deps(example): bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates in the /examples/nextjs-openai directory:

Package	From	To
@ai-sdk/openai	1.2.5	1.2.6
ai	4.1.61	4.1.63
openai	4.87.3	4.88.0
@types/react	19.0.10	19.0.12
eslint-config-next	15.2.2	15.2.3

Updates @ai-sdk/openai from 1.2.5 to 1.2.6

Release notes

Sourced from @​ai-sdk/openai's releases.

@​ai-sdk/openai@​1.2.6

Patch Changes

• Updated dependencies [0bd5bc6]
  • @​ai-sdk/provider@​1.0.12
  • @​ai-sdk/provider-utils@​2.1.14

Commits

• 78287ee Version Packages (#5271)
• 0bd5bc6 feat (ai): support model-generated files (#5216)
• 5cd3d6c fix (docs): fix escaping (#5269)
• 7551975 Version Packages (#5267)
• d65df9d feat (provider/amazon-bedrock): support AWS credential providers (#5220)
• a0eca51 chore (docs): update provider details (#5265)
• 1040a88 Version Packages (#5264)
• c9ed3c4 feat(ai): allow custom mcp transports (#5209)
• 640f418 fix(docs): add Message import (#5247)
• c19d34f fix(docs): fix svelte getting started codes (#5246)
• Additional commits viewable in compare view

Updates ai from 4.1.61 to 4.1.63

Release notes

Sourced from ai's releases.

[email protected]

Patch Changes

• 0bd5bc6: feat (ai): support model-generated files
• Updated dependencies [0bd5bc6]
  • @​ai-sdk/provider@​1.0.12
  • @​ai-sdk/provider-utils@​2.1.14
  • @​ai-sdk/ui-utils@​1.1.20
  • @​ai-sdk/react@​1.1.24

[email protected]

Patch Changes

• c9ed3c4: feat: enable custom mcp transports breaking change: remove internal stdio transport creation

Commits

• 78287ee Version Packages (#5271)
• 0bd5bc6 feat (ai): support model-generated files (#5216)
• 5cd3d6c fix (docs): fix escaping (#5269)
• 7551975 Version Packages (#5267)
• d65df9d feat (provider/amazon-bedrock): support AWS credential providers (#5220)
• a0eca51 chore (docs): update provider details (#5265)
• 1040a88 Version Packages (#5264)
• c9ed3c4 feat(ai): allow custom mcp transports (#5209)
• 640f418 fix(docs): add Message import (#5247)
• c19d34f fix(docs): fix svelte getting started codes (#5246)
• Additional commits viewable in compare view

Updates openai from 4.87.3 to 4.88.0

Release notes

Sourced from openai's releases.

v4.88.0

4.88.0 (2025-03-19)

Full Changelog: v4.87.4...v4.88.0

Features

• api: o1-pro now available through the API (#1398) (616a7e9)

Chores

• exports: cleaner resource index imports (#1396) (26b0856)
• exports: stop using path fallbacks (#1397) (d1479c2)
• internal: version bump (#1393) (7f16c3a)

v4.87.4

4.87.4 (2025-03-18)

Full Changelog: v4.87.3...v4.87.4

Bug Fixes

• api: correct some Responses types (#1391) (af45876)
• types: ignore missing id in responses pagination (1b9d20e)
• types: improve responses type names (#1392) (164f476)

Chores

• add missing type alias exports (#1390) (16c5e22)
• internal: add back release workflow (dddf29b)
• internal: remove CI condition (#1381) (ef17981)
• internal: run CI on update-specs branch (9fc2130)
• internal: update release workflows (90b77d0)

Changelog

Sourced from openai's changelog.

4.88.0 (2025-03-19)

Full Changelog: v4.87.4...v4.88.0

Features

• api: o1-pro now available through the API (#1398) (616a7e9)

Chores

• exports: cleaner resource index imports (#1396) (26b0856)
• exports: stop using path fallbacks (#1397) (d1479c2)
• internal: version bump (#1393) (7f16c3a)

4.87.4 (2025-03-18)

Full Changelog: v4.87.3...v4.87.4

Bug Fixes

• api: correct some Responses types (#1391) (af45876)
• types: ignore missing id in responses pagination (1b9d20e)
• types: improve responses type names (#1392) (164f476)

Chores

• add missing type alias exports (#1390) (16c5e22)
• internal: add back release workflow (dddf29b)
• internal: remove CI condition (#1381) (ef17981)
• internal: run CI on update-specs branch (9fc2130)
• internal: update release workflows (90b77d0)

Commits

• 20e97a4 release: 4.88.0
• aefd267 feat(api): o1-pro now available through the API (#1398)
• 7c3d212 chore(exports): stop using path fallbacks (#1397)
• 023d106 chore(exports): cleaner resource index imports (#1396)
• 2e49526 chore(internal): version bump (#1393)
• d927768 release: 4.87.4
• 4548326 fix(types): improve responses type names (#1392)
• d2be74a fix(types): ignore missing id in responses pagination
• ca6266e chore(internal): add back release workflow
• e983d0c fix(api): correct some Responses types (#1391)
• Additional commits viewable in compare view

Updates @types/react from 19.0.10 to 19.0.12

Commits

• See full diff in compare view

Updates eslint-config-next from 15.2.2 to 15.2.3

Release notes

Sourced from eslint-config-next's releases.

v15.2.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update default allowed origins list (#77212)
• unify allowed origin detection handling (#77053)
• Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
• Ensure deploymentId is used for CSS preloads (#77210)
• Update middleware request header (#77201)
• [metadata] remove the default segement check for metadata rendering (#77119)
• [ts-hint] fix vscode type hint plugin enabling (#77099)
• [metadata] re-insert icons to head for streamed metadata (#76915)

Credits

Huge thanks to @​ijjk, @​ztanner, and @​huozhi for helping!

Commits

• 535e26d v15.2.3
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ai-sdk/[email protected] ➜ 1.2.6	Transitive: environment, network	+7	5.85 MB	vercel-release-bot
npm/@types/[email protected]	None	+1	1.25 MB
npm/[email protected] ➜ 4.1.63	None	+19	11.9 MB	vercel-release-bot
npm/[email protected]	unsafe Transitive: environment, eval, filesystem	+179	18.6 MB	vercel-release-bot
npm/[email protected] ➜ 4.88.0	Transitive: filesystem, network	+23	7.27 MB	dschnurr, dschnurr-openai, jeevnayak, ...2 more

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Network access	npm/@ai-sdk/[email protected]	Module: globalThis["fetch"] Location: Package overview	examples/nextjs-openai/package-lock.json examples/nextjs-openai/package.json	🚫

View full report↗︎

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@ai-sdk/[email protected]

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.