Skip to content

chore(deps): update dependency promptfoo to v0.121.14#946

Merged
mldangelo-oai merged 1 commit into
mainfrom
renovate/promptfoo-0.x
Jun 4, 2026
Merged

chore(deps): update dependency promptfoo to v0.121.14#946
mldangelo-oai merged 1 commit into
mainfrom
renovate/promptfoo-0.x

Conversation

@renovate

@renovate renovate Bot commented May 29, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
promptfoo (source) 0.121.120.121.14 age confidence

Release Notes

promptfoo/promptfoo (promptfoo)

v0.121.14

Compare Source

Features
Bug Fixes
  • assertions: don't classify gen_ai.tool.definitions chat spans as tool calls (#​9524) (b59f397)
  • cli: preflight force imports before collision lookup (#​9570) (0b93733)
  • cloud: on-prem API host for guardrails and http-generator, with host-resolution tests (#​9580) (b9a014a)
  • cloud: use on-prem API host in checkEmailStatus (#​9576) (063c62b)
  • db: avoid SQLITE_LOCKED flakiness in shared-cache test database (#​9567) (1fdb59b)
  • db: serialize libsql test database cleanup (#​9540) (f4380c2)
  • deps: keep ModelAudit pydantic-core pinned to compatible 2.46.4 (b2b35b0)
  • deps: update dependency ai to ^6.0.190 (#​9577) (9ec614a)
  • eval: canonicalize retry JSONL output with atomic rewrites (#​9547) (8d7c920)
  • eval: redact credentials from the persisted browser store (#​9396) (4d5bed5)
  • evaluator: preserve and harden programmatic JSONL output (#​9538) (8ddd906)
  • output: redact api-key and legacy transport headers in JSONL/DB (#​9546) (e194c85)
  • providers: handle Codex SDK rate limits (#​9473) (76d3db4)
  • providers: inject n8n sessions into custom bodies (#​9527) (9cc0542)
  • providers: preserve n8n array body templates (#​9544) (6cdf63d)
  • providers: preserve streamed Anthropic refusal guardrails (#​9560) (ff8eafd)
  • providers: serialize persistent browser sessions (#​9414) (097ff9b)
  • redteam: authenticate remote-generation requests against on-prem cloud (#​9584) (7df8fae)
  • util: restore nested SAS tokens after array reorder (#​9528) (9759e5a)
  • webui: render negative-only metric charts (#​9526) (7ccafa4)

v0.121.13

Compare Source

Features
Bug Fixes
Performance Improvements

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/promptfoo-0.x branch from 0212c61 to 71533ec Compare June 1, 2026 20:14
@renovate renovate Bot changed the title chore(deps): update dependency promptfoo to v0.121.13 chore(deps): update dependency promptfoo to v0.121.14 Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/promptfoo-0.x branch from 71533ec to 38476b3 Compare June 2, 2026 18:11
@renovate renovate Bot force-pushed the renovate/promptfoo-0.x branch from 38476b3 to 2fcb0ad Compare June 4, 2026 14:03
@renovate

renovate Bot commented Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: package-lock.json

npm --before could not be enforced because existing locked packages were published after the minimumReleaseAge cutoff. This will resolve after the next lock file maintenance run.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2fcb0ad239

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread package-lock.json
"esbuild": "^0.28.0",
"js-yaml": "^4.1.1",
"promptfoo": "0.121.12",
"promptfoo": "0.121.14",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Restore the missing lockfile peer entry

With this lockfile, npm ci fails before installing dependencies using the supported npm 11.4.x range (Missing: gcp-metadata@ from lock file). The promptfoo bump removed node_modules/mongoose/node_modules/gcp-metadata, but mongoose/node_modules/mongodb@7.2.0 still has gcp-metadata as an optional peer, so the lockfile is no longer internally consistent; every workflow section I checked that builds or packages this action runs npm ci, so this dependency update cannot pass CI until the lockfile is regenerated with that entry restored.

Useful? React with 👍 / 👎.

@mldangelo-oai mldangelo-oai merged commit 0acc4a2 into main Jun 4, 2026
7 of 9 checks passed
@mldangelo-oai mldangelo-oai deleted the renovate/promptfoo-0.x branch June 4, 2026 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant