diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1b9ebb645..5f67b3b3f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - node-version: [16, 18] + node-version: [18, 20, 22] os: [ubuntu-latest, windows-latest] steps: diff --git a/lib/run/secure-fs.js b/lib/run/secure-fs.js index 9230336c2..20949d91b 100644 --- a/lib/run/secure-fs.js +++ b/lib/run/secure-fs.js @@ -8,6 +8,9 @@ const fs = require('fs'), FUNCTION = 'function', DEPRECATED_SYNC_WRITE_STREAM = 'SyncWriteStream', EXPERIMENTAL_PROMISE = 'promises', + DEPRECATED_FS_CONSTANTS = [ + 'F_OK', 'R_OK', 'W_OK', 'X_OK', 'COPYFILE_EXCL', 'COPYFILE_FICLONE', 'COPYFILE_FICLONE_FORCE' + ], // Use simple character check instead of regex to prevent regex attack /* @@ -143,7 +146,8 @@ SecureFS.prototype.resolvePathSync = function (relOrAbsPath, whiteList) { // Attach all functions in fs to postman-fs Object.getOwnPropertyNames(fs).map((prop) => { // Bail-out early to prevent fs module from logging warning for deprecated and experimental methods - if (prop === DEPRECATED_SYNC_WRITE_STREAM || prop === EXPERIMENTAL_PROMISE || typeof fs[prop] !== FUNCTION) { + if (prop === DEPRECATED_SYNC_WRITE_STREAM || prop === EXPERIMENTAL_PROMISE || + DEPRECATED_FS_CONSTANTS.includes(prop) || typeof fs[prop] !== FUNCTION) { return; } diff --git a/npm/test-cli.js b/npm/test-cli.js index 1990541ab..31b94a2a2 100755 --- a/npm/test-cli.js +++ b/npm/test-cli.js @@ -30,9 +30,34 @@ module.exports = function (exit) { return (file.substr(-8) === '.test.js'); }).forEach(mocha.addFile.bind(mocha)); - // override exec for it to become silent by default + // override exec for it to become silent by default and filter deprecation warnings global.exec = function (cmd, done) { - return exec(cmd, { silent: true }, done); + // Validate command starts with expected executables to prevent command injection + const allowedPrefixes = ['node ', 'newman ', './bin/newman'], + isAllowed = allowedPrefixes.some((prefix) => { return cmd.trim().startsWith(prefix); }); + + if (!isAllowed) { + const err = new Error(`Command not allowed: ${cmd}`); + + return done ? done(1, '', err.message) : undefined; + } + + return exec(cmd, { silent: true }, function (code, stdout, stderr) { + // Filter out Node.js deprecation warnings from stderr (e.g., DEP0040 punycode warning in Node 22) + // This prevents test failures when Node emits deprecation warnings + const filteredStderr = stderr.split('\n') + .filter((line) => { + // Filter out deprecation warning lines and the follow-up trace hint + return !line.match(/^\(node:\d+\) \[DEP\d+\] DeprecationWarning:/) && + !line.match(/^\(Use `node --trace-deprecation/); + }) + .join('\n'); + + // Call the original callback with filtered stderr + if (done) { + done(code, stdout, filteredStderr); + } + }); }; // start the mocha run diff --git a/package-lock.json b/package-lock.json index d53aef137..d8ba8695b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "Apache-2.0", "dependencies": { "@postman/tough-cookie": "4.1.3-postman.1", - "async": "3.2.5", + "async": "3.2.6", "chardet": "2.0.0", "cli-progress": "3.12.0", "cli-table3": "0.6.5", @@ -19,12 +19,12 @@ "csv-parse": "4.16.3", "filesize": "10.1.4", "liquid-json": "0.3.1", - "lodash": "4.17.21", + "lodash": "4.17.23", "mkdirp": "3.0.1", - "postman-collection": "4.4.0", + "postman-collection": "5.2.0", "postman-collection-transformer": "4.1.8", "postman-request": "2.88.1-postman.48", - "postman-runtime": "7.39.1", + "postman-runtime": "7.51.1", "pretty-ms": "7.0.1", "semver": "7.6.3", "serialised-error": "1.1.3", @@ -57,7 +57,7 @@ "xml2js": "^0.6.2" }, "engines": { - "node": ">=16" + "node": ">=18" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -928,6 +928,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.2.tgz", "integrity": "sha512-nc0Axzp/0FILLEVsm4fNwLCwMttvhEI263QtVPQcbpfZZ3ts0hLsZGOpE6czNlid7CJ9MlyH8reXkpsf3YUY4w==", "dev": true, + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -1179,9 +1180,10 @@ } }, "node_modules/async": { - "version": "3.2.5", - "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", - "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==" + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", + "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==", + "license": "MIT" }, "node_modules/asynckit": { "version": "0.4.0", @@ -1209,9 +1211,10 @@ } }, "node_modules/aws4": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.1.tgz", - "integrity": "sha512-u5w79Rd7SU4JaIlA/zFqG+gOiuq25q5VLyZ8E+ijJeILuTxVzZgp2CaGw/UTw6pXYN9XMO9yiqj/nEHmhTG5CA==" + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.2.tgz", + "integrity": "sha512-lHe62zvbTB5eEABUVi/AwVh0ZKY9rMMDhmm+eeyuuUQbQ3+J+fONVQOZyj+DdrvD4BY33uYniyRJ4UJIaSKAfw==", + "license": "MIT" }, "node_modules/balanced-match": { "version": "1.0.0", @@ -1477,6 +1480,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/charset/-/charset-1.0.1.tgz", "integrity": "sha512-6dVyOOYjpfFcL1Y4qChrAoQLRHvj2ziyhcm0QJlhOcAhykL/k1kTUPbeo+87MNRTRdk2OIIsIXbuF3x2wi5EXg==", + "license": "MIT", "engines": { "node": ">=4.0.0" } @@ -2274,6 +2278,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", "dev": true, + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -2840,8 +2845,7 @@ "node_modules/flatted": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", - "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==", - "dev": true + "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==" }, "node_modules/for-each": { "version": "0.3.3", @@ -4207,9 +4211,10 @@ } }, "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "license": "MIT" }, "node_modules/lodash.flattendeep": { "version": "4.4.0", @@ -4389,6 +4394,18 @@ "node": ">=8.6" } }, + "node_modules/mime": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-3.0.0.tgz", + "integrity": "sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=10.0.0" + } + }, "node_modules/mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", @@ -4398,9 +4415,10 @@ } }, "node_modules/mime-format": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/mime-format/-/mime-format-2.0.1.tgz", - "integrity": "sha512-XxU3ngPbEnrYnNbIX+lYSaYg0M01v6p2ntd2YaFksTu0vayaw5OJvbdRyWs07EYRlLED5qadUZ+xo+XhOvFhwg==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/mime-format/-/mime-format-2.0.2.tgz", + "integrity": "sha512-Y5ERWVcyh3sby9Fx2U5F1yatiTFjNsqF5NltihTWI9QgNtr5o3dbCZdcKa1l2wyfhnwwoP9HGNxga7LqZLA6gw==", + "license": "Apache-2.0", "dependencies": { "charset": "^1.0.0" } @@ -5286,9 +5304,9 @@ } }, "node_modules/postman-collection": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/postman-collection/-/postman-collection-4.4.0.tgz", - "integrity": "sha512-2BGDFcUwlK08CqZFUlIC8kwRJueVzPjZnnokWPtJCd9f2J06HBQpGL7t2P1Ud1NEsK9NHq9wdipUhWLOPj5s/Q==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/postman-collection/-/postman-collection-5.2.0.tgz", + "integrity": "sha512-ktjlchtpoCw+FZRg+WwnGWH1w9oQDNUBLSRh+9ETPqFAz3SupqHqRuMh74xjQ+PvTWY/WH2JR4ZW+1sH58Ul1g==", "license": "Apache-2.0", "dependencies": { "@faker-js/faker": "5.5.3", @@ -5297,14 +5315,14 @@ "iconv-lite": "0.6.3", "liquid-json": "0.3.1", "lodash": "4.17.21", - "mime-format": "2.0.1", - "mime-types": "2.1.35", - "postman-url-encoder": "3.0.5", - "semver": "7.5.4", + "mime": "3.0.0", + "mime-format": "2.0.2", + "postman-url-encoder": "3.0.8", + "semver": "7.7.1", "uuid": "8.3.2" }, "engines": { - "node": ">=10" + "node": ">=18" } }, "node_modules/postman-collection-transformer": { @@ -5333,6 +5351,12 @@ "node": ">= 12" } }, + "node_modules/postman-collection-transformer/node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "license": "MIT" + }, "node_modules/postman-collection-transformer/node_modules/semver": { "version": "7.5.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", @@ -5347,14 +5371,17 @@ "node": ">=10" } }, + "node_modules/postman-collection/node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "license": "MIT" + }, "node_modules/postman-collection/node_modules/semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", + "version": "7.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", + "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", "license": "ISC", - "dependencies": { - "lru-cache": "^6.0.0" - }, "bin": { "semver": "bin/semver.js" }, @@ -5409,41 +5436,35 @@ } }, "node_modules/postman-runtime": { - "version": "7.39.1", - "resolved": "https://registry.npmjs.org/postman-runtime/-/postman-runtime-7.39.1.tgz", - "integrity": "sha512-IRNrBE0l1K3ZqQhQVYgF6MPuqOB9HqYncal+a7RpSS+sysKLhJMkC9SfUn1HVuOpokdPkK92ykvPzj8kCOLYAg==", + "version": "7.51.1", + "resolved": "https://registry.npmjs.org/postman-runtime/-/postman-runtime-7.51.1.tgz", + "integrity": "sha512-R7sWoXEL0jsMdxvMc6vkDOlo2NxBGu9EXhOKCfm8+pRh63YS0Mu+WDooK/hFuM2Oe4GvPblJO1+Od+EsRugo9w==", "license": "Apache-2.0", "dependencies": { "@postman/tough-cookie": "4.1.3-postman.1", - "async": "3.2.5", - "aws4": "1.12.0", + "async": "3.2.6", + "aws4": "1.13.2", "handlebars": "4.7.8", "httpntlm": "1.8.13", - "jose": "4.14.4", + "jose": "5.10.0", "js-sha512": "0.9.0", - "lodash": "4.17.21", + "lodash": "4.17.23", "mime-types": "2.1.35", - "node-forge": "1.3.1", + "node-forge": "1.3.3", "node-oauth1": "1.3.0", "performance-now": "2.1.0", - "postman-collection": "4.4.0", - "postman-request": "2.88.1-postman.34", - "postman-sandbox": "4.7.1", - "postman-url-encoder": "3.0.5", + "postman-collection": "5.2.0", + "postman-request": "2.88.1-postman.48", + "postman-sandbox": "6.4.0", + "postman-url-encoder": "3.0.8", "serialised-error": "1.1.3", "strip-json-comments": "3.1.1", "uuid": "8.3.2" }, "engines": { - "node": ">=12" + "node": ">=18" } }, - "node_modules/postman-runtime/node_modules/aws4": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.12.0.tgz", - "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==", - "license": "MIT" - }, "node_modules/postman-runtime/node_modules/jose": { "version": "5.10.0", "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz", @@ -5456,31 +5477,39 @@ "version": "8.3.2", "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "license": "MIT", "bin": { "uuid": "dist/bin/uuid" } }, "node_modules/postman-sandbox": { - "version": "4.7.1", - "resolved": "https://registry.npmjs.org/postman-sandbox/-/postman-sandbox-4.7.1.tgz", - "integrity": "sha512-H2wYSLK0mB588IaxoLrLoPbpmxsIcwFtgaK2c8gAsAQ+TgYFePwb4qdeVcYDMqmwrLd77/ViXkjasP/sBMz1sQ==", + "version": "6.4.0", + "resolved": "https://registry.npmjs.org/postman-sandbox/-/postman-sandbox-6.4.0.tgz", + "integrity": "sha512-sOGlTsrLbTF+Clt2G6cKyduupMvTk6lZbnMFxcuy+18pOPnHji8Zd4GeZayifItvnrAGEWpFiK9pDyJCHHgYRw==", "license": "Apache-2.0", "dependencies": { "lodash": "4.17.21", - "postman-collection": "4.4.0", + "postman-collection": "5.2.0", "teleport-javascript": "1.0.0", - "uvm": "2.1.1" + "uvm": "4.0.1" }, "engines": { - "node": ">=10" + "node": ">=18" } }, + "node_modules/postman-sandbox/node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "license": "MIT" + }, "node_modules/postman-url-encoder": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.5.tgz", - "integrity": "sha512-jOrdVvzUXBC7C+9gkIkpDJ3HIxOHTIqjpQ4C1EMt1ZGeMvSEpbFCKq23DEfgsj46vMnDgyQf+1ZLp2Wm+bKSsA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.8.tgz", + "integrity": "sha512-EOgUMBazo7JNP4TDrd64TsooCiWzzo4143Ws8E8WYGEpn2PKpq+S4XRTDhuRTYHm3VKOpUZs7ZYZq7zSDuesqA==", + "license": "Apache-2.0", "dependencies": { - "punycode": "^2.1.1" + "punycode": "^2.3.1" }, "engines": { "node": ">=10" @@ -5552,9 +5581,10 @@ } }, "node_modules/punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "license": "MIT", "engines": { "node": ">=6" } @@ -6683,23 +6713,17 @@ } }, "node_modules/uvm": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/uvm/-/uvm-2.1.1.tgz", - "integrity": "sha512-BZ5w8adTpNNr+zczOBRpaX/hH8UPKAf7fmCnidrcsqt3bn8KT9bDIfuS7hgRU9RXgiN01su2pwysBONY6w8W5w==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/uvm/-/uvm-4.0.1.tgz", + "integrity": "sha512-16Fgrcg/lSZzCoLKKTZ6+sne28XfLBus3XI4czylDj+cDPMecr65DprLRq5fzMZgRpTbnkh2BDpdUuI1AmEuVQ==", "license": "Apache-2.0", "dependencies": { - "flatted": "3.2.6" + "flatted": "3.3.1" }, "engines": { - "node": ">=10" + "node": ">=18" } }, - "node_modules/uvm/node_modules/flatted": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.6.tgz", - "integrity": "sha512-0sQoMh9s0BYsm+12Huy/rkKxVu4R1+r96YX5cG44rHV0pQ6iC3Q+mkoMFaGWObMFYQxCVT+ssG1ksneA2MI9KQ==", - "license": "ISC" - }, "node_modules/validate-npm-package-license": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", @@ -7772,7 +7796,8 @@ "version": "8.11.2", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.2.tgz", "integrity": "sha512-nc0Axzp/0FILLEVsm4fNwLCwMttvhEI263QtVPQcbpfZZ3ts0hLsZGOpE6czNlid7CJ9MlyH8reXkpsf3YUY4w==", - "dev": true + "dev": true, + "peer": true }, "acorn-jsx": { "version": "5.3.2", @@ -7957,9 +7982,9 @@ "dev": true }, "async": { - "version": "3.2.5", - "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", - "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==" + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", + "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==" }, "asynckit": { "version": "0.4.0", @@ -7978,9 +8003,9 @@ "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=" }, "aws4": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.1.tgz", - "integrity": "sha512-u5w79Rd7SU4JaIlA/zFqG+gOiuq25q5VLyZ8E+ijJeILuTxVzZgp2CaGw/UTw6pXYN9XMO9yiqj/nEHmhTG5CA==" + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.13.2.tgz", + "integrity": "sha512-lHe62zvbTB5eEABUVi/AwVh0ZKY9rMMDhmm+eeyuuUQbQ3+J+fONVQOZyj+DdrvD4BY33uYniyRJ4UJIaSKAfw==" }, "balanced-match": { "version": "1.0.0", @@ -8844,6 +8869,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", "dev": true, + "peer": true, "requires": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -9243,8 +9269,7 @@ "flatted": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", - "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==", - "dev": true + "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==" }, "for-each": { "version": "0.3.3", @@ -10235,9 +10260,9 @@ } }, "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==" }, "lodash.flattendeep": { "version": "4.4.0", @@ -10373,15 +10398,20 @@ "picomatch": "^2.3.1" } }, + "mime": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-3.0.0.tgz", + "integrity": "sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==" + }, "mime-db": { "version": "1.52.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==" }, "mime-format": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/mime-format/-/mime-format-2.0.1.tgz", - "integrity": "sha512-XxU3ngPbEnrYnNbIX+lYSaYg0M01v6p2ntd2YaFksTu0vayaw5OJvbdRyWs07EYRlLED5qadUZ+xo+XhOvFhwg==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/mime-format/-/mime-format-2.0.2.tgz", + "integrity": "sha512-Y5ERWVcyh3sby9Fx2U5F1yatiTFjNsqF5NltihTWI9QgNtr5o3dbCZdcKa1l2wyfhnwwoP9HGNxga7LqZLA6gw==", "requires": { "charset": "^1.0.0" } @@ -11049,9 +11079,9 @@ } }, "postman-collection": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/postman-collection/-/postman-collection-4.4.0.tgz", - "integrity": "sha512-2BGDFcUwlK08CqZFUlIC8kwRJueVzPjZnnokWPtJCd9f2J06HBQpGL7t2P1Ud1NEsK9NHq9wdipUhWLOPj5s/Q==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/postman-collection/-/postman-collection-5.2.0.tgz", + "integrity": "sha512-ktjlchtpoCw+FZRg+WwnGWH1w9oQDNUBLSRh+9ETPqFAz3SupqHqRuMh74xjQ+PvTWY/WH2JR4ZW+1sH58Ul1g==", "requires": { "@faker-js/faker": "5.5.3", "file-type": "3.9.0", @@ -11059,20 +11089,22 @@ "iconv-lite": "0.6.3", "liquid-json": "0.3.1", "lodash": "4.17.21", - "mime-format": "2.0.1", - "mime-types": "2.1.35", - "postman-url-encoder": "3.0.5", - "semver": "7.5.4", + "mime": "3.0.0", + "mime-format": "2.0.2", + "postman-url-encoder": "3.0.8", + "semver": "7.7.1", "uuid": "8.3.2" }, "dependencies": { + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + }, "semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "requires": { - "lru-cache": "^6.0.0" - } + "version": "7.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", + "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==" }, "uuid": { "version": "8.3.2", @@ -11098,6 +11130,11 @@ "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==" }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + }, "semver": { "version": "7.5.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", @@ -11143,36 +11180,31 @@ } }, "postman-runtime": { - "version": "7.39.1", - "resolved": "https://registry.npmjs.org/postman-runtime/-/postman-runtime-7.39.1.tgz", - "integrity": "sha512-IRNrBE0l1K3ZqQhQVYgF6MPuqOB9HqYncal+a7RpSS+sysKLhJMkC9SfUn1HVuOpokdPkK92ykvPzj8kCOLYAg==", + "version": "7.51.1", + "resolved": "https://registry.npmjs.org/postman-runtime/-/postman-runtime-7.51.1.tgz", + "integrity": "sha512-R7sWoXEL0jsMdxvMc6vkDOlo2NxBGu9EXhOKCfm8+pRh63YS0Mu+WDooK/hFuM2Oe4GvPblJO1+Od+EsRugo9w==", "requires": { "@postman/tough-cookie": "4.1.3-postman.1", - "async": "3.2.5", - "aws4": "1.12.0", + "async": "3.2.6", + "aws4": "1.13.2", "handlebars": "4.7.8", "httpntlm": "1.8.13", "jose": "5.10.0", "js-sha512": "0.9.0", - "lodash": "4.17.21", + "lodash": "4.17.23", "mime-types": "2.1.35", "node-forge": "1.3.3", "node-oauth1": "1.3.0", "performance-now": "2.1.0", - "postman-collection": "4.4.0", + "postman-collection": "5.2.0", "postman-request": "2.88.1-postman.48", - "postman-sandbox": "4.7.1", - "postman-url-encoder": "3.0.5", + "postman-sandbox": "6.4.0", + "postman-url-encoder": "3.0.8", "serialised-error": "1.1.3", "strip-json-comments": "3.1.1", "uuid": "8.3.2" }, "dependencies": { - "aws4": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.12.0.tgz", - "integrity": "sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg==" - }, "jose": { "version": "5.10.0", "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz", @@ -11186,22 +11218,29 @@ } }, "postman-sandbox": { - "version": "4.7.1", - "resolved": "https://registry.npmjs.org/postman-sandbox/-/postman-sandbox-4.7.1.tgz", - "integrity": "sha512-H2wYSLK0mB588IaxoLrLoPbpmxsIcwFtgaK2c8gAsAQ+TgYFePwb4qdeVcYDMqmwrLd77/ViXkjasP/sBMz1sQ==", + "version": "6.4.0", + "resolved": "https://registry.npmjs.org/postman-sandbox/-/postman-sandbox-6.4.0.tgz", + "integrity": "sha512-sOGlTsrLbTF+Clt2G6cKyduupMvTk6lZbnMFxcuy+18pOPnHji8Zd4GeZayifItvnrAGEWpFiK9pDyJCHHgYRw==", "requires": { "lodash": "4.17.21", - "postman-collection": "4.4.0", + "postman-collection": "5.2.0", "teleport-javascript": "1.0.0", - "uvm": "2.1.1" + "uvm": "4.0.1" + }, + "dependencies": { + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + } } }, "postman-url-encoder": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.5.tgz", - "integrity": "sha512-jOrdVvzUXBC7C+9gkIkpDJ3HIxOHTIqjpQ4C1EMt1ZGeMvSEpbFCKq23DEfgsj46vMnDgyQf+1ZLp2Wm+bKSsA==", + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.8.tgz", + "integrity": "sha512-EOgUMBazo7JNP4TDrd64TsooCiWzzo4143Ws8E8WYGEpn2PKpq+S4XRTDhuRTYHm3VKOpUZs7ZYZq7zSDuesqA==", "requires": { - "punycode": "^2.1.1" + "punycode": "^2.3.1" } }, "prelude-ls": { @@ -11255,9 +11294,9 @@ } }, "punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==" }, "qs": { "version": "6.14.1", @@ -12121,18 +12160,11 @@ "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" }, "uvm": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/uvm/-/uvm-2.1.1.tgz", - "integrity": "sha512-BZ5w8adTpNNr+zczOBRpaX/hH8UPKAf7fmCnidrcsqt3bn8KT9bDIfuS7hgRU9RXgiN01su2pwysBONY6w8W5w==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/uvm/-/uvm-4.0.1.tgz", + "integrity": "sha512-16Fgrcg/lSZzCoLKKTZ6+sne28XfLBus3XI4czylDj+cDPMecr65DprLRq5fzMZgRpTbnkh2BDpdUuI1AmEuVQ==", "requires": { - "flatted": "3.2.6" - }, - "dependencies": { - "flatted": { - "version": "3.2.6", - "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.6.tgz", - "integrity": "sha512-0sQoMh9s0BYsm+12Huy/rkKxVu4R1+r96YX5cG44rHV0pQ6iC3Q+mkoMFaGWObMFYQxCVT+ssG1ksneA2MI9KQ==" - } + "flatted": "3.3.1" } }, "validate-npm-package-license": { diff --git a/package.json b/package.json index 82e15251d..467f85040 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ }, "dependencies": { "@postman/tough-cookie": "4.1.3-postman.1", - "async": "3.2.5", + "async": "3.2.6", "chardet": "2.0.0", "cli-progress": "3.12.0", "cli-table3": "0.6.5", @@ -46,12 +46,12 @@ "csv-parse": "4.16.3", "filesize": "10.1.4", "liquid-json": "0.3.1", - "lodash": "4.17.21", + "lodash": "4.17.23", "mkdirp": "3.0.1", - "postman-collection": "4.4.0", + "postman-collection": "5.2.0", "postman-collection-transformer": "4.1.8", "postman-request": "2.88.1-postman.48", - "postman-runtime": "7.39.1", + "postman-runtime": "7.51.1", "pretty-ms": "7.0.1", "semver": "7.6.3", "serialised-error": "1.1.3", @@ -81,11 +81,6 @@ "xml2js": "^0.6.2" }, "engines": { - "node": ">=16" - }, - "overrides": { - "postman-request": "2.88.1-postman.48", - "node-forge": "1.3.3", - "jose": "5.10.0" + "node": ">=18" } } diff --git a/test/cli/run-options.test.js b/test/cli/run-options.test.js index 274b0f489..750fa684e 100644 --- a/test/cli/run-options.test.js +++ b/test/cli/run-options.test.js @@ -112,7 +112,7 @@ describe('CLI run options', function () { describe('script timeouts', function () { it('should be handled correctly when breached', function (done) { // eslint-disable-next-line max-len - exec('node ./bin/newman.js run test/integration/timeout/timeout.postman_collection.json --timeout-script 5', function (code) { + exec('node ./bin/newman.js run test/integration/timeout/timeout.postman_collection.json --timeout-script 100', function (code) { // .to.be.(1) is not used as the windows exit code can be an arbitrary non-zero value expect(code, 'should have non-zero exit code').to.be.above(0); done(); @@ -121,7 +121,7 @@ describe('CLI run options', function () { it('should be handled correctly when not breached', function (done) { // eslint-disable-next-line max-len - exec('node ./bin/newman.js run test/integration/timeout/timeout.postman_collection.json --timeout-script 500', function (code) { + exec('node ./bin/newman.js run test/integration/timeout/timeout.postman_collection.json --timeout-script 800', function (code) { expect(code, 'should have exit code of 0').to.equal(0); done(); }); diff --git a/test/integration/protocol-version-auto.postman_collection.json b/test/integration/protocol-version-auto.postman_collection.json new file mode 100644 index 000000000..7a8522c02 --- /dev/null +++ b/test/integration/protocol-version-auto.postman_collection.json @@ -0,0 +1,201 @@ +{ + "info": { + "name": "ProtocolVersion auto Smoke Test", + "description": "Smoke test using protocolVersion: 'auto' - catches catastrophic failures like the Node 22 undici bug in 6.2.0", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" + }, + "item": [ + { + "name": "ProtocolVersion auto GET Request", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('GET request succeeded', function () {", + " pm.response.to.have.status(200);", + "});", + "", + "pm.test('Response has body', function () {", + " pm.expect(pm.response.text()).to.be.a('string').and.not.be.empty;", + "});" + ] + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": "https://postman-echo.com/get?test=http2", + "description": "Basic GET request to test ProtocolVersion auto compatibility" + } + }, + { + "name": "ProtocolVersion auto POST Request", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('POST request succeeded', function () {", + " pm.response.to.have.status(200);", + "});", + "", + "pm.test('Response contains posted data', function () {", + " const jsonData = pm.response.json();", + " pm.expect(jsonData.data).to.equal('test data for ProtocolVersion auto');", + "});" + ] + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "text/plain" + } + ], + "body": { + "mode": "raw", + "raw": "test data for ProtocolVersion auto" + }, + "url": "https://postman-echo.com/post", + "description": "POST request to test ProtocolVersion auto with body" + } + }, + { + "name": "ProtocolVersion auto with Headers", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('Request with custom headers succeeded', function () {", + " pm.response.to.have.status(200);", + "});", + "", + "pm.test('Custom headers were sent', function () {", + " const jsonData = pm.response.json();", + " pm.expect(jsonData.headers['x-custom-header']).to.equal('http2-test');", + "});" + ] + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "X-Custom-Header", + "value": "http2-test" + } + ], + "url": "https://postman-echo.com/headers", + "description": "Test ProtocolVersion auto with custom headers" + } + }, + { + "name": "ProtocolVersion auto Response Streaming", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('Streaming request succeeded', function () {", + " pm.response.to.have.status(200);", + "});", + "", + "pm.test('Response has expected size', function () {", + " pm.expect(pm.response.text().length).to.be.greaterThan(0);", + "});" + ] + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": "https://postman-echo.com/stream/3", + "description": "Test ProtocolVersion auto with streaming response" + } + }, + { + "name": "ProtocolVersion auto with Redirects", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('Redirect was followed successfully', function () {", + " pm.response.to.have.status(200);", + "});" + ] + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": "https://postman-echo.com/redirect-to?url=https://postman-echo.com/get", + "description": "Test ProtocolVersion auto with redirects" + } + }, + { + "name": "ProtocolVersion auto Different Status Codes", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('404 status code received correctly', function () {", + " pm.response.to.have.status(404);", + "});" + ] + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": "https://postman-echo.com/status/404", + "description": "Test ProtocolVersion auto with different status codes" + } + }, + { + "name": "ProtocolVersion auto JSON Response", + "event": [ + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "pm.test('JSON response parsed successfully', function () {", + " const jsonData = pm.response.json();", + " pm.expect(jsonData).to.be.an('object');", + "});", + "", + "pm.test('Response has expected structure', function () {", + " const jsonData = pm.response.json();", + " pm.expect(jsonData.slideshow).to.be.an('object');", + "});" + ] + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": "https://httpbin.org/json", + "description": "Test ProtocolVersion auto with JSON response parsing" + } + } + ] +} diff --git a/test/integration/timeout/timeout.postman_collection.json b/test/integration/timeout/timeout.postman_collection.json index 484b08b91..121c2499a 100644 --- a/test/integration/timeout/timeout.postman_collection.json +++ b/test/integration/timeout/timeout.postman_collection.json @@ -6,7 +6,7 @@ "type": "text/javascript", "exec": [ "var now = Date.now(),", - " later = now + 300;", + " later = now + 700;", "while(Date.now() < later);" ] } diff --git a/test/library/run-options.test.js b/test/library/run-options.test.js index 1cde857dd..963a14670 100644 --- a/test/library/run-options.test.js +++ b/test/library/run-options.test.js @@ -225,7 +225,7 @@ describe('Newman run options', function () { it('should be handled correctly when breached', function (done) { newman.run({ collection: 'test/integration/timeout/timeout.postman_collection.json', - timeout: 1000 + timeout: 100 }, function (err, summary) { expect(err.message).to.equal('callback timed out'); expect(summary).to.be.ok; diff --git a/test/system/repository.test.js b/test/system/repository.test.js index 8df3cbb89..275e6cd2e 100644 --- a/test/system/repository.test.js +++ b/test/system/repository.test.js @@ -48,7 +48,7 @@ describe('project repository', function () { expect(json.keywords).to.eql(['newman', 'postman', 'api', 'testing', 'ci', 'rest-client', 'rest']); expect(json).to.have.property('engines'); - expect(json.engines).to.eql({ node: '>=16' }); + expect(json.engines).to.eql({ node: '>=18' }); }); it('should have a valid version string in form of ..', function () {