "@ai-sdk/openai": "^1.0.2"

Action: Verify the compatibility/peerDependencies for @ai-sdk/google@3.x with our ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was modified to bump @ai-sdk/google to ^3.0.72 (package.json:107-137); no src/ or tests were changed. bun.lock still pins @ai-sdk/google to 1.x (bun.lock top workspace deps and packages map).
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json shows mixed majors: @ai-sdk/google: ^3.0.72 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2 (package.json:107-137).
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock top-level workspace deps still list "@ai-sdk/google": "^1.0.2" and the packages resolution maps to @ai-sdk/google@1.2.19, while package.json declares ^3.0.72 (bun.lock: header and packages["@ai-sdk/google"]).

@dependabot dependabot Bot changed the title build(deps): bump @ai-sdk/google from 1.2.22 to 3.0.72 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.72 May 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from a5fb9bb to 5c5b1a2 Compare May 12, 2026 19:47
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

The prior blocking issues remain unresolved. package.json now bumps @ai-sdk/google to ^3.0.72, but bun.lock still pins 1.x and resolves @ai-sdk/google@1.2.19, breaking reproducible installs. Additionally, this major upgrade (1.x → 3.x) was made without any migration or validation changes in src/ or tests, and there is version skew across @ai-sdk/* providers (google@3.x vs anthropic/openai@1.x) that may cause incompatibilities. Please regenerate the lockfile, align provider versions or document compatibility, and include any required code/test migrations validated by typecheck and CI before merging.

Findings

  • [BLOCKING] bun.lock:1 — Lockfile not updated — bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json now declares "@ai-sdk/google": "^3.0.72", but the lockfile still records the root workspace dependency as "@ai-sdk/google": "^1.0.2" and resolves the package to @ai-sdk/google@1.2.19 in the packages map.

Evidence from bun.lock:

  • Top workspace deps: workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2" (near the start of the file).
  • Packages section entry: "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …].

This mismatch breaks reproducible installs and can lead to CI/local divergence. Action: run your package manager (e.g., bun install) to regenerate bun.lock so it resolves @ai-sdk/google@^3.x, and commit the updated lockfile.

  • [BLOCKING] package.json:119 — Major version bump of @ai-sdk/google (1.x → 3.x) without coordinated migrations or validation
    This PR upgrades @ai-sdk/google from ^1.0.2 to ^3.0.72 but includes no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model IDs, tool/function calling behavior, return types, provider-utils versions). Crossing multiple majors without validating or adjusting call sites can cause type-check failures or runtime errors after install. Prior rounds flagged this; the current diff still contains no code/test updates and the lockfile still resolves 1.x, indicating no local install/migration was performed.

Evidence:

  • package.json:dependencies shows "@ai-sdk/google": "^3.0.72" with @ai-sdk/anthropic and @ai-sdk/openai unchanged.
  • No changes in src/ or tests/ directories in this PR.

Requested action: either (a) include necessary migration changes and demonstrate compatibility via bun run typecheck and tests, or (b) defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:118 — Version skew across @ai-sdk/* providers — google@3.x while anthropic/openai remain 1.x
    @ai-sdk/google is bumped to ^3.0.72 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The Vercel AI SDK provider packages often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside ai@^4.x.

Evidence (package.json:dependencies):

  • "@ai-sdk/google": "^3.0.72"
  • "@ai-sdk/anthropic": "^1.0.2"
  • "@ai-sdk/openai": "^1.0.2"

Action: verify the compatibility/peerDependencies for @ai-sdk/google@3.x with your ai version and align other providers to compatible majors, or keep all providers on a consistent, compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was modified to bump @ai-sdk/google to ^3.0.72 (package.json:dependencies). No src/ or tests/ files changed, and bun.lock still resolves @ai-sdk/google@1.x (bun.lock top workspace deps and packages map).
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json:dependencies shows mixed majors: @ai-sdk/google: ^3.0.72 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2. No alignment or compatibility notes provided.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still lists @ai-sdk/google: ^1.0.2 under root workspace deps and resolves to @ai-sdk/google@1.2.19, while package.json declares ^3.0.72 (bun.lock header and packages["@ai-sdk/google"]).

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 5c5b1a2 to 10f8996 Compare May 12, 2026 20:35
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

The prior blocking issues remain. package.json now bumps @ai-sdk/google to ^3.0.72, but bun.lock still pins the root workspace to ^1.0.2 and resolves @ai-sdk/google@1.2.19, breaking reproducible installs. No source or test migrations accompany this multi-major upgrade, and other @ai-sdk providers remain on 1.x, creating version skew that may cause incompatibilities. Please regenerate the lockfile, align provider majors or document verified compatibility, and include any necessary code/test updates to handle breaking changes before merging.

Findings

  • [BLOCKING] bun.lock:1 — Lockfile not updated — bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json declares "@ai-sdk/google": "^3.0.72", but the lockfile still records the root workspace dependency as "@ai-sdk/google": "^1.0.2" and resolves the package to @ai-sdk/google@1.2.19.

Evidence from bun.lock:

  • Top workspace deps near the start: workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2" (see bun.lock:1-30).
  • Packages section: "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …] (search for "@ai-sdk/google": ["@ai-sdk/google@1.2.19").

This mismatch breaks reproducible installs and can lead to CI/local divergence. Action: run your package manager (e.g., bun install) to regenerate bun.lock so it resolves @ai-sdk/google@^3.x, and commit the updated lockfile.

  • [BLOCKING] package.json:119 — Major version bump of @ai-sdk/google (1.x → 3.x) without coordinated migrations or validation
    This PR upgrades @ai-sdk/google from ^1.0.2 to ^3.0.72 but includes no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model IDs, tool/function calling behavior, return types, provider-utils versions). Crossing multiple majors without validating or adjusting call sites can cause type-check failures or runtime errors after install. The stale lockfile resolving 1.x also indicates no local install/migration was performed.

Evidence:

  • package.json:dependencies shows "@ai-sdk/google": "^3.0.72" while the rest of the repo remains unchanged (src/ and tests are untouched in this PR).
  • bun.lock top-level workspace deps and packages map still point to @ai-sdk/google@1.x.

Requested action: either (a) include necessary migration changes and demonstrate compatibility via bun run typecheck and tests, or (b) defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:118 — Version skew across @ai-sdk/* providers — google@3.x while anthropic/openai remain 1.x
    @ai-sdk/google is bumped to ^3.0.72 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. The Vercel AI SDK provider packages often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside ai@^4.x.

Evidence (package.json:dependencies):

  • "@ai-sdk/google": "^3.0.72"
  • "@ai-sdk/anthropic": "^1.0.2"
  • "@ai-sdk/openai": "^1.0.2"

Action: verify the compatibility/peerDependencies for @ai-sdk/google@3.x with your ai version and align other providers to compatible majors, or keep all providers on a consistent, compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was modified to bump @ai-sdk/google to ^3.0.72 (package.json:dependencies). No src/ or tests were changed. bun.lock still pins @ai-sdk/google to 1.x (bun.lock workspace deps and packages map).
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json:dependencies shows mixed majors: @ai-sdk/google: ^3.0.72 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2. No alignment or compatibility notes provided.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still lists "@ai-sdk/google": "^1.0.2" under root workspace deps and resolves to @ai-sdk/google@1.2.19, while package.json declares ^3.0.72 (bun.lock header and packages["@ai-sdk/google"]).

@dependabot dependabot Bot changed the title chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.72 chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.75 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 10f8996 to 4c79da2 Compare May 18, 2026 18:08
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: 3

Prior blocking issues persist. package.json now bumps @ai-sdk/google to ^3.0.75, but bun.lock still pins the root to ^1.0.2 and resolves @ai-sdk/google@1.2.19, breaking reproducible installs. Additionally, the major bump from 1.x→3.x is not accompanied by any migration or validation changes in source/tests, and provider versions are now skewed (google@3.x while anthropic/openai remain 1.x), risking incompatibilities. Please regenerate the lockfile, align provider majors or document compatibility, and include any required code/test updates to handle breaking changes before merging.

Findings

  • [BLOCKING] bun.lock:1 — Lockfile not updated — bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json declares "@ai-sdk/google": "^3.0.75", but the lockfile still records the root workspace dependency as "@ai-sdk/google": "^1.0.2" and resolves the package to @ai-sdk/google@1.2.19.

Evidence:

  • bun.lock top workspace deps: the opening object shows workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2" (see bun.lock:1-30).
  • bun.lock packages map: entry for "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …] confirms resolution to 1.x.
  • package.json now lists "@ai-sdk/google": "^3.0.75" under dependencies.

This mismatch breaks reproducible installs and can cause CI/local environments to pull different versions than intended. Action: run your package manager (e.g., bun install) to regenerate bun.lock so it resolves @ai-sdk/google@^3.x, and commit the updated lockfile.

  • [BLOCKING] package.json:140 — Major version bump of @ai-sdk/google (1.x → 3.x) without migrations/tests risks breaking changes
    This PR upgrades @ai-sdk/google from ^1.0.2 to ^3.0.75 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., option shapes, model identifiers, function/tool-calling semantics, provider-utils versions). Crossing multiple majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json:dependencies now shows "@ai-sdk/google": "^3.0.75" while no other repo files under src/ or tests were changed in this PR.
  • The stale bun.lock still resolving 1.x further suggests no local install/migration was performed.

Requested action: either (a) include the necessary migration changes validated by bun run typecheck and tests, or (b) defer the upgrade until a coordinated migration is ready.

  • [BLOCKING] package.json:139 — Version skew across @ai-sdk/* providers — google@3.x while anthropic/openai remain 1.x
    @ai-sdk/google is bumped to ^3.0.75 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. Provider packages in the Vercel AI SDK ecosystem often coordinate breaking changes by major version and rely on shared @ai-sdk/provider(-utils) types. Mixing provider majors can lead to peer-dependency conflicts, incompatible types, or subtle runtime differences when used alongside ai@^4.x.

Evidence (package.json:dependencies):

  • "@ai-sdk/google": "^3.0.75"
  • "@ai-sdk/anthropic": "^1.0.2"
  • "@ai-sdk/openai": "^1.0.2"

Action: verify compatibility/peerDeps for @ai-sdk/google@3.x with our ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent, compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json was modified to bump @ai-sdk/google to ^3.0.75 (package.json:dependencies). No src/ or tests were changed. bun.lock still pins @ai-sdk/google to 1.x (see bun.lock top workspace deps and packages map).
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json:dependencies shows mixed majors: @ai-sdk/google: ^3.0.75 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2. No alignment or compatibility notes provided.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still declares @ai-sdk/google: ^1.0.2 under the root workspace deps and resolves to @ai-sdk/google@1.2.19, while package.json declares ^3.0.75 (see bun.lock header and packages["@ai-sdk/google"]).

@dependabot
chore(deps): bump @ai-sdk/google from 1.2.22 to 3.0.75
9789701 
Bumps [@ai-sdk/google](https://github.com/vercel/ai/tree/HEAD/packages/google) from 1.2.22 to 3.0.75.
- [Release notes](https://github.com/vercel/ai/releases)
- [Changelog](https://github.com/vercel/ai/blob/@ai-sdk/google@3.0.75/packages/google/CHANGELOG.md)
- [Commits](https://github.com/vercel/ai/commits/@ai-sdk/google@3.0.75/packages/google)

---
updated-dependencies:
- dependency-name: "@ai-sdk/google"
  dependency-version: 3.0.64
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ai-sdk/google-3.0.64 branch from 4c79da2 to 9789701 Compare May 19, 2026 21:49
minsky-reviewer[bot]
minsky-reviewer Bot suggested changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown

@minsky-reviewer minsky-reviewer Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: 3

The prior blocking findings remain unresolved. package.json bumps @ai-sdk/google to ^3.0.75, but bun.lock still pins the root workspace to ^1.0.2 and resolves @ai-sdk/google@1.2.19, breaking reproducible installs. Additionally, this major upgrade ships without any migration or validation changes in src/tests, and the @ai-sdk/* providers are now on mixed major versions (google 3.x vs anthropic/openai 1.x), increasing incompatibility risk. Please regenerate the lockfile, align provider versions or verify cross-compatibility, and include any necessary code/test updates to handle breaking changes before merging.

Findings

  • [BLOCKING] bun.lock:1 — Lockfile not updated — bun.lock still pins @ai-sdk/google to 1.x despite package.json bump to 3.x
    package.json now declares "@ai-sdk/google": "^3.0.75", but the lockfile’s root workspace still lists "@ai-sdk/google": "^1.0.2" and resolves the package to @ai-sdk/google@1.2.19.

Evidence (from bun.lock):

  • Top workspace deps near the start: workspaces[""] .dependencies["@ai-sdk/google"] = "^1.0.2" (see bun.lock:1-30).
  • Packages map: "@ai-sdk/google": ["@ai-sdk/google@1.2.19", …] confirms 1.x resolution.

This mismatch breaks reproducible installs and can cause CI/local divergence. Action: run your package manager (e.g., bun install) to regenerate bun.lock so it resolves @ai-sdk/google@^3.x, and commit the updated lockfile.

  • [BLOCKING] package.json:137 — Major version bump of @ai-sdk/google (1.x → 3.x) without coordinated migrations/tests risks breaking changes
    This PR upgrades @ai-sdk/google from ^1.0.2 to ^3.0.75 in package.json but introduces no source or test changes to adapt to potential breaking changes across v2/v3 of the Vercel AI SDK Google provider (e.g., options/model identifiers, tool/function-calling semantics, streaming behavior, provider-utils versions). Crossing majors without validating or adjusting call sites can cause typecheck failures or runtime errors after install.

Evidence:

  • package.json:dependencies now shows "@ai-sdk/google": "^3.0.75" while no other repo files under src/ or tests changed in this PR.
  • bun.lock still resolves @ai-sdk/google@1.x, suggesting no local install/migration was performed.

Requested action: either (a) include necessary migration changes and validate via bun run typecheck/tests, or (b) defer the upgrade until a coordinated migration PR is ready.

  • [BLOCKING] package.json:136 — Version skew across @ai-sdk/* providers — google@3.x while anthropic/openai remain 1.x
    @ai-sdk/google is bumped to ^3.0.75 while @ai-sdk/anthropic and @ai-sdk/openai remain at ^1.0.2. Provider packages in the Vercel AI SDK share common @ai-sdk/provider(-utils) layers and coordinate breaking changes by major version. Mixing provider majors can lead to peer-dependency/type incompatibilities or subtle runtime differences with our ai@^4.x dependency.

Evidence (package.json:dependencies):

  • "@ai-sdk/google": "^3.0.75"
  • "@ai-sdk/anthropic": "^1.0.2"
  • "@ai-sdk/openai": "^1.0.2"

Action: verify compatibility/peerDeps for @ai-sdk/google@3.x with ai@^4.x and align other providers to compatible majors, or keep all providers on a consistent compatible set.

Spec verification

Criterion Status Evidence
The PR must include code and/or configuration changes necessary to handle breaking changes introduced by the dependency upgrade. Not Met Only package.json changed to bump @ai-sdk/google to ^3.0.75 (package.json:dependencies), with no src/ or tests updates. bun.lock still resolves @ai-sdk/google@1.x (bun.lock top workspace deps and packages map), indicating no validated migration.
All related provider packages should remain on compatible major versions to avoid peer-dependency/type incompatibilities. Not Met package.json:dependencies shows mixed majors: @ai-sdk/google: ^3.0.75 vs @ai-sdk/anthropic: ^1.0.2 and @ai-sdk/openai: ^1.0.2. No alignment or compatibility notes provided.
The lockfile should be updated to ensure reproducible installs across environments after dependency changes. Not Met bun.lock still lists @ai-sdk/google: ^1.0.2 under root workspace deps and resolves to @ai-sdk/google@1.2.19, while package.json declares ^3.0.75 (see bun.lock header and packages["@ai-sdk/google"]).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@minsky-reviewer minsky-reviewer[bot] minsky-reviewer[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants