fix(deps): update dependency ai to v6 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
ai (source)	^4.3.16 → ^6.0.0

---

Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files

CVE-2025-48985 / GHSA-rwvc-j5jr-mgvh

More information

Details

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

Severity

• CVSS Score: 3.7 / 10 (Low)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-48985
• https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed
• https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk
• https://github.com/vercel/ai/issues/8881
• https://github.com/advisories/GHSA-rwvc-j5jr-mgvh

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

vercel/ai (ai)

v6.0.184

Compare Source

Patch Changes

• 40fc5e4: fix(ai): default missing embedding warnings to an empty array

v6.0.183

Compare Source

Patch Changes

• Updated dependencies [363cefe]
  • @​ai-sdk/gateway@​3.0.115

v6.0.182

Compare Source

Patch Changes

• e76a29a: fix(ai): download tool-result file URLs

v6.0.180

Compare Source

Patch Changes

• 253bd5a: fix(gateway): enable retry support for gateway errors
• 57ec10f: fix URL of hero animation in README
• Updated dependencies [253bd5a]
  • @​ai-sdk/gateway@​3.0.114

v6.0.178

Compare Source

Patch Changes

• ac6f27e: fix(ai): update opentelemetry pinned version

v6.0.177

Compare Source

Patch Changes

• Updated dependencies [5c73af8]
  • @​ai-sdk/gateway@​3.0.112

v6.0.176

Compare Source

Patch Changes

• f591416: feat(ai): add toolMetadata for tool specific metdata
• Updated dependencies [f591416]
  • @​ai-sdk/provider-utils@​4.0.27
  • @​ai-sdk/gateway@​3.0.111

v6.0.175

Compare Source

Patch Changes

• Updated dependencies [9a88b1d]
  • @​ai-sdk/gateway@​3.0.110

v6.0.174

Compare Source

Patch Changes

• Updated dependencies [49f6d44]
  • @​ai-sdk/gateway@​3.0.109

v6.0.173

Compare Source

Patch Changes

• 7beadf0: feat(mcp): propagate the server name through dynamic tool parts
• Updated dependencies [7beadf0]
  • @​ai-sdk/provider-utils@​4.0.26
  • @​ai-sdk/gateway@​3.0.108

v6.0.172

Compare Source

v6.0.171

Compare Source

Patch Changes

• 48f842a: fix(ai): enforce callOptionsSchema at runtime in ToolLoopAgent

  ToolLoopAgentSettings.callOptionsSchema was declared and documented as a runtime schema for options, but tool-loop-agent.ts never invoked it. Any invariant a developer encoded in the schema was silently bypassed at runtime, and unchecked options flowed straight into prepareCall and any instructions template that interpolated them.

  ToolLoopAgent.prepareCall now validates caller-supplied options against callOptionsSchema (when set) via safeValidateTypes, throwing InvalidArgumentError on failure before forwarding to prepareCall / generateText / streamText.

• a727da4: chore: ensure consistent import handling and avoid import duplicates or cycles

• 5fee301: fix(mcp): prevent prototype pollution by using secureJsonParse

• Updated dependencies [a727da4]

  • @​ai-sdk/provider-utils@​4.0.25
  • @​ai-sdk/provider@​3.0.10
  • @​ai-sdk/gateway@​3.0.106

v6.0.170

Compare Source

Patch Changes

• 19d587a: fix(ai): add allowSystemInMessages option and warn by default when system messages are found in prompt or messages

v6.0.169

v6.0.168

Patch Changes

• Updated dependencies [493d7d4]
  • @​ai-sdk/gateway@​3.0.104

v6.0.167

Patch Changes

• Updated dependencies [20805c8]
  • @​ai-sdk/gateway@​3.0.103

v6.0.166

Patch Changes

• b8d28f4: fix(ai): omit reasoning-start/end when sendReasoning is false

v6.0.165

Patch Changes

• Updated dependencies [2ff8d57]
  • @​ai-sdk/gateway@​3.0.102

v6.0.164

Patch Changes

• Updated dependencies [83434a9]
  • @​ai-sdk/gateway@​3.0.101

v6.0.163

Patch Changes

• Updated dependencies [a27a631]
  • @​ai-sdk/gateway@​3.0.100

v6.0.162

Compare Source

Patch Changes

• Updated dependencies [8c4abaf]
  • @​ai-sdk/gateway@​3.0.99

v6.0.161

Compare Source

Patch Changes

• Updated dependencies [9031f26]
  • @​ai-sdk/gateway@​3.0.98

v6.0.160

Patch Changes

• Updated dependencies [06f7838]
  • @​ai-sdk/gateway@​3.0.97

v6.0.159

Patch Changes

• Updated dependencies [a0d9373]
  • @​ai-sdk/gateway@​3.0.96

v6.0.158

Patch Changes

• 295beba: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses to no longer ignore providerExecuted tool approvals

v6.0.157

Patch Changes

• ff11aee: fix(ai): fix providerExecuted tool approvals being passed to language model twice

v6.0.156

Compare Source

Patch Changes

• Updated dependencies [08c5ac3]
  • @​ai-sdk/gateway@​3.0.95

v6.0.155

Patch Changes

• 06764c5: fix(ai): skip passing invalid JSON inputs to response messages

v6.0.154

Patch Changes

• Updated dependencies [37a378e]
  • @​ai-sdk/gateway@​3.0.94

v6.0.153

Patch Changes

• f152133: feat (ai/core): support plain string model IDs in rerank() function

  The rerank() function now accepts plain model strings (e.g., 'cohere/rerank-v3.5') in addition to RerankingModel objects, matching the behavior of generateText, embed, and other core functions.

v6.0.152

Patch Changes

• d42076d: Add AI Gateway hint to provider READMEs

v6.0.151

Patch Changes

• Updated dependencies [ec18852]
  • @​ai-sdk/gateway@​3.0.93

v6.0.150

Patch Changes

• 1003609: fix(ai): skip stringifying text when streaming partial text
• Updated dependencies [9de7d7b]
  • @​ai-sdk/gateway@​3.0.92

v6.0.149

Patch Changes

• Updated dependencies [3aca847]
  • @​ai-sdk/gateway@​3.0.91

v6.0.148

Patch Changes

• Updated dependencies [e923a24]
  • @​ai-sdk/gateway@​3.0.90

v6.0.147

Compare Source

Patch Changes

• Updated dependencies [6247886]
  • @​ai-sdk/provider-utils@​4.0.23
  • @​ai-sdk/gateway@​3.0.89

v6.0.146

Compare Source

Patch Changes

• Updated dependencies [5f439a1]
  • @​ai-sdk/gateway@​3.0.88

v6.0.145

Patch Changes

• Updated dependencies [ffd431a]
  • @​ai-sdk/gateway@​3.0.87

v6.0.144

Patch Changes

• 0469aed: fix: allow inline data URLs in download validation
• Updated dependencies [0469aed]
• Updated dependencies [15bfbd2]
  • @​ai-sdk/provider-utils@​4.0.22
  • @​ai-sdk/gateway@​3.0.86

v6.0.143

Patch Changes

• Updated dependencies [85e476d]
  • @​ai-sdk/gateway@​3.0.85

v6.0.142

Compare Source

Patch Changes

• 6f75953: feat(ai): add new isLoopFinished stop condition helper for unlimited steps
• Updated dependencies [70322b4]
  • @​ai-sdk/gateway@​3.0.84

v6.0.141

Compare Source

Patch Changes

• Updated dependencies [768a9d6]
  • @​ai-sdk/gateway@​3.0.83

v6.0.140

Compare Source

Patch Changes

• Updated dependencies [95fedf0]
  • @​ai-sdk/gateway@​3.0.82

v6.0.139

Patch Changes

• Updated dependencies [e69062d]
  • @​ai-sdk/gateway@​3.0.81

v6.0.138

Patch Changes

• Updated dependencies [0db5cd8]
  • @​ai-sdk/gateway@​3.0.80

v6.0.137

Patch Changes

• Updated dependencies [3caa544]
  • @​ai-sdk/gateway@​3.0.79

v6.0.136

Compare Source

Patch Changes

• Updated dependencies [763e178]
  • @​ai-sdk/gateway@​3.0.78

v6.0.135

Patch Changes

• df6a330: chore(ai): remove all experimental agent events

v6.0.134

Patch Changes

• ed6876b: chore(ai): remove all experimental embed events

v6.0.133

Patch Changes

• 055cd68: fix: publish v6 to latest npm dist tag
• Updated dependencies [d99eb91]
• Updated dependencies [055cd68]
  • @​ai-sdk/gateway@​3.0.77
  • @​ai-sdk/provider-utils@​4.0.21

v6.0.132

Patch Changes

• 28fd5a5: README updates

v6.0.131

Patch Changes

• 14f25f9: feat(ai): introduce experimental callbacks for embed function

v6.0.130

Compare Source

Patch Changes

• Updated dependencies [25af909]
  • @​ai-sdk/gateway@​3.0.76

v6.0.129

Compare Source

Patch Changes

• Updated dependencies [f95e0c0]
  • @​ai-sdk/gateway@​3.0.75

v6.0.128

Compare Source

Patch Changes

• Updated dependencies [7324b56]
  • @​ai-sdk/gateway@​3.0.74

v6.0.127

Compare Source

Patch Changes

• Updated dependencies [ac0c407]
• Updated dependencies [e748159]
  • @​ai-sdk/gateway@​3.0.73

v6.0.126

Compare Source

Patch Changes

• 578615a: Remove custom User-Agent header from HttpChatTransport to fix CORS preflight failures in Safari and Firefox

v6.0.125

Compare Source

Patch Changes

• Updated dependencies [5ffb1ad]
• Updated dependencies [f5bf0c6]
  • @​ai-sdk/gateway@​3.0.72

v6.0.124

Patch Changes

• Updated dependencies [55ccbe2]
  • @​ai-sdk/gateway@​3.0.71

v6.0.122

Compare Source

Patch Changes

• Updated dependencies [ca0b430]
  • @​ai-sdk/gateway@​3.0.70

v6.0.121

Compare Source

Patch Changes

• Updated dependencies [efdaefc]
  • @​ai-sdk/gateway@​3.0.69

v6.0.120

Compare Source

Patch Changes

• 78c0e26: feat(ai): pass result provider metadata across the stream

v6.0.119

Compare Source

Patch Changes

• ab286f1: fix(ai): doStream should reflect transformed values
• d68b122: feat(ai): add missing usage attributes

v6.0.118

Compare Source

Patch Changes

• 64ac0fd: fix(security): validate redirect targets in download functions to prevent SSRF bypass

  Both downloadBlob and download now validate the final URL after following HTTP redirects, preventing attackers from bypassing SSRF protections via open redirects to internal/private addresses.

• Updated dependencies [64ac0fd]

  • @​ai-sdk/provider-utils@​4.0.20
  • @​ai-sdk/gateway@​3.0.68

v6.0.117

Compare Source

Patch Changes

• d23121f: chore(ai): add optional ChatRequestOptions to addToolApprovalResponse and addToolOutput
• Updated dependencies [2589004]
  • @​ai-sdk/gateway@​3.0.67

v6.0.116

Compare Source

Patch Changes

• ad4cfc2: Add URL validation to downloadBlob and download to prevent blind SSRF attacks. Private/internal IP addresses, localhost, and non-HTTP protocols are now rejected before fetching.
• Updated dependencies [ad4cfc2]
  • @​ai-sdk/provider-utils@​4.0.19
  • @​ai-sdk/gateway@​3.0.66

v6.0.115

Compare Source

Patch Changes

• Updated dependencies [824b295]
  • @​ai-sdk/provider-utils@​4.0.18
  • @​ai-sdk/gateway@​3.0.65

v6.0.114

Compare Source

Patch Changes

• 2291047: fix(ai): fix missing support for image thought signatures (e.g. for Gemini image models)

v6.0.113

Compare Source

Patch Changes

• 70d3980: fix(ai): use errorMode 'text' in approval continuation to preserve tool error messages

v6.0.112

Compare Source

Patch Changes

• Updated dependencies [db3d4ca]
  • @​ai-sdk/gateway@​3.0.64

v6.0.111

Compare Source

Patch Changes

• 2129c82: feat(ai): register global telemetry integrations

v6.0.110

Compare Source

Patch Changes

• Updated dependencies [1b01ec1]
• Updated dependencies [8df8e11]
  • @​ai-sdk/gateway@​3.0.63

v6.0.109

Compare Source

Patch Changes

• Updated dependencies [10bec50]
  • @​ai-sdk/gateway@​3.0.62

v6.0.108

Compare Source

Patch Changes

• 2a4f512: feat(ai): add telemetry interface and registry

v6.0.107

Compare Source

Patch Changes

• Updated dependencies [08336f1]
  • @​ai-sdk/provider-utils@​4.0.17
  • @​ai-sdk/gateway@​3.0.61

v6.0.106

Compare Source

Patch Changes

• Updated dependencies [29e9f4d]
  • @​ai-sdk/gateway@​3.0.60

v6.0.105

Compare Source

Patch Changes

• Updated dependencies [58bc42d]
  • @​ai-sdk/provider-utils@​4.0.16
  • @​ai-sdk/gateway@​3.0.59

v6.0.104

Compare Source

Patch Changes

• Updated dependencies [1330f2f]
  • @​ai-sdk/gateway@​3.0.58

v6.0.103

Compare Source

Patch Changes

• Updated dependencies [ba63bc2]
  • @​ai-sdk/gateway@​3.0.57

v6.0.102

Compare Source

Patch Changes

• Updated dependencies [45f0a7f]
  • @​ai-sdk/gateway@​3.0.56

v6.0.101

Compare Source

Patch Changes

• 5230482: fix(ai): Don't create duplicate tool parts when models call non-existent tools

v6.0.100

Compare Source

Patch Changes

• b7fba77: feat(ai): add event notifiers to core functions

v6.0.99

Compare Source

Patch Changes

• Updated dependencies [e8172b6]
  • @​ai-sdk/gateway@​3.0.55

v6.0.98

Compare Source

Patch Changes

• Updated dependencies [0c9395b]
  • @​ai-sdk/gateway@​3.0.54

v6.0.97

Compare Source

Patch Changes

• ebfdad1: feat(ai): experimental callbacks in ToolLoopAgent

v6.0.96

Compare Source

Patch Changes

• 30c9de6: feat(ai): experimental callbacks for streamText

v6.0.95

Compare Source

Patch Changes

• Updated dependencies [73b7e09]
  • @​ai-sdk/gateway@​3.0.53

v6.0.94

Compare Source

Patch Changes

• Updated dependencies [363fa44]
  • @​ai-sdk/gateway@​3.0.52

v6.0.93

Compare Source

Patch Changes

• d3769ec: feat(ai): add experimental callbacks in generateText

v6.0.92

Compare Source

Patch Changes

• Updated dependencies [765b013]
  • @​ai-sdk/gateway@​3.0.51

v6.0.91

Compare Source

Patch Changes

• Updated dependencies [a433cd3]
  • @​ai-sdk/gateway@​3.0.50

v6.0.90

Compare Source

Patch Changes

• 98e83ab: Fix useChat status briefly flashing to submitted on page load when resume: true is set and there is no active stream to resume. The reconnectToStream check is now performed before setting status to submitted, so status stays ready when the server responds with 204 (no active stream).

v6.0.89

Compare Source

Patch Changes

• Updated dependencies [5f693c8]
  • @​ai-sdk/gateway@​3.0.49

v6.0.88

Compare Source

Patch Changes

• Updated dependencies [2a1c664]
  • @​ai-sdk/gateway@​3.0.48

v6.0.87

Compare Source

Patch Changes

• Updated dependencies [6bbd05b]
  • @​ai-sdk/gateway@​3.0.47

v6.0.86

Compare Source

Patch Changes

• Updated dependencies [f75f18c]
  • @​ai-sdk/gateway@​3.0.46

v6.0.85

Compare Source

Patch Changes

• Updated dependencies [e858654]
  • @​ai-sdk/gateway@​3.0.45

v6.0.84

Compare Source

Patch Changes

• 4024a3a: security: prevent unbounded memory growth in download functions

  The download() and downloadBlob() functions now enforce a default 2 GiB size limit when downloading from user-provided URLs. Downloads that exceed this limit are aborted with a DownloadError instead of consuming unbounded memory and crashing the process. The abortSignal parameter is now passed through to fetch() in all download call sites.

  Added download option to transcribe() and experimental_generateVideo() for providing a custom download function. Use the new createDownload({ maxBytes }) factory to configure download size limits.

• Updated dependencies [4024a3a]

  • @​ai-sdk/provider-utils@​4.0.15
  • @​ai-sdk/gateway@​3.0.44

v6.0.83

Compare Source

Patch Changes

• Updated dependencies [b424e50]
  • @​ai-sdk/gateway@​3.0.43

v6.0.82

Compare Source

Patch Changes

• Updated dependencies [1819bc1]
  • @​ai-sdk/gateway@​3.0.42

v6.0.81

Compare Source

Patch Changes

• ee4beee: feat(ai): add onStepFinish callback to createUIMessageStream

v6.0.80

Compare Source

Patch Changes

• Updated dependencies [99fbed8]
  • @​ai-sdk/gateway@​3.0.41

v6.0.79

Compare Source

Patch Changes

• Updated dependencies [a2208a2]
  • @​ai-sdk/gateway@​3.0.40

v6.0.78

Compare Source

Patch Changes

• 59fcf30: fix(ai): make experimental_context required in ToolLoopAgentOnFinishCallback

  This fixes a type inconsistency where ToolLoopAgentOnFinishCallback had experimental_context as optional while StreamTextOnFinishCallback and GenerateTextOnFinishCallback had it as required. Since ToolLoopAgent delegates to streamText/generateText, and both always pass experimental_context when invoking the callback, the types should match.

v6.0.77

Compare Source

Patch Changes

• Updated dependencies [eea5d30]
  • @​ai-sdk/gateway@​3.0.39

v6.0.76

Compare Source

Patch Changes

• Updated dependencies [70028ab]
  • @​ai-sdk/gateway@​3.0.38

v6.0.75

Compare Source

Patch Changes

• 7168375: feat (ai, provider): default global provider video model resolution
• Updated dependencies [7168375]
  • @​ai-sdk/provider@​3.0.8
  • @​ai-sdk/gateway@​3.0.37
  • @​ai-sdk/provider-utils@​4.0.14

v6.0.74

Compare Source

Patch Changes

• 471009b: fix(ai): pass reasoning text in telemetry

v6.0.73

Compare Source

Patch Changes

• Updated dependencies [9892c58]
  • @​ai-sdk/gateway@​3.0.36

v6.0.72

Compare Source

Patch Changes

• Updated dependencies [8e2eaac]
  • @​ai-sdk/gateway@​3.0.35

v6.0.71

Compare Source

Patch Changes

• Updated dependencies [4867635]
  • @​ai-sdk/gateway@​3.0.34

v6.0.70

Compare Source

Patch Changes

• Updated dependencies [ae30443]
  • @​ai-sdk/gateway@​3.0.33

v6.0.69

Compare Source

Patch Changes

• d659305: fix(ai): auto-populate originalMessages in createAgentUIStream

v6.0.68

Compare Source

Patch Changes

• 8bf2660: chore(ai): export DefaultGeneratedFile

v6.0.67

Compare Source

Patch Changes

• 53f6731: feat (ai, provider): experimental generate video support
• Updated dependencies [53f6731]
  • @​ai-sdk/provider@​3.0.7
  • @​ai-sdk/gateway@​3.0.32
  • @​ai-sdk/provider-utils@​4.0.13

v6.0.66

Compare Source

Patch Changes

• Updated dependencies [96936e5]
  • @​ai-sdk/provider-utils@​4.0.12
  • @​ai-sdk/gateway@​3.0.31

v6.0.65

Compare Source

Patch Changes

• Updated dependencies [1a74972]
  • @​ai-sdk/gateway@​3.0.30

v6.0.64

Compare Source

Patch Changes

• ce9daa3: Fixed 'reasoning part reasoning-0 not found' error by ensuring 'reasoning-start' event is emitted for empty thinking blocks (eg. )

v6.0.63

Compare Source

Patch Changes

• be95579: fix(ui): respect Promise<false> when returned by sendAutomaticallyWhen

v6.0.62

Compare Source

Patch Changes

• 2810850: fix(ai): improve type validation error messages with field paths and entity identifiers
• Updated dependencies [2810850]
  • @​ai-sdk/provider-utils@​4.0.11
  • @​ai-sdk/provider@​3.0.6
  • @​ai-sdk/gateway@​3.0.29

v6.0.61

Compare Source

Patch Changes

• Updated dependencies [1524271]
  • @​ai-sdk/gateway@​3.0.28

v6.0.60

Compare Source

Patch Changes

• 5fc42fa: feat(ai): add experimental retention setting

v6.0.59

Compare Source

Patch Changes

• Updated dependencies [0acff64]
  • @​ai-sdk/gateway@​3.0.27

v6.0.58

Compare Source

Patch Changes

• Updated dependencies [a8be296]
  • @​ai-sdk/gateway@​3.0.26

v6.0.57

Compare Source

Patch Changes

• 65865d8: Fix handling of error results in deferrable tools

v6.0.56

Compare Source

Patch Changes

• Updated dependencies [15a78c7]
  • @​ai-sdk/gateway@​3.0.25

v6.0.55

Compare Source

Patch Changes

• 43a74df: chore(ai): add skill to README

v6.0.54

Compare Source

Patch Changes

• 2f8ac87: docs(ai): fix incorrect and outdated jsdoc

v6.0.53

Compare Source

Patch Changes

• 7ee3f10: chore: updated docs

v6.0.52

Compare Source

Patch Changes

• Updated dependencies [462ad00]
  • @​ai-sdk/provider-utils@​4.0.10
  • @​ai-sdk/gateway@​3.0.24

v6.0.51

Compare Source

Patch Changes

• ea0feb5: fix(ai): clean up step timeout when error occurs in streamText

v6.0.50

Compare Source

Patch Changes

• Updated dependencies [cbf1704]
  • @​ai-sdk/gateway@​3.0.23

v6.0.49

Compare Source

Patch Changes

• ded661b: feat(ai): add onStepFinish to agent.generate and agent.stream

v6.0.48

Compare Source

Patch Changes

• 4de5a1d: chore: excluded tests from src folder in npm package
• Updated dependencies [4de5a1d]
  • @​ai-sdk/gateway@​3.0.22
  • @​ai-sdk/provider@​3.0.5
  • @​ai-sdk/provider-utils@​4.0.9

v6.0.47

Compare Source

Patch Changes

• Updated dependencies [2b8369d]
  • @​ai-sdk/gateway@​3.0.21

v6.0.46

Compare Source

Patch Changes

• Updated dependencies [8dc54db]
  • @​ai-sdk/gateway@​3.0.20

v6.0.45

Compare Source

Patch Changes

• Updated dependencies [c60fdd8]
  • @​ai-sdk/gateway@​3.0.19

v6.0.44

Compare Source

Patch Changes

• Updated dependencies [7af4eb4]
  • @​ai-sdk/gateway@​3.0.18

v6.0.43

[Com

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}