Skip to content

chore(deps-dev): bump promptfoo from 0.121.3 to 0.121.17 in /examples/promptfoo#6

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/promptfoo/promptfoo-0.121.17
Open

chore(deps-dev): bump promptfoo from 0.121.3 to 0.121.17 in /examples/promptfoo#6
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/examples/promptfoo/promptfoo-0.121.17

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown

Bumps promptfoo from 0.121.3 to 0.121.17.

Release notes

Sourced from promptfoo's releases.

0.121.17

0.121.17 (2026-06-16)

Bug Fixes

  • docker: bump pinned Python to 3.14 to match the Alpine base image (#9769) (24fc5be)
  • docker: unpin Python minor by default so Alpine drift can't break the build (#9771) (c69ef40)
  • matchers: drop stranded list markers in RAGAS context-relevance segmentation (#9767) (b06eb88)
  • sanitizer: stop over-redacting benign url values that mention a credential keyword (#9764) (77abc5e)

0.121.16

0.121.16 (2026-06-16)

Features

  • providers: add Claude Fable and Mythos support (#9671) (09435af)
  • redteam: publish all four promptfoo skills to the Claude Code marketplace (#9665) (53a7266)

Bug Fixes

  • address AI quality findings (#9637) (c54a306)
  • assertions: correct BLEU brevity penalty formula (#9717) (2a97af6)
  • assertions: honor a test/assert-set threshold of 0 (#9736) (2547025)
  • assertions: honor inverse (not-) for cost, latency, and perplexity (#9725) (1c9daa0)
  • assertions: honor inverse (not-) for levenshtein assertion (#9722) (560ea2d)
  • assertions: honor inverse for not-moderation (#9738) (c56c712)
  • assertions: make BLEU closest-reference tie-break order-independent (#9718) (051fbf9)
  • assertions: make not-similar with an array require dissimilarity to all values (#9737) (6c3e7bb)
  • assertions: report best similarity score when no array value passes (#9721) (94eaaf3)
  • assertions: respect inverse when an object value can't parse output as JSON (#9626) (052a4e1)
  • assertions: score ROUGE case-insensitively (#9739) (386c012)
  • assertions: stop BLEU collapsing scores for short candidates (#9740) (ec0e225)
  • build: make biome Style Check run deterministically (fix stack-overflow no-op) + fix unmasked lint errors (#9631) (836733f)
  • ci: update architecture edge baseline for evalTableUtils CSV imports (#9633) (ea3348e)
  • cli: accept falsy provider outputs in validation (#9644) (c5e4b80)
  • code-scan: keep SARIF skip errors off stdout (#9690) (e1e062d)
  • code-scan: restore log level after structured scans (#9196) (ca4821c)
  • codex: propagate trace identity to CLI telemetry (#9703) (29db0a8)
  • csv: unescape all escaped commas in array metadata values (#9757) (9ef75a2)
  • deps: constrain undici to <7.27.1 to fix Node 26 "terminated" error (#9668) (2774371)
  • deps: gate Content-Encoding strip after decompress and require undici >=7.27.1 <8 (#9683) (d6031dc)
  • deps: pin undici to 7.27.1 (#9711) (67ae571)
  • deps: update anthropic packages (#9634) (d932250)
  • deps: update anthropic packages (#9651) (4fcaa87)
  • deps: update anthropic packages (#9733) (b320a7b)
  • deps: update dependency @​opentelemetry/core to v2.8.0 [security] (#9754) (fd11498)
  • eval: escape CSV formula injection in result exports (#9609) (c039bff)

... (truncated)

Changelog

Sourced from promptfoo's changelog.

0.121.17 (2026-06-16)

Bug Fixes

  • docker: bump pinned Python to 3.14 to match the Alpine base image (#9769) (24fc5be)
  • docker: unpin Python minor by default so Alpine drift can't break the build (#9771) (c69ef40)
  • matchers: drop stranded list markers in RAGAS context-relevance segmentation (#9767) (b06eb88)
  • sanitizer: stop over-redacting benign url values that mention a credential keyword (#9764) (77abc5e)

0.121.16 (2026-06-16)

Features

  • providers: add Claude Fable and Mythos support (#9671) (09435af)
  • redteam: publish all four promptfoo skills to the Claude Code marketplace (#9665) (53a7266)

Bug Fixes

  • address AI quality findings (#9637) (c54a306)
  • assertions: correct BLEU brevity penalty formula (#9717) (2a97af6)
  • assertions: honor a test/assert-set threshold of 0 (#9736) (2547025)
  • assertions: honor inverse (not-) for cost, latency, and perplexity (#9725) (1c9daa0)
  • assertions: honor inverse (not-) for levenshtein assertion (#9722) (560ea2d)
  • assertions: honor inverse for not-moderation (#9738) (c56c712)
  • assertions: make BLEU closest-reference tie-break order-independent (#9718) (051fbf9)
  • assertions: make not-similar with an array require dissimilarity to all values (#9737) (6c3e7bb)
  • assertions: report best similarity score when no array value passes (#9721) (94eaaf3)
  • assertions: respect inverse when an object value can't parse output as JSON (#9626) (052a4e1)
  • assertions: score ROUGE case-insensitively (#9739) (386c012)
  • assertions: stop BLEU collapsing scores for short candidates (#9740) (ec0e225)
  • build: make biome Style Check run deterministically (fix stack-overflow no-op) + fix unmasked lint errors (#9631) (836733f)
  • ci: update architecture edge baseline for evalTableUtils CSV imports (#9633) (ea3348e)
  • cli: accept falsy provider outputs in validation (#9644) (c5e4b80)
  • code-scan: keep SARIF skip errors off stdout (#9690) (e1e062d)
  • code-scan: restore log level after structured scans (#9196) (ca4821c)
  • codex: propagate trace identity to CLI telemetry (#9703) (29db0a8)
  • csv: unescape all escaped commas in array metadata values (#9757) (9ef75a2)
  • deps: constrain undici to <7.27.1 to fix Node 26 "terminated" error (#9668) (2774371)
  • deps: gate Content-Encoding strip after decompress and require undici >=7.27.1 <8 (#9683) (d6031dc)
  • deps: pin undici to 7.27.1 (#9711) (67ae571)
  • deps: update anthropic packages (#9634) (d932250)
  • deps: update anthropic packages (#9651) (4fcaa87)
  • deps: update anthropic packages (#9733) (b320a7b)
  • deps: update dependency @​opentelemetry/core to v2.8.0 [security] (#9754) (fd11498)
  • eval: escape CSV formula injection in result exports (#9609) (c039bff)
  • eval: handle config directory inputs without promptfooconfig (#7825) (30dc14b)
  • eval: restore CSV export architecture boundary (#9630) (7aaa3ed)
  • honor remote data-sharing controls (#9664) (49a175a)
  • http: redact transformed request debug logs (#9425) (4190a3c)
  • matchers: respect filtered remote target context (#9704) (86ec3ab)

... (truncated)

Commits
  • 8be17c3 chore(main): release 0.121.17 (#9770)
  • c69ef40 fix(docker): unpin Python minor by default so Alpine drift can't break the bu...
  • 24fc5be fix(docker): bump pinned Python to 3.14 to match the Alpine base image (#9769)
  • b06eb88 fix(matchers): drop stranded list markers in RAGAS context-relevance segmenta...
  • 77abc5e fix(sanitizer): stop over-redacting benign url values that mention a credenti...
  • 964f01f chore(main): release 0.121.16 (#9629)
  • 8a1bec2 fix(redteam): surface remote generation body read failures (#9751)
  • e029151 fix(share): preserve blob refs per result row (#9749)
  • 9ef75a2 fix(csv): unescape all escaped commas in array metadata values (#9757)
  • c7a2881 chore(deps): bump pypdf from 6.12.0 to 6.12.2 in /examples/eval-rag-full in t...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [promptfoo](https://github.com/promptfoo/promptfoo) from 0.121.3 to 0.121.17.
- [Release notes](https://github.com/promptfoo/promptfoo/releases)
- [Changelog](https://github.com/promptfoo/promptfoo/blob/main/CHANGELOG.md)
- [Commits](promptfoo/promptfoo@0.121.3...0.121.17)

---
updated-dependencies:
- dependency-name: promptfoo
  dependency-version: 0.121.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants