You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@vbtelus Thanks for opening this issue. Due to increased friction resulting from hawk being included in request, it was replaced with an in-house implementation here and removed in request v2.87.0. The v4.1.0 release of Newman uses a fork of request based off of v2.86.1. The current unreleased version of Newman effectively uses v2.88.1 (as can be seen here: https://github.com/postmanlabs/newman/blob/develop/package.json#L55). Thus, these vulnerabilities will be addressed in the next Newman release.
If you'd like, you can follow the original discussion that resulted in the removal of hawk from request here: request/request#2831
@vbtelus Newman v4.2.1 resolves the first and third vulnerabilities, the second will require code changes in our dependency chain. I'll keep this issue open until that is resolved.
This project has several vulnerabilities in the dependencies as reported by npm audit.
newman -v
): 4.1.0npm audit
commandnpm audit
on project that has"newman": "^4.1.0",
ad dev dependencySteps to reproduce the problem:
npm i
npm audit
The text was updated successfully, but these errors were encountered: