chore(deps-dev): bump promptfoo from 0.104.0 to 0.115.0 in /sdk-node

[dependabot]

Bumps promptfoo from 0.104.0 to 0.115.0.

Release notes

Sourced from promptfoo's releases.

0.115.0 (2025-06-12)

✨ Features

• feat(providers): Google live audio output (#4280) by @​adelmuursepp
• feat(webui): static model-scanning UI (#4368) by @​typpo
• feat(tests): configuration support for test generators (#4301) by @​mldangelo
• feat(cli): per-provider token-usage statistics (#4044) by @​mldangelo
• feat(providers): optional token-estimation for HTTP provider (#4439) by @​mldangelo
• feat(redteam): enable HTTP-token estimation by default in red-team mode (#4449) by @​mldangelo
• feat(redteam): cloud-based plugin-severity overrides (#4348) by @​will-holley
• feat(providers): custom-header support for Azure API (#4409) by @​yurchik11
• feat(core): maximum evaluation-time limit via PROMPTFOO_MAX_EVAL_TIME_MS (#4322) by @​mldangelo
• feat(redteam): Aegis red-team dataset (#4119) by @​mldangelo
• feat(providers): Mistral Magistral reasoning models (#4435) by @​mldangelo
• feat(core): WebSocket header support (#4456) by @​typpo

🐛 Fixes

• fix(eval): gracefully handle RangeError & truncate oversized output (#4424) by @​Sly1029
• fix(providers): add timeout to ProxyAgent (#4369) by @​AegisAurora
• fix(config): persist Goat configuration (#4370) by @​sklein12
• fix(parser): lenient JSON parsing for MathPrompt (#4361) by @​typpo
• fix(redteam): standardize plugin parameter to prompt (#4425) by @​mldangelo
• fix(assertions): support snake_case fields in Python assertions (#4398) by @​mldangelo
• fix(redteam): handle purpose without prompts (#4445) by @​typpo
• fix(webui): stream test-cases to viewer (#4440) by @​mldangelo
• fix(redteam): connect MisinformationDisinformationGrader (#4452) by @​mldangelo

♻️ Refactors

• refactor(redteam): consolidate constants (#4372) by @​mldangelo

📚 Documentation

• docs(blog): GPT red-team post (#4363) by @​typpo
• docs(blog): Claude red-team post (#4365) by @​typpo
• docs(guides): clarify completion-variable for factuality (#4385) by @​mldangelo
• docs(blog): fix broken image link in GPT post (#4391) by @​mldangelo
• docs(blog): update Claude-4 post date (#4392) by @​mldangelo
• docs(site): move discovery docs under Tools (#4408) by @​typpo
• docs(guides): GPT-4.1 vs GPT-4o MMLU comparison (#4399) by @​mldangelo
• docs(blog): 100 k-users milestone post (#4402) by @​mldangelo
• docs(redteam): configuration precedence section (#4412) by @​typpo
• docs(policies): PromptBlock format for custom policies (#4327) by @​mldangelo
• docs(site): improve copy-button positioning (#4414) by @​mldangelo
• docs(workflow): GH-CLI rule improvements (#4415) by @​mldangelo
• docs(blog): overflow in MCP blog post (#4367) by @​AISimplyExplained
• docs(redteam): remove duplicate memory-poisoning entry (#4388) by @​mldangelo

... (truncated)

Commits

• b33c2f1 chore: bump version 0.115.0 (#4451)
• 09c31a9 feat(providers): websocket header support (#4456)
• 8b54c92 test: add unit test for src/redteam/graders.ts (#4455)
• b57c6a6 fix(redteam): connect MisinformationDisinformationGrader for harmful:misinfor...
• fd7f469 test: add unit test for src/redteam/plugins/agentic/memoryPoisoning.ts (#4453)
• 95e1671 fix(webui): stream test cases to web viewer (#4440)
• 09feb5a chore: remove unused types, interfaces, and deprecated functions (#4450)
• bf5f710 feat(redteam): enable token estimation by default for HTTP providers in redte...
• acd51ac feat(providers): add Mistral Magistral reasoning models (#4435)
• e723c15 chore(webui): add token estimation to http provider in redteam setup ui (#4448)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​anthropic-ai/​bedrock-sdk@​0.10.4
	npm/​@​aws-sdk/​client-s3@​3.701.0
	npm/​@​aws-sdk/​client-ses@​3.758.0

View full report

[dependabot]

Superseded by #1034.