Three critical security and bug fixes ship across OpenAI and Clerk SDKs
This week's developer tooling update flagged three critical fixes among 517 changes across 30 tracked tools. Two OpenAI-compatible AI SDK packages — versions 2.0.58 and 3.0.82 — patched a bug where streaming tool calls were finalized prematurely on partial JSON, risking execution with incomplete arguments. Developers using streaming tool calls in production are advised to upgrade both @ai-sdk/openai-compatible and @ai-sdk/openai immediately. Separately, @clerk/backend version 3.11.1 closed an authorization bypass where session tokens lacking the azp claim were incorrectly accepted even when authorizedParties was configured. Teams using Clerk's backend should verify their token generation includes the azp claim to avoid request rejections after the update.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in