search

postmanlabs / newman

Newman is a command-line collection runner for Postman
https://www.postman.com
Apache License 2.0
6.83k stars 1.16k forks source link

Vulnerable packages used by newman #3137

Closed Schnutzel closed 12 months ago

Schnutzel commented 1 year ago

newman 5.3.2 uses packages that are out of date and should be updated to the latest versions.

The packages are: semver 7.3.5: https://github.com/advisories/GHSA-c2qf-rxjj-qqgw tough-cookie 3.0.1: https://www.cve.org/CVERecord?id=CVE-2023-26136 word-wrap 1.2.3: https://github.com/advisories/GHSA-j8xg-fqg3-53r7

stevematney commented 1 year ago

Some other conversation around these dependencies in #3125 as well.

codenirvana commented 12 months ago

This is fixed in Newman v6.