postman-runtime 7.40.0-beta.1 → 7.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.yaml +29 -0
- package/README.md +3 -0
- package/dist/index.js +1 -1
- package/lib/backpack/index.js +1 -1
- package/lib/requester/core-body-builder.js +4 -4
- package/lib/requester/core.js +9 -5
- package/lib/requester/request-wrapper.js +0 -5
- package/lib/requester/requester-pool.js +1 -0
- package/lib/requester/requester.js +3 -2
- package/lib/runner/extensions/event.command.js +12 -3
- package/lib/runner/extensions/http-request.command.js +2 -2
- package/lib/runner/extensions/item.command.js +6 -4
- package/lib/runner/index.js +1 -1
- package/lib/runner/run.js +2 -2
- package/lib/runner/util.js +2 -2
- package/package.json +19 -17
package/lib/backpack/index.js
CHANGED
|
@@ -116,7 +116,7 @@ module.exports = backpack = {
|
|
|
116
116
|
// if any flag is not defined, we exit. when all flags hold a value, we know that the end callback has to be
|
|
117
117
|
// executed.
|
|
118
118
|
for (var i = 0, ii = flags.length; i < ii; i++) {
|
|
119
|
-
if (!Object.
|
|
119
|
+
if (!Object.hasOwn(status, flags[i])) { return; }
|
|
120
120
|
}
|
|
121
121
|
|
|
122
122
|
sealed = true;
|
|
@@ -102,7 +102,7 @@ urlEncodedBodyReducer = function (form, param) {
|
|
|
102
102
|
value = param.value;
|
|
103
103
|
|
|
104
104
|
// add the parameter to the form while accounting for duplicate values
|
|
105
|
-
if (!Object.
|
|
105
|
+
if (!Object.hasOwn(form, key)) {
|
|
106
106
|
form[key] = value;
|
|
107
107
|
|
|
108
108
|
return form;
|
|
@@ -273,15 +273,15 @@ module.exports = {
|
|
|
273
273
|
// stringified content. This avoids parsing the variables.
|
|
274
274
|
body = [];
|
|
275
275
|
|
|
276
|
-
if (Object.
|
|
276
|
+
if (Object.hasOwn(content, 'query') && (typeof content.query === STRING)) {
|
|
277
277
|
body.push('"query":' + JSON.stringify(content.query));
|
|
278
278
|
}
|
|
279
279
|
|
|
280
|
-
if (Object.
|
|
280
|
+
if (Object.hasOwn(content, 'operationName') && (typeof content.operationName === STRING)) {
|
|
281
281
|
body.push('"operationName":' + JSON.stringify(content.operationName));
|
|
282
282
|
}
|
|
283
283
|
|
|
284
|
-
if (Object.
|
|
284
|
+
if (Object.hasOwn(content, 'variables') && (typeof content.variables === STRING) &&
|
|
285
285
|
// even though users are free to send even malformed json string, the case of empty string has to be
|
|
286
286
|
// specially disallowed since in most default cases if a text editor is used to accept this data, it will
|
|
287
287
|
// send a blank string for an empty text-editor state and that would be an error flow. That implies majority
|
package/lib/requester/core.js
CHANGED
|
@@ -82,7 +82,10 @@ var dns = require('dns'),
|
|
|
82
82
|
|
|
83
83
|
// removes the `referer` header when a redirect happens (default: false)
|
|
84
84
|
// @note `referer` header set in the initial request will be preserved during redirect chain
|
|
85
|
-
removeRefererHeader: 'removeRefererHeaderOnRedirect'
|
|
85
|
+
removeRefererHeader: 'removeRefererHeaderOnRedirect',
|
|
86
|
+
|
|
87
|
+
// Select the HTTP protocol version to be used. Valid options are http1/http2/auto
|
|
88
|
+
protocolVersion: 'protocolVersion'
|
|
86
89
|
},
|
|
87
90
|
|
|
88
91
|
/**
|
|
@@ -173,7 +176,7 @@ var dns = require('dns'),
|
|
|
173
176
|
});
|
|
174
177
|
|
|
175
178
|
for (key in systemHeaders) {
|
|
176
|
-
if (Object.
