Skip to content

fix: upgrade openai from 4.10.0 to 4.104.0#1079

Closed
CheeloHamududu wants to merge 1 commit into
microsoft:mainfrom
CheeloHamududu:snyk-upgrade-3fefb9b16456f269a34972e18bf76022
Closed

fix: upgrade openai from 4.10.0 to 4.104.0#1079
CheeloHamududu wants to merge 1 commit into
microsoft:mainfrom
CheeloHamududu:snyk-upgrade-3fefb9b16456f269a34972e18bf76022

Conversation

@CheeloHamududu
Copy link
Copy Markdown

@CheeloHamududu CheeloHamududu commented Jan 13, 2026

Snyk has created this PR to upgrade openai from 4.10.0 to 4.104.0.

See this package in npm:
openai

See this project in Snyk:
https://app.snyk.io/org/cheelohamududu/project/4025b2cb-75cf-4941-a4a9-2ddb67da6652?utm_source=github&utm_medium=referral&page=upgrade-pr

@snyk-bot
fix: upgrade openai from 4.10.0 to 4.104.0
d93ca85 
Snyk has created this PR to upgrade openai from 4.10.0 to 4.104.0.

See this package in npm:
openai

See this project in Snyk:
https://app.snyk.io/org/cheelohamududu/project/4025b2cb-75cf-4941-a4a9-2ddb67da6652?utm_source=github&utm_medium=referral&page=upgrade-pr
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 13, 2026

👋 Thanks for contributing @CheeloHamududu! We will review the pull request and get back to you soon.

@github-actions github-actions Bot requested a review from koreyspace January 13, 2026 01:18
@CheeloHamududu
Copy link
Copy Markdown
Author

CheeloHamududu commented Jan 13, 2026

@microsoft-github-policy-service agree

@leestott leestott requested a review from Copilot January 18, 2026 16:40
Copilot AI reviewed Jan 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades the Node.js openai package from version 4.10.0 to 4.104.0, addressing security or compatibility concerns identified by Snyk. This is a significant version jump (94 minor versions) that includes substantial changes to the package's dependency tree.

Changes:

  • Updated openai package version from ^4.10.0 to ^4.104.0 in package.json and package-lock.json
  • Removed obsolete dependencies: digest-fetch, base-64, charenc, crypt, md5, and is-buffer
  • Added optional peer dependencies: ws (^8.18.0) and zod (^3.23.8)

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updated openai dependency version to 4.104.0
package-lock.json Updated dependency tree with new openai version, removed obsolete transitive dependencies, and added optional peer dependencies for ws and zod

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json
},
"dependencies": {
"openai": "^4.10.0"
"openai": "^4.104.0"
Copy link

Copilot AI Jan 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Node.js openai package does not appear to be used anywhere in the codebase. The repository contains only Python code that uses the openai package (specified in requirements.txt). The only JavaScript file in the repository is docsifytopdf.js, which does not import or require the openai package. Consider removing this unused dependency to reduce the project's dependency footprint and potential security surface.

Copilot uses AI. Check for mistakes.
@leestott leestott closed this Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@koreyspace koreyspace Awaiting requested review from koreyspace

Assignees

@koreyspace koreyspace

Labels

needs-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@CheeloHamududu @leestott @koreyspace @snyk-bot