chore(deps): update dependency openai to v6.35.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
openai	6.34.0 → 6.35.0

---

Release Notes

openai/openai-node (openai)

v6.35.0

Compare Source

Full Changelog: v6.34.0...v6.35.0

Features

• api: Add detail to InputFileContent (910ec5d)
• api: add OAuthErrorCode type (f84bd1f)
• api: add prompt_cache_retention parameter to responses compact (c486d1f)
• api: add web_search_call.results to ResponseIncludable (72449a1)
• api: manual updates (b742f1f)
• client: add support for binary messages (c498cc3)
• client: add support for path parameters in websockets clients (e0aba70)
• client: add support for queuing messages when waiting for a connection (fd8868c)
• client: add support for WebSockets in the browser when using simple auth (27bda6a)
• client: support automatic reconnection for websockets (189410b)
• typescript: expose underlying WebSocket type (7e96939)

Bug Fixes

• client: allow single messages greater than the size of the websockets queue (ad19ab2)
• internal: gitignore generated oidc dir (cf860f6)
• types: correct prompt_cache_retention enum value in chat/completions and responses (5a81e1a)
• types: preserve emitted ts-ignore comments (1cde375)

Chores

• ci: remove release-doctor workflow (e5ab4d1)
• format: apply prettier output (80fa23d)
• format: ignore release-updated jsr config (f606e8b)
• formatter: run prettier and eslint separately (68a988e)
• internal: codegen related update (7673137)
• internal: fix package.json duplicate keys (5f075a8)
• internal: more robust bootstrap script (252e70a)
• internal: version bump (34c84ee)
• tests: bump steady to v0.22.1 (316bdba)

Documentation

• improve examples (6400d19)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cursor]

Stale comment

Security review (automation): PR #3807

Outcome: No medium, high, or critical findings. The diff only updates web/package-lock.json for the dev dependency openai (6.34.0 → 6.35.0): resolved URL and integrity hash. No application or build script changes.

Scope checked: Compared merge base 2b99a7a0 to head 288b4e1d. No new attack surface in repo code from this PR. Existing gulp-gpt-translate.js usage is unchanged by this bump.

Supply chain: Same registry (registry.npmjs.org), official package tarball; Snyk’s npm openai advisory data shows no direct CVEs for recent 6.x lines (not a guarantee, but no known disclosed issue tied to this bump).

---

Slack summary (copy/paste):
PR #3807 (chore(deps): update dependency openai to v6.35.0) — security pass. Lockfile-only bump for dev openai 6.34→6.35; no code changes; no medium+ issues identified.

  

_{Sent by Cursor Automation: Find vulnerabilities}

[cursor]

Security review (automation)

Scope: Diff is limited to web/package-lock.json: openai 6.34.0 → 6.35.0 (same registry URL, updated tarball integrity).

Findings: No medium / high / critical issues introduced by this change with high confidence.

• Application code: No modified source; runtime usage (e.g. dev-time gulp-gpt-translate / OpenAI client) is unchanged by this PR.
• Supply chain: Official registry.npmjs.org artifact with lockfile integrity pinning; no new dependency graph entries beyond the version bump.
• Known advisories: No credible public advisory identified tying 6.35.0 to a exploitable vulnerability in this repo’s usage pattern.

Prior automation threads: Resolved via cleanup so this assessment is the active one.

  

_{Sent by Cursor Automation: Find vulnerabilities}