diff --git a/CHANGELOG.md b/CHANGELOG.md index 46c97b7cca4..d31c2e0bc73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ Docs: https://docs.openclaw.ai ### Fixes - Providers/Moonshot: stop strict-sanitizing Kimi's native tool_call IDs (shaped like `functions.:`) on the OpenAI-compatible transport, so multi-turn agentic flows through Kimi K2.6 no longer break after 2-3 tool-calling rounds when the serving layer fails to match mangled IDs against the original tool definitions. Adds a `sanitizeToolCallIds` opt-out to the shared `openai-compatible` replay family helper and wires Moonshot to it. Fixes #62319. (#70030) Thanks @LeoDu0314. +- Dependencies/security: override transitive `uuid` to `14.0.0`, clearing the runtime advisory across dependencies. - Codex harness: ignore dynamic tool descriptions when deciding whether to reuse a native app-server thread while still fingerprinting tool schemas, so channel-specific copy changes no longer reset otherwise compatible Codex conversations. (#69976) Thanks @chen-zhang-cs-code. - Codex harness: drop invalid legacy app-server `serviceTier` values such as `"priority"` before native thread and turn requests, while keeping supported Codex tiers limited to `"fast"` and `"flex"`. Fixes #64815. - Codex harness: show bounded, sanitized permission target samples in app-server approval prompts, so native permission requests keep their specific hosts, roots, and paths visible without leaking home usernames or URL credentials. (#70340) Thanks @Lucenx9. diff --git a/package.json b/package.json index db9ec2ec064..1f894a20ebd 100644 --- a/package.json +++ b/package.json @@ -1608,7 +1608,8 @@ "overrides": { "axios": "1.15.0", "follow-redirects": "1.16.0", - "node-domexception": "npm:@nolyfill/domexception@1.0.28" + "node-domexception": "npm:@nolyfill/domexception@1.0.28", + "uuid": "14.0.0" }, "engines": { "node": ">=22.14.0" @@ -1636,7 +1637,8 @@ "tar": "7.5.13", "tough-cookie": "4.1.3", "yauzl": "3.2.1", - "protobufjs": "7.5.5" + "protobufjs": "7.5.5", + "uuid": "14.0.0" }, "onlyBuiltDependencies": [ "@lydell/node-pty", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index d806648a146..1b8dd88bc2c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -26,6 +26,7 @@ overrides: tough-cookie: 4.1.3 yauzl: 3.2.1 protobufjs: 7.5.5 + uuid: 14.0.0 packageExtensionsChecksum: sha256-n+P/SQo4Pf+dHYpYn1Y6wL4cJEVoVzZ835N0OEp4TM8= @@ -7239,20 +7240,8 @@ packages: util-deprecate@1.0.2: resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==} - uuid@11.1.0: - resolution: {integrity: sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==} - hasBin: true - - uuid@13.0.0: - resolution: {integrity: sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w==} - hasBin: true - - uuid@8.3.2: - resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==} - hasBin: true - - uuid@9.0.1: - resolution: {integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==} + uuid@14.0.0: + resolution: {integrity: sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==} hasBin: true validate-npm-package-name@7.0.2: @@ -8320,13 +8309,13 @@ snapshots: dependencies: '@azure/msal-common': 15.17.0 jsonwebtoken: 9.0.3 - uuid: 8.3.2 + uuid: 14.0.0 '@azure/msal-node@5.1.3': dependencies: '@azure/msal-common': 16.5.0 jsonwebtoken: 9.0.3 - uuid: 8.3.2 + uuid: 14.0.0 '@babel/generator@8.0.0-rc.3': dependencies: @@ -9312,7 +9301,7 @@ snapshots: proper-lockfile: 4.1.2 strip-ansi: 7.2.0 undici: 7.25.0 - uuid: 11.1.0 + uuid: 14.0.0 yaml: 2.8.3 optionalDependencies: '@mariozechner/clipboard': 0.3.2 @@ -11929,7 +11918,7 @@ snapshots: https-proxy-agent: 7.0.6 is-stream: 2.0.1 node-fetch: 2.7.0 - uuid: 9.0.1 + uuid: 14.0.0 transitivePeerDependencies: - encoding - supports-color @@ -12731,7 +12720,7 @@ snapshots: p-retry: 7.1.1 sdp-transform: 3.0.0 unhomoglyph: 1.0.6 - uuid: 13.0.0 + uuid: 14.0.0 matrix-widget-api@1.17.0: dependencies: @@ -14217,13 +14206,7 @@ snapshots: util-deprecate@1.0.2: {} - uuid@11.1.0: {} - - uuid@13.0.0: {} - - uuid@8.3.2: {} - - uuid@9.0.1: {} + uuid@14.0.0: {} validate-npm-package-name@7.0.2: {}