[Snyk] Upgrade prompt from 1.1.0 to 1.3.0 by mikr13 · Pull Request #324 · opendevs-org/S3-Bucket-Download

mikr13 · 2025-10-30T09:01:35Z

Snyk has created this PR to upgrade prompt from 1.1.0 to 1.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released 4 years ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	696	Proof of Concept
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	696	Proof of Concept
Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	696	Proof of Concept
Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	696	Proof of Concept
Prototype Pollution SNYK-JS-LODASHSET-1320032	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
Code Injection SNYK-JS-SNYKGRADLEPLUGIN-8248487	696	No Known Exploit
Code Injection SNYK-JS-SNYKPHPPLUGIN-8248485	696	No Known Exploit
Command Injection SNYK-JS-SSH2-1656673	696	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	696	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	696	No Known Exploit
Prototype Pollution SNYK-JS-UTILE-8706797	696	Proof of Concept
Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	696	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	696	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	696	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	696	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	696	No Known Exploit
Open Redirect SNYK-JS-GOT-2932019	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-I-1726768	696	No Known Exploit
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	696	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	696	No Known Exploit
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	696	No Known Exploit
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	696	No Known Exploit
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	696	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	696	No Known Exploit
Command Injection SNYK-JS-SNYK-3037342	696	Proof of Concept
Command Injection SNYK-JS-SNYK-3038622	696	Proof of Concept
Code Injection SNYK-JS-SNYK-3111871	696	No Known Exploit
Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	696	Proof of Concept
Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	696	Proof of Concept
Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	696	Proof of Concept
Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	696	Proof of Concept
Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	696	Proof of Concept
Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	696	Proof of Concept
Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	696	Proof of Concept
Command Injection SNYK-JS-SNYKSNYKHEXPLUGIN-3039680	696	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	696	Proof of Concept
Symlink Attack SNYK-JS-TMP-11501554	696	Proof of Concept
Symlink Attack SNYK-JS-TMP-11501554	696	Proof of Concept
Symlink Attack SNYK-JS-TMP-11501554	696	Proof of Concept
Prototype Pollution SNYK-JS-XML2JS-5414874	696	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	696	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	696	No Known Exploit
Insertion of Sensitive Information into Log File SNYK-JS-SNYK-10497607	696	Proof of Concept
Uninitialized Memory Exposure npm:utile:20180614	696	No Known Exploit

Release notes

Package name: prompt

1.3.0 - 2022-04-11
1.2.2 - 2022-02-17
1.2.1 - 2022-01-10
1.2.0 - 2021-08-25
1.1.0 - 2020-12-21
1.1.0

from prompt GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade prompt from 1.1.0 to 1.3.0. See this package in npm: prompt See this project in Snyk: https://app.snyk.io/org/mikr13/project/57521539-278b-42e8-9b34-51cc78f04622?utm_source=github&utm_medium=referral&page=upgrade-pr

Copilot

Pull Request Overview

This pull request updates dependency versions in the project, specifically upgrading the prompt library from version 1.2.0 to 1.3.0 and the development dependency snyk from 1.742.0 to 1.1300.1. The changes include updating both package.json and the corresponding package-lock.json file with all transitive dependency updates.

Key Changes

Upgraded prompt from ^1.2.0 to ^1.3.0
Upgraded snyk from ^1.742.0 to ^1.1300.1 (dev dependency)
Updated package-lock.json with new dependency tree reflecting the changes

Reviewed Changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updated version constraints for `prompt` (^1.3.0) and `snyk` (^1.1300.1) dependencies
package-lock.json	Updated lockfile with new resolved versions and dependency trees for prompt 1.3.0 and snyk 1.1300.1

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings October 30, 2025 09:01

Copilot AI reviewed Oct 30, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade prompt from 1.1.0 to 1.3.0#324

[Snyk] Upgrade prompt from 1.1.0 to 1.3.0#324
mikr13 wants to merge 1 commit intomasterfrom
snyk-upgrade-c31834581b58f7361763de6ae0836dae

mikr13 commented Oct 30, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

mikr13 commented Oct 30, 2025

Snyk has created this PR to upgrade prompt from 1.1.0 to 1.3.0.

Issues fixed by the recommended upgrade:

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Key Changes

Reviewed Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants