Skip to content

Bump drizzle-orm and promptfoo#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-d6dc8754a5
Open

Bump drizzle-orm and promptfoo#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-d6dc8754a5

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps drizzle-orm to 0.45.2 and updates ancestor dependency promptfoo. These dependencies need to be updated together.

Updates drizzle-orm from 0.44.7 to 0.45.2

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

  • Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

  • Fixed pg-native Pool detection in node-postgres transactions
  • Allowed subqueries in select fields
  • Updated typo algorythm => algorithm
  • Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
  • Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)
Commits
  • 273c780 + 0.45.2 (#5534)
  • 4aa6ecf Kit updates (#5490)
  • e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
  • a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
  • c445637 Merge pull request #5095 from drizzle-team/main-workflows
  • e7b3aaa Merge branch 'main' into main-workflows
  • 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
  • 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
  • 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
  • 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.


Updates promptfoo from 0.119.11 to 0.121.12

Release notes

Sourced from promptfoo's releases.

0.121.12

0.121.12 (2026-05-21)

Features

Bug Fixes

  • app: align table settings info buttons (#9249) (a3252e9)
  • app: improve custom metrics dialog readability (#9248) (a3eafa4)
  • app: sort custom metrics before truncation (#9246) (74d2f9d)
  • cache: include status in JSON parse errors (#9317) (bb64b2e)
  • cli: clearer errors for malformed eval imports (#9333) (869fd54)
  • code-scan: isolate action OIDC token env (#9309) (30c99e9)
  • code-scan: route logs to stderr for structured output (#9329) (06cce72)
  • code-scan: scope OIDC token to scan subprocess (#9308) (178b57a)
  • code-scan: skip unrelated default config startup (#9230) (335d809)
  • deps: avoid incompatible npm release-age config (#9244) (b8bfb73)
  • deps: bump nested ws to a non-vulnerable version (#9330) (1fe31a4)
  • deps: clear protobuf and langsmith alerts (#9219) (d0995b8)
  • deps: remove stray smithy lockfile root dependency (#9271) (8f34641)
  • deps: resolve active advisories (#9153) (47cd609)
  • deps: update anthropic packages (#9187) (a68ed8b)
  • deps: update dependency @​anthropic-ai/sdk to ^0.97.1 (#9316) (88bc094)
  • deps: update dependency @​inquirer/search to v4.1.9 (#9277) (7a7ae06)
  • deps: update dependency @​opentelemetry/exporter-trace-otlp-http to ^0.217.0 (#9193) (082cb22)
  • deps: update dependency ws to v8.20.1 [security] (#9275) (bac18de)
  • deps: update openai packages (#9189) (f2ceff3)
  • dev: use tsx watch for server (#9301) (f0280e6)
  • eval: allow header horizontal scrolling (#9245) (4e3fb27)
  • eval: preserve eval export import parity (#9310) (ef7f98e)
  • fetch: decompress fallback for compressed responses on Node 26 (#9218) (93f5f1e)
  • fetch: decompress pooled undici responses (#9234) (e193d61)
  • guard against empty choices and message=None in swe_runner example (#9263) (b6ce944)
  • isolate loadFunction cache entries (#9255) (1e3533e)

... (truncated)

Changelog

Sourced from promptfoo's changelog.

0.121.12 (2026-05-21)

Features

Bug Fixes

  • app: align table settings info buttons (#9249) (a3252e9)
  • app: improve custom metrics dialog readability (#9248) (a3eafa4)
  • app: sort custom metrics before truncation (#9246) (74d2f9d)
  • cache: include status in JSON parse errors (#9317) (bb64b2e)
  • cli: clearer errors for malformed eval imports (#9333) (869fd54)
  • code-scan: isolate action OIDC token env (#9309) (30c99e9)
  • code-scan: route logs to stderr for structured output (#9329) (06cce72)
  • code-scan: scope OIDC token to scan subprocess (#9308) (178b57a)
  • code-scan: skip unrelated default config startup (#9230) (335d809)
  • deps: avoid incompatible npm release-age config (#9244) (b8bfb73)
  • deps: bump nested ws to a non-vulnerable version (#9330) (1fe31a4)
  • deps: clear protobuf and langsmith alerts (#9219) (d0995b8)
  • deps: remove stray smithy lockfile root dependency (#9271) (8f34641)
  • deps: resolve active advisories (#9153) (47cd609)
  • deps: update anthropic packages (#9187) (a68ed8b)
  • deps: update dependency @​anthropic-ai/sdk to ^0.97.1 (#9316) (88bc094)
  • deps: update dependency @​inquirer/search to v4.1.9 (#9277) (7a7ae06)
  • deps: update dependency @​opentelemetry/exporter-trace-otlp-http to ^0.217.0 (#9193) (082cb22)
  • deps: update dependency ws to v8.20.1 [security] (#9275) (bac18de)
  • deps: update openai packages (#9189) (f2ceff3)
  • dev: use tsx watch for server (#9301) (f0280e6)
  • eval: allow header horizontal scrolling (#9245) (4e3fb27)
  • eval: preserve eval export import parity (#9310) (ef7f98e)
  • fetch: decompress fallback for compressed responses on Node 26 (#9218) (93f5f1e)
  • fetch: decompress pooled undici responses (#9234) (e193d61)
  • guard against empty choices and message=None in swe_runner example (#9263) (b6ce944)
  • isolate loadFunction cache entries (#9255) (1e3533e)
  • mcp: surface tool error results (#9320) (b600a27)
  • openclaw: support protocol negotiation for versions 3 and 4 (#9254) (4220562)
  • providers: aggregate command output deltas (#9204) (5f89b7c)

... (truncated)

Commits
  • 7b18902 chore(main): release 0.121.12 (#9150)
  • 869fd54 fix(cli): clearer errors for malformed eval imports (#9333)
  • 06cce72 fix(code-scan): route logs to stderr for structured output (#9329)
  • 5b804e0 fix(providers): honor max_tool_calls: 0 for Anthropic MCP (#9327)
  • 4ff8315 fix(providers): decompress mTLS HTTP responses on Node 26 (#9325)
  • d3bb58c fix(providers): tear down Realtime socket on response timeout (#9324)
  • bbd683c fix(providers): map Python worker stderr log levels (#9306)
  • 1fe31a4 fix(deps): bump nested ws to a non-vulnerable version (#9330)
  • f415d63 test(eval): harden runtime tag coverage (#9283)
  • 5a09980 feat(eval): support runtime tags (#9322)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for promptfoo since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 22, 2026
@dependabot
Bump drizzle-orm and promptfoo
01185c4 
Bumps [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) to 0.45.2 and updates ancestor dependency [promptfoo](https://github.com/promptfoo/promptfoo). These dependencies need to be updated together.


Updates `drizzle-orm` from 0.44.7 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.44.7...0.45.2)

Updates `promptfoo` from 0.119.11 to 0.121.12
- [Release notes](https://github.com/promptfoo/promptfoo/releases)
- [Changelog](https://github.com/promptfoo/promptfoo/blob/main/CHANGELOG.md)
- [Commits](promptfoo/promptfoo@0.119.11...0.121.12)

---
updated-dependencies:
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: indirect
- dependency-name: promptfoo
  dependency-version: 0.121.12
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-d6dc8754a5 branch from ca0bd03 to 01185c4 Compare May 23, 2026 04:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants