Merge branch 'release/7.41.0'

.github/workflows/ci.yml

@@ -89,21 +89,21 @@ jobs:
 
       - if: ${{ matrix.coverage }}
         name: Upload coverage
-        run: npm run codecov -- -c -Z -f .coverage/coverage-final.json -F unit
+        run: npm run codecov -- -c -Z -f .coverage/coverage-final.json -F unit -t ${{ secrets.CODECOV_TOKEN }}
 
       - name: Run integration tests
         run: npm run test-integration
 
       - if: ${{ matrix.coverage }}
         name: Upload coverage
-        run: npm run codecov -- -c -Z -f .coverage/coverage-final.json -F integration
+        run: npm run codecov -- -c -Z -f .coverage/coverage-final.json -F integration -t ${{ secrets.CODECOV_TOKEN }}
 
       - name: Run legacy integration tests
         run: npm run test-integration-legacy
 
       - if: ${{ matrix.coverage }}
         name: Upload coverage
-        run: npm run codecov -- -c -Z -f .coverage/coverage-final.json -F legacy
+        run: npm run codecov -- -c -Z -f .coverage/coverage-final.json -F legacy -t ${{ secrets.CODECOV_TOKEN }}
 
       - name: Run contract tests
         run: npm run test-contract

CHANGELOG.yaml

@@ -1,3 +1,17 @@
+7.41.0:
+  date: 2024-08-01
+  new features:
+    - GH-1427 Added support for HTTP/2. Configurable via `protocolVersion`
+    - GH-1412 Added support for `pm.vault` in scripts
+  fixed bugs:
+    - >-
+      GH-1433 Fixed a bug where errors from `pm.sendRequest` were not
+      transmitted correctly
+    - GH-1437 Bailed out from executing empty scripts
+  chores:
+    - GH-1426 Added variable to track the downloaded content size in response
+    - Updated dependencies
+
 7.40.0:
   date: 2024-06-19
   new features:

README.md

@@ -94,6 +94,9 @@ runner.run(collection, {
         // Maximum allowed response size in bytes (only supported on Node, ignored in the browser)
         maxResponseSize: 1000000,
 
+        // HTTP Protocol version to use. Valid options are http1, http2, and auto (only supported on Node, ignored in the browser)
+        protocolVersion: 'http1',
+
         // Enable to use WHATWG URL parser and encoder
         useWhatWGUrlParser: true,
 

codecov.yml

@@ -16,18 +16,21 @@ coverage:
 
       # coverage status for unit tests
       unit:
-        flags: unit
-        target: 40
+        target: 35
+        flags:
+            - unit
 
       # coverage status for integration tests
       integration:
-        flags: integration
-        target: 70
+        target: 60
+        flags:
+            - integration
 
       # coverage status for integration-legacy tests
       legacy:
-        flags: legacy
-        target: 45
+        target: 35
+        flags:
+            - legacy
 
 parsers:
   javascript:

docs/protocol-profile-behavior.md

@@ -45,6 +45,9 @@ Redirect with the original HTTP method, by default redirects with HTTP method GE
 - `followAuthorizationHeader: Boolean`<br/>
 Retain `authorization` header when a redirect happens to a different hostname.
 
+- `protocolVersion: String`<br/>
+HTTP Protocol version to be used, supported values are 'http1', 'http2', and 'auto'
+
 - `removeRefererHeaderOnRedirect: Boolean`<br/>
 Removes the `referer` header when a redirect happens.
 

lib/requester/core.js

@@ -82,7 +82,10 @@ var dns = require('dns'),
 
         // removes the `referer` header when a redirect happens (default: false)
         // @note `referer` header set in the initial request will be preserved during redirect chain
-        removeRefererHeader: 'removeRefererHeaderOnRedirect'
+        removeRefererHeader: 'removeRefererHeaderOnRedirect',
+
+        // Select the HTTP protocol version to be used. Valid options are http1/http2/auto
+        protocolVersion: 'protocolVersion'
     },
 
     /**
@@ -399,6 +402,7 @@ module.exports = {
      * @param defaultOpts.followOriginalHttpMethod
      * @param defaultOpts.maxRedirects
      * @param defaultOpts.maxResponseSize
+     * @param defaultOpts.protocolVersion
      * @param defaultOpts.implicitCacheControl
      * @param defaultOpts.implicitTraceHeader
      * @param defaultOpts.removeRefererHeaderOnRedirect

lib/requester/requester-pool.js

@@ -24,6 +24,7 @@ RequesterPool = function (options, callback) {
         cookieJar: _.get(options, 'requester.cookieJar'), // default set later in this constructor
         strictSSL: _.get(options, 'requester.strictSSL'),
         maxResponseSize: _.get(options, 'requester.maxResponseSize'),
+        protocolVersion: _.get(options, 'requester.protocolVersion'),
         // @todo drop support in v8
         useWhatWGUrlParser: _.get(options, 'requester.useWhatWGUrlParser', false),
         insecureHTTPParser: _.get(options, 'requester.insecureHTTPParser'),

lib/requester/requester.js

@@ -418,7 +418,7 @@ class Requester extends EventEmitter {
         // we can't trust the integrity of this request
         // bail out if request url is empty
         if (!(request && request.url && request.url.toString && request.url.toString())) {
-            return onEnd(new Error('runtime:extensions~request: request url is empty'));
+            return onEnd(new Error('runtime: request url is empty'));
         }
 
         cookieJar = self.options.cookieJar;
@@ -470,7 +470,8 @@ class Requester extends EventEmitter {
                 status: res && res.statusMessage,
                 header: responseHeaders,
                 stream: resBody,
-                responseTime: responseTime
+                responseTime: responseTime,
+                downloadedBytes: history.execution.data[0].response.downloadedBytes
             });
 
             onComplete(RESPONSE_END, response, history);

lib/runner/extensions/event.command.js

@@ -270,7 +270,7 @@ module.exports = {
             async.mapSeries(events, function (event, next) {
                 // In case the event has no script or execution was skipped
                 // in some previous script we bail out early
-                if (!event.script || shouldSkipExecution) {
+                if (shouldSkipExecution || !event.script || event.script.isEmpty()) {
                     return next(null, { event });
                 }
 
@@ -434,7 +434,10 @@ module.exports = {
                                     // instance once it is fully supported
                                     result && { cookies: result.cookies });
                             }).catch(function (err) {
-                                this.host.dispatch(EXECUTION_RESPONSE_EVENT_BASE + id, requestId, err);
+                                const error = serialisedError(err);
+
+                                delete error.stack; // remove stack to avoid leaking runtime internals
+                                this.host.dispatch(EXECUTION_RESPONSE_EVENT_BASE + id, requestId, error);
                             });
                         }.bind(this));
                     }.bind(this));
@@ -455,7 +458,11 @@ module.exports = {
                             // @todo: Expose this as a property in Collection SDK's Script
                             timeout: payload.scriptTimeout,
                             cursor: scriptCursor,
-                            context: _.pick(payload.context, SAFE_CONTEXT_VARIABLES),
+                            context: {
+                                ..._.pick(payload.context, SAFE_CONTEXT_VARIABLES),
+                                vaultSecrets: _.get(payload.context.vaultSecrets, '_.allowScriptAccess') ?
+                                    payload.context.vaultSecrets : undefined
+                            },
                             resolvedPackages: resolvedPackages,
 
                             // legacy options
@@ -522,6 +529,8 @@ module.exports = {
                             result && result.globals && (result.globals = new sdk.VariableScope(result.globals));
                             result && result.collectionVariables &&
                                 (result.collectionVariables = new sdk.VariableScope(result.collectionVariables));
+                            result && result.vaultSecrets &&
+                                (result.vaultSecrets = new sdk.VariableScope(result.vaultSecrets));
                             result && result.request && (result.request = new sdk.Request(result.request));
 
                             // @note Since postman-sandbox@3.5.2, response object is not included in the execution

lib/runner/extensions/item.command.js

@@ -70,7 +70,8 @@ getResponseJSON = function (response) {
             type: 'Base64',
             data: response.stream.toString('base64')
         },
-        responseTime: response.responseTime
+        responseTime: response.responseTime,
+        downloadedBytes: response.downloadedBytes
     };
 };
 
@@ -137,6 +138,7 @@ module.exports = {
                 // create the context object for scripts to run
                 ctxTemplate = {
                     collectionVariables: collectionVariables,
+                    vaultSecrets: vaultSecrets,
                     _variables: _variables,
                     globals: globals,
                     environment: environment,
@@ -150,7 +152,7 @@ module.exports = {
                     item: item,
                     coords: coords,
                     context: ctxTemplate,
-                    trackContext: ['globals', 'environment', 'collectionVariables'],
+                    trackContext: ['globals', 'environment', 'collectionVariables', 'vaultSecrets'],
                     stopOnScriptError: stopOnError,
                     stopOnFailure: stopOnFailure
                 }).done(function (prereqExecutions, prereqExecutionError, shouldSkipExecution) {
@@ -188,7 +190,7 @@ module.exports = {
 
                     this.queue('request', {
                         item: item,
-                        vaultSecrets: vaultSecrets,
+                        vaultSecrets: ctxTemplate.vaultSecrets,
                         globals: ctxTemplate.globals,
                         environment: ctxTemplate.environment,
                         collectionVariables: ctxTemplate.collectionVariables,
@@ -232,7 +234,7 @@ module.exports = {
                             item: item,
                             coords: coords,
                             context: ctxTemplate,
-                            trackContext: ['tests', 'globals', 'environment', 'collectionVariables'],
+                            trackContext: ['tests', 'globals', 'environment', 'collectionVariables', 'vaultSecrets'],
                             stopOnScriptError: stopOnError,
                             abortOnFailure: abortOnFailure,
                             stopOnFailure: stopOnFailure