Bump nanoid, @ai-sdk/google and ai

[dependabot]

Bumps nanoid to 3.3.8 and updates ancestor dependencies nanoid, @ai-sdk/google and ai. These dependencies need to be updated together.

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates @ai-sdk/google from 0.0.51 to 1.0.10

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​1.0.10

Patch Changes

• e07439a: feat (provider/google): Include safety ratings response detail.
• 4017b0f: feat (provider/google-vertex): Enhance grounding metadata response detail.
• a9df182: feat (provider/google): Add support for search grounding.

@​ai-sdk/google@​1.0.9

Patch Changes

• c0b1c7e: feat (provider/google): Add Gemini 2.0 model.

@​ai-sdk/google@​1.0.8

Patch Changes

• b7372dc: feat (provider/google): Include optional response grounding metadata.

@​ai-sdk/google@​1.0.7

Patch Changes

• Updated dependencies [09a9cab]
  • @​ai-sdk/provider@​1.0.2
  • @​ai-sdk/provider-utils@​2.0.4

@​ai-sdk/google@​1.0.6

Patch Changes

• 9e54403: fix (provider/google-vertex): support empty object as usage metadata

@​ai-sdk/google@​1.0.5

Patch Changes

• 0984f0b: feat (provider/google-vertex): Rewrite for Edge runtime support.
• Updated dependencies [0984f0b]
  • @​ai-sdk/provider-utils@​2.0.3

Commits

• 5b59fce Version Packages (#4081)
• a9df182 feat (provider/google): Add support for search grounding. (#4067)
• 4017b0f feat (provider/google-vertex): Enhance grounding metadata detail. (#4069)
• e07439a feat (provider/google): Include safety ratings response detail. (#4051)
• 6cc182b chore (examples): e2e test docs and run command cleanup. (#4072)
• 57f6e76 Version Packages (#4080)
• e3fac3f fix (ai/core): change smoothStream default delay to 10ms (#4079)
• b8c76a7 Version Packages (#4076)
• cc16a83 feat (ai/core): add experimental transform option to streamText (#4074)
• 3ce210f docs: fix image gen title (#4075)
• Additional commits viewable in compare view

Updates ai from 3.4.7 to 3.4.33

Commits

• 855f9d2 Version Packages (#3469)
• ac380e3 fix (provider/anthropic): continuation mode with 3+ steps (#3466)
• cfbe5d8 fix (docs): Correct missing close-backtick breaking Anthropic text. (#3464)
• 88be2a6 Version Packages (#3461)
• 6bb9e51 fix (ai/core): expose response.messages in streamText (#3460)
• 003fa11 Version Packages (#3455)
• 4d2e53b feat (provider/anthropic): pdf support (#3458)
• 2cbed46 fix (provider/cohere): fix tool roundtrips (#3456)
• c8afcb5 feat (provider/anthropic): allow using computer use and cache control at the ...
• a7cbdf6 feat (provider/cohere): Use Cohere v2 API. (#3420)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[codara-ai-code-review]

Potential issues, bugs, and flaws that can introduce unwanted behavior:

1. Version Increments without Compatibility Checks
   /package-lock.json, /package.json
   The dependencies @ai-sdk/google, ai, @ai-sdk/provider, and @ai-sdk/provider-utils have been upgraded to newer versions. However, it is not clear if the new versions maintain compatibility with the rest of your codebase. Upgrading dependencies can introduce breaking changes that affect functionality.

2. Missing License Information
   /package-lock.json
   Several newly added packages such as eventsource-parser, is-reference, and secure-json-parse do not specify their license types in the lock file. This lack of license information can lead to compliance and legal issues when using the packages.

3. Peer Dependency Issues
   /package-lock.json
   Some packages that have peer dependencies might not be compatible with the versions specified before the upgrades (such as React). Ensure all peer dependencies are met and compatible, especially for major upgrades.

Code suggestions and improvements for better exception handling, logic, standardization, and consistency:

1. Update Dependency Compatibility Checks
   /package-lock.json, /package.json
   Whenever dependencies are upgraded, ensure to check and update any related dependencies that may have implicit interactions. Use a tool or script to verify compatibility across the dependency tree.

2. Review External Module Imports
   /package-lock.json
   After upgrading external modules, it’s wise to run a linter or code analyzer to ensure that no deprecated features are being used, and verify that new functionalities are utilized correctly according to their documentation.

3. Consider Locking Certain Dependencies
   /package-lock.json, /package.json
   For better build reproducibility, consider locking the versions of critical dependencies (e.g., axios, ai library) to specific versions rather than using a caret (^) before the version number, especially if the upgrades introduce breaking changes.

4. Regularly Review Version Updates
   /package-lock.json, /package.json
   Set up a regular schedule to review and test version updates, especially for critical libraries. This helps in catching compatibility issues early in the development cycle.

5. Documentation of Upgrade Changes
   /package-lock.json, /package.json
   When upgrading dependencies, consider maintaining a changelog that includes details about the kinds of changes made and their potential impact on the application to ensure all team members are informed.