promptfoo 0.119.8 → 0.119.10

package/README.md

@@ -38,6 +38,7 @@ See [Getting Started](https://www.promptfoo.dev/docs/getting-started/) (evals) o
 - **Secure your LLM apps** with [red teaming](https://www.promptfoo.dev/docs/red-team/) and vulnerability scanning
 - **Compare models** side-by-side (OpenAI, Anthropic, Azure, Bedrock, Ollama, and [more](https://www.promptfoo.dev/docs/providers/))
 - **Automate checks** in [CI/CD](https://www.promptfoo.dev/docs/integrations/ci-cd/)
+- **Review pull requests** for LLM-related security and compliance issues with [code scanning](https://www.promptfoo.dev/docs/code-scanning/)
 - **Share results** with your team
 
 Here's what it looks like in action:
@@ -69,6 +70,7 @@ It also can generate [security vulnerability reports](https://www.promptfoo.dev/
 - 💻 [CLI Usage](https://www.promptfoo.dev/docs/usage/command-line/)
 - 📦 [Node.js Package](https://www.promptfoo.dev/docs/usage/node-package/)
 - 🤖 [Supported Models](https://www.promptfoo.dev/docs/providers/)
+- 🔬 [Code Scanning Guide](https://www.promptfoo.dev/docs/code-scanning/)
 
 ## Contributing
 

package/dist/package.json

@@ -2,7 +2,7 @@
     "name": "promptfoo",
     "description": "LLM eval & testing toolkit",
     "author": "Ian Webster",
-    "version": "0.119.8",
+    "version": "0.119.10",
     "license": "MIT",
     "type": "commonjs",
     "repository": {
@@ -60,6 +60,8 @@
         "lint:site": "npx @biomejs/biome lint site",
         "lint:src": "npx @biomejs/biome lint src",
         "lint:tests": "npx @biomejs/biome lint test",
+        "lint:index": "node scripts/check-index-imports.js",
+        "lint:index:fix": "node scripts/fix-index-imports.js",
         "lint": "npm run lint:src",
         "local:web": "npm run dev --prefix src/app",
         "local": "ts-node --cwdMode --transpileOnly src/main.ts",
@@ -78,19 +80,19 @@
     "overrides": {
         "uri-js": "npm:uri-js-replace",
         "chokidar": "4.0.3",
-        "whatwg-url": "14.2.0",
-        "esbuild": "0.25.9",
+        "whatwg-url": "15.1.0",
+        "esbuild": "0.27.0",
         "react": "19.2.0",
         "react-dom": "19.2.0",
-        "react-is": "^18.3.1",
+        "react-is": "^19.0.0",
         "*": {
-            "whatwg-url": "14.2.0",
+            "whatwg-url": "15.1.0",
             "chokidar": "4.0.3",
-            "esbuild": "0.25.9",
+            "esbuild": "0.27.0",
             "react": "19.2.0",
             "react-dom": "19.2.0"
         },
-        "gaxios": "^6.0.0",
+        "gaxios": "^7.0.0",
         "https-proxy-agent": "^7.0.0",
         "mongoose": {
             "gcp-metadata": "^8.1.2"
@@ -98,30 +100,30 @@
     },
     "devDependencies": {
         "@adaline/anthropic": "1.8.0",
-        "@adaline/azure": "1.6.2",
+        "@adaline/azure": "1.7.0",
         "@adaline/gateway": "1.10.0",
-        "@adaline/google": "1.9.0",
-        "@adaline/groq": "1.8.2",
-        "@adaline/open-router": "1.5.1",
-        "@adaline/openai": "1.10.0",
+        "@adaline/google": "1.10.0",
+        "@adaline/groq": "1.9.0",
+        "@adaline/open-router": "1.6.0",
+        "@adaline/openai": "1.11.0",
         "@adaline/provider": "1.5.1",
-        "@adaline/together-ai": "1.5.1",
+        "@adaline/together-ai": "1.6.0",
         "@adaline/types": "1.9.1",
-        "@adaline/vertex": "1.7.2",
-        "@anthropic-ai/claude-agent-sdk": "^0.1.42",
-        "@aws-sdk/client-bedrock-agent-runtime": "^3.927.0",
-        "@aws-sdk/client-bedrock-runtime": "^3.927.0",
-        "@aws-sdk/client-sagemaker-runtime": "^3.927.0",
-        "@aws-sdk/credential-provider-sso": "^3.927.0",
-        "@aws-sdk/types": "^3.922.0",
+        "@adaline/vertex": "1.9.0",
+        "@anthropic-ai/claude-agent-sdk": "^0.1.47",
+        "@aws-sdk/client-bedrock-agent-runtime": "^3.936.0",
+        "@aws-sdk/client-bedrock-runtime": "^3.936.0",
+        "@aws-sdk/client-sagemaker-runtime": "^3.936.0",
+        "@aws-sdk/credential-provider-sso": "^3.936.0",
+        "@aws-sdk/types": "^3.936.0",
         "@azure/identity": "^4.13.0",
         "@azure/openai-assistants": "^1.0.0-beta.6",
-        "@biomejs/biome": "^2.3.4",
+        "@biomejs/biome": "^2.3.7",
         "@fal-ai/client": "^1.7.2",
-        "@ibm-cloud/watsonx-ai": "^1.7.2",
+        "@ibm-cloud/watsonx-ai": "^1.7.3",
         "@ibm-generative-ai/node-sdk": "^3.2.4",
         "@jest/globals": "^30.2.0",
-        "@swc/core": "^1.15.1",
+        "@swc/core": "^1.15.3",
         "@swc/jest": "^0.2.39",
         "@types/async": "^3.2.25",
         "@types/better-sqlite3": "^7.6.13",
@@ -135,7 +137,7 @@
         "@types/jest": "^30.0.0",
         "@types/js-yaml": "^4.0.9",
         "@types/jsdom": "^21.1.7",
-        "@types/node": "^24.10.0",
+        "@types/node": "^24.10.1",
         "@types/nunjucks": "^3.2.6",
         "@types/opener": "^1.4.3",
         "@types/pdf-parse": "^1.1.5",
@@ -144,18 +146,17 @@
         "@types/semver": "^7.7.1",
         "@types/source-map-support": "^0.5.10",
         "@types/supertest": "^6.0.3",
-        "@types/uuid": "^10.0.0",
         "concurrently": "^9.2.1",
         "depcheck": "^1.4.7",
-        "drizzle-kit": "^0.31.6",
-        "ibm-cloud-sdk-core": "^5.4.3",
+        "drizzle-kit": "^0.31.7",
+        "ibm-cloud-sdk-core": "^5.4.4",
         "jest": "^30.2.0",
-        "knip": "^5.68.0",
+        "knip": "^5.70.1",
         "langfuse": "^3.38.6",
         "madge": "^8.0.0",
         "nock": "^14.0.10",
         "node-sql-parser": "^5.3.13",
-        "nodemon": "^3.1.10",
+        "nodemon": "^3.1.11",
         "pdf-parse": "^1.1.4",
         "playwright": "^1.56.1",
         "playwright-extra": "^4.3.6",
@@ -170,49 +171,49 @@
         "typescript": "^5.9.3",
         "winston-transport": "^4.9.0",
         "xlsx": "^0.18.5",
-        "zod-to-json-schema": "^3.24.6"
+        "zod-to-json-schema": "^3.25.0"
     },
     "optionalDependencies": {
         "@adaline/anthropic": "1.8.0",
-        "@adaline/azure": "1.6.2",
+        "@adaline/azure": "1.7.0",
         "@adaline/gateway": "1.10.0",
-        "@adaline/google": "1.9.0",
-        "@adaline/groq": "1.8.2",
-        "@adaline/open-router": "1.5.1",
-        "@adaline/openai": "1.10.0",
+        "@adaline/google": "1.10.0",
+        "@adaline/groq": "1.9.0",
+        "@adaline/open-router": "1.6.0",
+        "@adaline/openai": "1.11.0",
         "@adaline/provider": "1.5.1",
-        "@adaline/together-ai": "1.5.1",
+        "@adaline/together-ai": "1.6.0",
         "@adaline/types": "1.9.1",
-        "@adaline/vertex": "1.7.2",
-        "@anthropic-ai/claude-agent-sdk": "^0.1.42",
-        "@aws-sdk/client-bedrock-agent-runtime": "^3.927.0",
-        "@aws-sdk/client-bedrock-runtime": "^3.927.0",
-        "@aws-sdk/client-sagemaker-runtime": "^3.927.0",
-        "@aws-sdk/credential-provider-sso": "^3.927.0",
+        "@adaline/vertex": "1.9.0",
+        "@anthropic-ai/claude-agent-sdk": "^0.1.47",
+        "@aws-sdk/client-bedrock-agent-runtime": "^3.936.0",
+        "@aws-sdk/client-bedrock-runtime": "^3.936.0",
+        "@aws-sdk/client-sagemaker-runtime": "^3.936.0",
+        "@aws-sdk/credential-provider-sso": "^3.936.0",
         "@azure/ai-projects": "^1.0.1",
         "@azure/identity": "^4.13.0",
-        "@azure/msal-node": "^3.8.1",
+        "@azure/msal-node": "^3.8.3",
         "@azure/openai-assistants": "^1.0.0-beta.6",
-        "@biomejs/cli-darwin-arm64": "2.3.4",
-        "@biomejs/cli-darwin-x64": "2.3.4",
-        "@biomejs/cli-linux-x64": "2.3.4",
-        "@biomejs/cli-linux-x64-musl": "2.3.4",
-        "@biomejs/cli-win32-x64": "2.3.4",
+        "@biomejs/cli-darwin-arm64": "2.3.7",
+        "@biomejs/cli-darwin-x64": "2.3.7",
+        "@biomejs/cli-linux-x64": "2.3.7",
+        "@biomejs/cli-linux-x64-musl": "2.3.7",
+        "@biomejs/cli-win32-x64": "2.3.7",
         "@fal-ai/client": "^1.7.2",
-        "@ibm-cloud/watsonx-ai": "^1.7.2",
+        "@ibm-cloud/watsonx-ai": "^1.7.3",
         "@ibm-generative-ai/node-sdk": "^3.2.4",
         "@playwright/browser-chromium": "^1.56.1",
-        "@rollup/rollup-linux-x64-gnu": "^4.53.1",
+        "@rollup/rollup-linux-x64-gnu": "^4.53.3",
         "@slack/web-api": "^7.12.0",
-        "@smithy/node-http-handler": "^4.4.4",
-        "@swc/core-darwin-arm64": "^1.15.1",
-        "@swc/core-darwin-x64": "^1.15.1",
-        "@swc/core-linux-x64-gnu": "^1.15.1",
-        "@swc/core-linux-x64-musl": "^1.15.1",
-        "@swc/core-win32-x64-msvc": "^1.15.1",
+        "@smithy/node-http-handler": "^4.4.5",
+        "@swc/core-darwin-arm64": "^1.15.3",
+        "@swc/core-darwin-x64": "^1.15.3",
+        "@swc/core-linux-x64-gnu": "^1.15.3",
+        "@swc/core-linux-x64-musl": "^1.15.3",
+        "@swc/core-win32-x64-msvc": "^1.15.3",
         "fluent-ffmpeg": "^2.1.3",
         "google-auth-library": "^10.5.0",
-        "ibm-cloud-sdk-core": "^5.4.3",
+        "ibm-cloud-sdk-core": "^5.4.4",
         "langfuse": "^3.38.6",
         "natural": "^8.1.0",
         "node-sql-parser": "^5.3.13",
@@ -224,23 +225,22 @@
         "xlsx": "^0.18.5"
     },
     "dependencies": {
-        "@anthropic-ai/sdk": "^0.69.0",
+        "@anthropic-ai/sdk": "^0.70.1",
         "@apidevtools/json-schema-ref-parser": "^12.0.2",
         "@googleapis/sheets": "^12.0.0",
-        "gcp-metadata": "^8.1.2",
-        "@inquirer/checkbox": "^4.3.1",
-        "@inquirer/confirm": "^5.1.20",
-        "@inquirer/core": "^10.3.1",
-        "@inquirer/editor": "^4.2.22",
-        "@inquirer/input": "^4.3.0",
-        "@inquirer/select": "^4.4.1",
-        "@modelcontextprotocol/sdk": "^1.21.1",
-        "@openai/agents": "^0.3.0",
+        "@inquirer/checkbox": "^4.3.2",
+        "@inquirer/confirm": "^5.1.21",
+        "@inquirer/core": "^10.3.2",
+        "@inquirer/editor": "^4.2.23",
+        "@inquirer/input": "^4.3.1",
+        "@inquirer/select": "^4.4.2",
+        "@modelcontextprotocol/sdk": "^1.22.0",
+        "@openai/agents": "^0.3.2",
         "@types/ws": "^8.18.1",
         "ajv": "^8.17.1",
         "ajv-formats": "^3.0.1",
         "async": "^3.2.6",
-        "better-sqlite3": "12.4.1",
+        "better-sqlite3": "12.4.6",
         "binary-extensions": "^3.1.0",
         "cache-manager": "^4.1.0",
         "cache-manager-fs-hash": "^3.0.0",
@@ -261,25 +261,26 @@
         "express": "^5.1.0",
         "fast-deep-equal": "^3.1.3",
         "fast-safe-stringify": "^2.1.1",
-        "fast-xml-parser": "^5.3.1",
+        "fast-xml-parser": "^5.3.2",
         "fastest-levenshtein": "^1.0.16",
-        "glob": "^11.0.3",
-        "http-z": "^7.1.3",
+        "gcp-metadata": "^8.1.2",
+        "glob": "^13.0.0",
+        "http-z": "^8.1.1",
         "istextorbinary": "^9.5.0",
         "jks-js": "^1.1.4",
         "js-rouge": "^3.0.0",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
         "jsdom": "^26.1.0",
         "lru-cache": "^11.2.2",
-        "mathjs": "^14.9.1",
+        "mathjs": "^15.1.0",
         "minimatch": "^10.1.1",
         "node-cache": "^5.1.2",
         "nunjucks": "^3.2.4",
-        "openai": "^6.9.0",
+        "openai": "^6.9.1",
         "opener": "^1.5.2",
         "ora": "^5.4.1",
-        "pem": "^1.14.8",
-        "posthog-node": "^5.11.2",
+        "pem": "^1.15.1",
+        "posthog-node": "^5.13.2",
         "proxy-agent": "^6.5.0",
         "proxy-from-env": "^1.1.0",
         "python-shell": "^5.0.0",