|
|
179
|
+
if (Object.hasOwn(systemHeaders, key)) {
|
|
177
180
|
// upsert instead of add to replace user-defined headers also
|
|
178
181
|
headers.upsert({
|
|
179
182
|
key: key,
|
|
@@ -254,7 +257,7 @@ var dns = require('dns'),
|
|
|
254
257
|
|
|
255
258
|
done = function (type) {
|
|
256
259
|
if (!called) {
|
|
257
|
-
callback(type === S_CONNECT ? null : true); // eslint-disable-line callback-return
|
|
260
|
+
callback(type === S_CONNECT ? null : true); // eslint-disable-line n/callback-return
|
|
258
261
|
called = true;
|
|
259
262
|
this.destroy();
|
|
260
263
|
}
|
|
@@ -375,7 +378,7 @@ var dns = require('dns'),
|
|
|
375
378
|
// bail out if property or defaultOpts is not defined
|
|
376
379
|
if (!(property && defaultOpts)) { return; }
|
|
377
380
|
|
|
378
|
-
if (Object.
|
|
381
|
+
if (Object.hasOwn(protocolProfileBehavior, property)) {
|
|
379
382
|
return protocolProfileBehavior[property];
|
|
380
383
|
}
|
|
381
384
|
|
|
@@ -399,6 +402,7 @@ module.exports = {
|
|
|
399
402
|
* @param defaultOpts.followOriginalHttpMethod
|
|
400
403
|
* @param defaultOpts.maxRedirects
|
|
401
404
|
* @param defaultOpts.maxResponseSize
|
|
405
|
+
* @param defaultOpts.protocolVersion
|
|
402
406
|
* @param defaultOpts.implicitCacheControl
|
|
403
407
|
* @param defaultOpts.implicitTraceHeader
|
|
404
408
|
* @param defaultOpts.removeRefererHeaderOnRedirect
|
|
@@ -665,7 +669,7 @@ module.exports = {
|
|
|
665
669
|
//
|
|
666
670
|
// @note if you'd like to support additional body types beyond formdata, url-encoding, etc, add the same to
|
|
667
671
|
// the builder module
|
|
668
|
-
if (!Object.
|
|
672
|
+
if (!Object.hasOwn(requestBodyBuilders, requestBodyType)) {
|
|
669
673
|
return;
|
|
670
674
|
}
|
|
671
675
|
|
|
@@ -63,11 +63,6 @@ var _ = require('lodash'),
|
|
|
63
63
|
cb(null, options);
|
|
64
64
|
};
|
|
65
65
|
|
|
66
|
-
// Enable support for extending root CAs.
|
|
67
|
-
// Refer: https://github.com/postmanlabs/postman-request/pull/35
|
|
68
|
-
// @todo trigger console warning (using callback) if not enabled.
|
|
69
|
-
requests.enableNodeExtraCACerts();
|
|
70
|
-
|
|
71
66
|
module.exports = function (request, options, onStart, onData, callback) {
|
|
72
67
|
var req = {};
|
|
73
68
|
|
|
@@ -24,6 +24,7 @@ RequesterPool = function (options, callback) {
|
|
|
24
24
|
cookieJar: _.get(options, 'requester.cookieJar'), // default set later in this constructor
|
|
25
25
|
strictSSL: _.get(options, 'requester.strictSSL'),
|
|
26
26
|
maxResponseSize: _.get(options, 'requester.maxResponseSize'),
|
|
27
|
+
protocolVersion: _.get(options, 'requester.protocolVersion'),
|
|
27
28
|
// @todo drop support in v8
|
|
28
29
|
useWhatWGUrlParser: _.get(options, 'requester.useWhatWGUrlParser', false),
|
|
29
30
|
insecureHTTPParser: _.get(options, 'requester.insecureHTTPParser'),
|
|
@@ -418,7 +418,7 @@ class Requester extends EventEmitter {
|
|
|
418
418
|
// we can't trust the integrity of this request
|
|
419
419
|
// bail out if request url is empty
|
|
420
420
|
if (!(request && request.url && request.url.toString && request.url.toString())) {
|
|
421
|
-
return onEnd(new Error('runtime:
|
|
421
|
+
return onEnd(new Error('runtime: request url is empty'));
|
|
422
422
|
}
|
|
423
423
|
|
|
424
424
|
cookieJar = self.options.cookieJar;
|
|
@@ -470,7 +470,8 @@ class Requester extends EventEmitter {
|
|
|
470
470
|
status: res && res.statusMessage,
|
|
471
471
|
header: responseHeaders,
|
|
472
472
|
stream: resBody,
|
|
473
|
-
responseTime: responseTime
|
|
473
|
+
responseTime: responseTime,
|
|
474
|
+
downloadedBytes: history.execution.data[0].response.downloadedBytes
|
|
474
475
|
});
|
|
475
476
|
|
|
476
477
|
onComplete(RESPONSE_END, response, history);
|
|
@@ -270,7 +270,7 @@ module.exports = {
|
|
|
270
270
|
async.mapSeries(events, function (event, next) {
|
|
271
271
|
// In case the event has no script or execution was skipped
|
|
272
272
|
// in some previous script we bail out early
|
|
273
|
-
if (!event.script ||
|
|
273
|
+
if (shouldSkipExecution || !event.script || event.script.isEmpty()) {
|
|
274
274
|
return next(null, { event });
|
|
275
275
|
}
|
|
276
276
|
|
|
@@ -434,7 +434,10 @@ module.exports = {
|
|
|
434
434
|
// instance once it is fully supported
|
|
435
435
|
result && { cookies: result.cookies });
|
|
436
436
|
}).catch(function (err) {
|
|
437
|
-
|
|
437
|
+
const error = serialisedError(err);
|
|
438
|
+
|
|
439
|
+
delete error.stack; // remove stack to avoid leaking runtime internals
|
|
440
|
+
this.host.dispatch(EXECUTION_RESPONSE_EVENT_BASE + id, requestId, error);
|
|
438
441
|
});
|
|
439
442
|
}.bind(this));
|
|
440
443
|
}.bind(this));
|
|
@@ -455,7 +458,11 @@ module.exports = {
|
|
|
455
458
|
// @todo: Expose this as a property in Collection SDK's Script
|
|
456
459
|
timeout: payload.scriptTimeout,
|
|
457
460
|
cursor: scriptCursor,
|
|
458
|
-
context:
|
|
461
|
+
context: {
|
|
462
|
+
..._.pick(payload.context, SAFE_CONTEXT_VARIABLES),
|
|
463
|
+
vaultSecrets: _.get(payload.context.vaultSecrets, '_.allowScriptAccess') ?
|
|
464
|
+
payload.context.vaultSecrets : undefined
|
|
465
|
+
},
|
|
459
466
|
resolvedPackages: resolvedPackages,
|
|
460
467
|
|
|
461
468
|
// legacy options
|
|
@@ -522,6 +529,8 @@ module.exports = {
|
|
|
522
529
|
result && result.globals && (result.globals = new sdk.VariableScope(result.globals));
|
|
523
530
|
result && result.collectionVariables &&
|
|
524
531
|
(result.collectionVariables = new sdk.VariableScope(result.collectionVariables));
|
|
532
|
+
result && result.vaultSecrets &&
|
|
533
|
+
(result.vaultSecrets = new sdk.VariableScope(result.vaultSecrets));
|
|
525
534
|
result && result.request && (result.request = new sdk.Request(result.request));
|
|
526
535
|
|
|
527
536
|
// @note Since postman-sandbox@3.5.2, response object is not included in the execution
|
|
@@ -112,7 +112,7 @@ module.exports = {
|
|
|
112
112
|
var requestId = uuid.v4(),
|
|
113
113
|
replayOptions;
|
|
114
114
|
|
|
115
|
-
// eslint-disable-next-line max-len
|
|
115
|
+
// eslint-disable-next-line @stylistic/js/max-len
|
|
116
116
|
requester.on(RESPONSE_START_EVENT_BASE + requestId, function (err, response, request, cookies, history) {
|
|
117
117
|
// we could have also added the response to the set of responses in the cloned item,
|
|
118
118
|
// but then, we would have to iterate over all of them, which seems unnecessary
|
|
@@ -152,7 +152,7 @@ module.exports = {
|
|
|
152
152
|
requester.on(RESPONSE_DATA_EVENT_BASE + requestId, function (data) {
|
|
153
153
|
self.triggers.responseData(context.coords, data);
|
|
154
154
|
});
|
|
155
|
-
// eslint-disable-next-line max-len
|
|
155
|
+
// eslint-disable-next-line @stylistic/js/max-len
|
|
156
156
|
xhr = requester.request(requestId, item.request, context.protocolProfileBehavior, function (err, res, req, cookies, history) {
|
|
157
157
|
err = err || null;
|
|
158
158
|
|
|
@@ -70,7 +70,8 @@ getResponseJSON = function (response) {
|
|
|
70
70
|
type: 'Base64',
|
|
71
71
|
data: response.stream.toString('base64')
|
|
72
72
|
},
|
|
73
|
-
responseTime: response.responseTime
|
|
73
|
+
responseTime: response.responseTime,
|
|
74
|
+
downloadedBytes: response.downloadedBytes
|
|
74
75
|
};
|
|
75
76
|
};
|
|
76
77
|
|
|
@@ -137,6 +138,7 @@ module.exports = {
|
|
|
137
138
|
// create the context object for scripts to run
|
|
138
139
|
ctxTemplate = {
|
|
139
140
|
collectionVariables: collectionVariables,
|
|
141
|
+
vaultSecrets: vaultSecrets,
|
|
140
142
|
_variables: _variables,
|
|
141
143
|
globals: globals,
|
|
142
144
|
environment: environment,
|
|
@@ -150,7 +152,7 @@ module.exports = {
|
|
|
150
152
|
item: item,
|
|
151
153
|
coords: coords,
|
|
152
154
|
context: ctxTemplate,
|
|
153
|
-
trackContext: ['globals', 'environment', 'collectionVariables'],
|
|
155
|
+
trackContext: ['globals', 'environment', 'collectionVariables', 'vaultSecrets'],
|
|
154
156
|
stopOnScriptError: stopOnError,
|
|
155
157
|
stopOnFailure: stopOnFailure
|
|
156
158
|
}).done(function (prereqExecutions, prereqExecutionError, shouldSkipExecution) {
|
|
@@ -188,7 +190,7 @@ module.exports = {
|
|
|
188
190
|
|
|
189
191
|
this.queue('request', {
|
|
190
192
|
item: item,
|
|
191
|
-
vaultSecrets: vaultSecrets,
|
|
193
|
+
vaultSecrets: ctxTemplate.vaultSecrets,
|
|
192
194
|
globals: ctxTemplate.globals,
|
|
193
195
|
environment: ctxTemplate.environment,
|
|
194
196
|
collectionVariables: ctxTemplate.collectionVariables,
|
|
@@ -232,7 +234,7 @@ module.exports = {
|
|
|
232
234
|
item: item,
|
|
233
235
|
coords: coords,
|
|
234
236
|
context: ctxTemplate,
|
|
235
|
-
trackContext: ['tests', 'globals', 'environment', 'collectionVariables'],
|
|
237
|
+
trackContext: ['tests', 'globals', 'environment', 'collectionVariables', 'vaultSecrets'],
|
|
236
238
|
stopOnScriptError: stopOnError,
|
|
237
239
|
abortOnFailure: abortOnFailure,
|
|
238
240
|
stopOnFailure: stopOnFailure
|
package/lib/runner/index.js
CHANGED
|
@@ -101,7 +101,7 @@ _.assign(Runner.prototype, {
|
|
|
101
101
|
|
|
102
102
|
// Bail out only if: abortOnError is set and the returned entrypoint is invalid
|
|
103
103
|
if (options.abortOnError && !entrypoint) {
|
|
104
|
-
// eslint-disable-next-line max-len
|
|
104
|
+
// eslint-disable-next-line @stylistic/js/max-len
|
|
105
105
|
return callback(new Error(`Unable to find a folder or request: ${_.get(options, 'entrypoint.execute')}`));
|
|
106
106
|
}
|
|
107
107
|
|
package/lib/runner/run.js
CHANGED
|
@@ -208,7 +208,7 @@ Run.commands = _.transform({
|
|
|
208
208
|
// extract the prototype from the command interface
|
|
209
209
|
if (_.has(extension, 'prototype')) {
|
|
210
210
|
_.forOwn(extension.prototype, function (value, prop) {
|
|
211
|
-
if (Object.
|
|
211
|
+
if (Object.hasOwn(Run.prototype, prop)) {
|
|
212
212
|
throw new Error('run: duplicate command prototype extension ' + prop);
|
|
213
213
|
}
|
|
214
214
|
Run.prototype[prop] = value;
|
|
@@ -226,7 +226,7 @@ Run.commands = _.transform({
|
|
|
226
226
|
if (_.has(extension, 'process')) {
|
|
227
227
|
_.forOwn(extension.process, function (command, name) {
|
|
228
228
|
if (!_.isFunction(command)) { return; }
|
|
229
|
-
if (Object.
|
|
229
|
+
if (Object.hasOwn(all, name)) {
|
|
230
230
|
throw new Error('run: duplicate command processor ' + name);
|
|
231
231
|
}
|
|
232
232
|
// finally add the command function to the accumulator
|
package/lib/runner/util.js
CHANGED
|
@@ -119,14 +119,14 @@ module.exports = {
|
|
|
119
119
|
|
|
120
120
|
// update or add values from src
|
|
121
121
|
for (prop in src) {
|
|
122
|
-
if (Object.
|
|
122
|
+
if (Object.hasOwn(src, prop)) {
|
|
123
123
|
dest[prop] = src[prop];
|
|
124
124
|
}
|
|
125
125
|
}
|
|
126
126
|
|
|
127
127
|
// remove values that no longer exist
|
|
128
128
|
for (prop in dest) {
|
|
129
|
-
if (Object.
|
|
129
|
+
if (Object.hasOwn(dest, prop) && !Object.hasOwn(src, prop)) {
|
|
130
130
|
delete dest[prop];
|
|
131
131
|
}
|
|
132
132
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "postman-runtime",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.41.0",
|
|
4
4
|
"description": "Underlying library of executing Postman Collections",
|
|
5
5
|
"author": "Postman Inc.",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -44,19 +44,19 @@
|
|
|
44
44
|
"dependencies": {
|
|
45
45
|
"@postman/tough-cookie": "4.1.3-postman.1",
|
|
46
46
|
"async": "3.2.5",
|
|
47
|
-
"aws4": "1.
|
|
47
|
+
"aws4": "1.13.0",
|
|
48
48
|
"handlebars": "4.7.8",
|
|
49
49
|
"httpntlm": "1.8.13",
|
|
50
|
-
"jose": "
|
|
50
|
+
"jose": "5.6.3",
|
|
51
51
|
"js-sha512": "0.9.0",
|
|
52
52
|
"lodash": "4.17.21",
|
|
53
53
|
"mime-types": "2.1.35",
|
|
54
54
|
"node-forge": "1.3.1",
|
|
55
55
|
"node-oauth1": "1.3.0",
|
|
56
56
|
"performance-now": "2.1.0",
|
|
57
|
-
"postman-collection": "4.
|
|
58
|
-
"postman-request": "2.88.1-postman.
|
|
59
|
-
"postman-sandbox": "5.
|
|
57
|
+
"postman-collection": "4.5.0",
|
|
58
|
+
"postman-request": "2.88.1-postman.37",
|
|
59
|
+
"postman-sandbox": "5.1.1",
|
|
60
60
|
"postman-url-encoder": "3.0.5",
|
|
61
61
|
"serialised-error": "1.1.3",
|
|
62
62
|
"strip-json-comments": "3.1.1",
|
|
@@ -64,41 +64,43 @@
|
|
|
64
64
|
},
|
|
65
65
|
"devDependencies": {
|
|
66
66
|
"@postman/shipit": "^0.4.0",
|
|
67
|
-
"
|
|
67
|
+
"@stylistic/eslint-plugin-js": "^1.8.0",
|
|
68
|
+
"ajv": "^8.17.1",
|
|
68
69
|
"browserify": "^17.0.0",
|
|
69
70
|
"chai": "^4.3.10",
|
|
70
71
|
"chalk": "^4.1.2",
|
|
71
72
|
"dependency-check": "^4.1.0",
|
|
72
|
-
"editorconfig": "^
|
|
73
|
-
"eslint": "^
|
|
74
|
-
"eslint-plugin-jsdoc": "^
|
|
73
|
+
"editorconfig": "^2.0.0",
|
|
74
|
+
"eslint": "^8.57.0",
|
|
75
|
+
"eslint-plugin-jsdoc": "^47.0.2",
|
|
75
76
|
"eslint-plugin-lodash": "^7.4.0",
|
|
76
|
-
"eslint-plugin-mocha": "^10.
|
|
77
|
+
"eslint-plugin-mocha": "^10.5.0",
|
|
78
|
+
"eslint-plugin-n": "^16.6.2",
|
|
77
79
|
"eslint-plugin-security": "^2.1.1",
|
|
78
80
|
"express": "^4.17.2",
|
|
79
81
|
"graphql": "^15.7.2",
|
|
80
82
|
"js-yaml": "^4.1.0",
|
|
81
|
-
"karma": "^6.4.
|
|
83
|
+
"karma": "^6.4.4",
|
|
82
84
|
"karma-browserify": "^8.1.0",
|
|
83
85
|
"karma-chrome-launcher": "^3.2.0",
|
|
84
86
|
"karma-mocha": "^2.0.1",
|
|
85
87
|
"karma-mocha-reporter": "^2.2.5",
|
|
86
88
|
"mocha": "^9.1.3",
|
|
87
89
|
"nyc": "^15.1.0",
|
|
88
|
-
"parse-gitignore": "^
|
|
90
|
+
"parse-gitignore": "^2.0.0",
|
|
89
91
|
"passport": "^0.7.0",
|
|
90
92
|
"passport-http": "^0.3.0",
|
|
91
93
|
"recursive-readdir": "^2.2.3",
|
|
92
94
|
"server-destroy": "^1.0.1",
|
|
93
95
|
"shelljs": "^0.8.5",
|
|
94
|
-
"sinon": "^
|
|
96
|
+
"sinon": "^18.0.0",
|
|
95
97
|
"teleport-javascript": "^1.0.0",
|
|
96
|
-
"terser": "^5.
|
|
98
|
+
"terser": "^5.31.3",
|
|
97
99
|
"tmp": "^0.2.3",
|
|
98
|
-
"webpack": "^5.
|
|
100
|
+
"webpack": "^5.93.0",
|
|
99
101
|
"yankee": "^1.0.8"
|
|
100
102
|
},
|
|
101
103
|
"engines": {
|
|
102
|
-
"node": ">=
|
|
104
|
+
"node": ">=16"
|
|
103
105
|
}
|
|
104
106
|
}
|