[Snyk] Upgrade prompt from 1.1.0 to 1.3.0

[mikr13]

Snyk has created this PR to upgrade prompt from 1.1.0 to 1.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.

• The recommended version was released 4 years ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	696	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	696	Proof of Concept
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	696	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHSET-1320032	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept
	Code Injection SNYK-JS-SNYKGRADLEPLUGIN-8248487	696	No Known Exploit
	Code Injection SNYK-JS-SNYKPHPPLUGIN-8248485	696	No Known Exploit
	Command Injection SNYK-JS-SSH2-1656673	696	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	696	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	696	No Known Exploit
	Prototype Pollution SNYK-JS-UTILE-8706797	696	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	696	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	696	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	696	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	696	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	696	No Known Exploit
	Open Redirect SNYK-JS-GOT-2932019	696	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-I-1726768	696	No Known Exploit
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	696	Proof of Concept
	Prototype Pollution SNYK-JS-JSYAML-13961110	696	No Known Exploit
	Prototype Pollution SNYK-JS-JSYAML-13961110	696	No Known Exploit
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	696	No Known Exploit
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	696	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	696	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	696	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	696	No Known Exploit
	Command Injection SNYK-JS-SNYK-3037342	696	Proof of Concept
	Command Injection SNYK-JS-SNYK-3038622	696	Proof of Concept
	Code Injection SNYK-JS-SNYK-3111871	696	No Known Exploit
	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	696	Proof of Concept
	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	696	Proof of Concept
	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	696	Proof of Concept
	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	696	Proof of Concept
	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	696	Proof of Concept
	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	696	Proof of Concept
	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	696	Proof of Concept
	Command Injection SNYK-JS-SNYKSNYKHEXPLUGIN-3039680	696	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	696	Proof of Concept
	Symlink Attack SNYK-JS-TMP-11501554	696	Proof of Concept
	Symlink Attack SNYK-JS-TMP-11501554	696	Proof of Concept
	Symlink Attack SNYK-JS-TMP-11501554	696	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	696	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	696	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-SNYK-10497607	696	Proof of Concept
	Uninitialized Memory Exposure npm:utile:20180614	696	No Known Exploit

Release notes

Package name: prompt

• 1.3.0 - 2022-04-11
• 1.2.2 - 2022-02-17
• 1.2.1 - 2022-01-10
• 1.2.0 - 2021-08-25
• 1.1.0 - 2020-12-21
  

  1.1.0

from prompt GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[Copilot]

Pull request overview

This is an automated security upgrade PR created by Snyk to update the prompt dependency from version 1.2.0 to 1.3.0 in package.json. The upgrade addresses multiple security vulnerabilities in transitive dependencies, including high-severity issues like ReDoS, Prototype Pollution, CSRF, and various code injection vulnerabilities across packages such as ansi-regex, async, axios, braces, cross-spawn, and others.

• Updates the prompt package version in package.json to resolve 58 security vulnerabilities
• The prompt library is used for interactive CLI input in the S3 bucket downloader tool
• This is a minor version upgrade that should maintain backward compatibility

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The package.json shows an upgrade from ^1.2.0 to ^1.3.0, but the PR description states this is upgrading from version 1.1.0 to 1.3.0. Additionally, the package-lock.json already has version 1.3.0 resolved, which suggests it was already updated. This inconsistency indicates that the package.json and package-lock.json may have been out of sync. Ensure that both files are properly synchronized and that the package-lock.json is regenerated after updating package.json to avoid potential dependency resolution issues.