chore(deps): bump JSR/npm minor+patch versions and promptfoo to 0.121.9#1316
Merged
chore(deps): bump JSR/npm minor+patch versions and promptfoo to 0.121.9#1316
Conversation
Runs `deno update` to refresh all deps within their existing ^ ranges, plus bumps `promptfoo` in the evals workspace from 0.121.7 → 0.121.9 and regenerates the lockfile (which also clears the dismissed transitive axios/uuid advisories). cel-js is intentionally left at 7.5.1 to be handled in its own PR with targeted CEL test coverage.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
Blocking Issues
None.
Suggestions
None — this is a clean, well-scoped dependency bump.
Summary: All 24 JSR/npm bumps are minor/patch within existing ^ ranges, no major version changes. The @cliffy/command specifier normalization from bare 1 to ^1.0.1 is a nice consistency improvement. cel-js is correctly left pinned for a separate PR. Lockfiles are regenerated consistently. CI passes on both Ubuntu and Windows. LGTM.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Refreshes dependencies flagged by the CI dependency-audit job:
deno updatebumps 24 deps within their existing^ranges (no major bumps):@cliffy/command,@cliffy/table,@logtape/logtape,@logtape/pretty,@std/{assert,cli,fmt,fs,streams,yaml}@aws-sdk/client-cloudcontrol,@opentelemetry/{api,context-async-hooks,core,otlp-transformer,resources,sdk-trace-base,semantic-conventions},@types/react,croner,fast-check,marked,react,zodevals/promptfoobumped 0.121.7 → 0.121.9; lockfile regenerated. As a side effect this also clears the previously-dismissed transitiveaxios/uuidadvisories from the lockfile itself.cel-js(currently exact-pinned at 7.5.1) is intentionally left for a separate PR so the bump can ship with targeted CEL test coverage. Major bumps still pending —OTel 2.xset,croner@10,marked@18,fast-check@4,ink@7— each warrants its own PR.Test Plan
deno checkdeno lintdeno fmt --checkdeno run test(one flaky shutdown-handler test that passes in isolation, unrelated to deps)deno run compile+ smoke./swamp --version