All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
5.9.0 (2024-04-29)
5.8.0 (2024-04-29)
5.7.0 (2024-03-22)
5.6.0 (2024-03-18)
This is an inaccurate view of this release. We are working to add Release Please to manage this and this should be cleaner in the next release. Sorry for the inconvenience.
- 1813 start using 415 code for invalid content-types instead constantly inferring it (df475fc)
- adds more standard compliant request body handling (#2260) (3b56cb7)
- Allow JSON Schema Faker configuration in specification (b72dd03)
- better validation for optional auth (#2401) (e2d9f0f)
- http: added support to Deprecation header for deprecated operations #1563 (1415319)
- http: detect complex schema error, improve error message (#2327) (07af511)
- proxy: add a flag to skip request validation (71d04c8)
- support circular refs (#1835) (d287dd7)
- #1881 fixed memory leak for validation (931fc0f)
- #1881 fixed memory leak for validation (bfc258a)
- #1881 fixed memory leak for validation (1a05283)
- fixed handling of number with format: double (e10a1e5)
- 1917 fixed handling of example request for invalid requests (444012b)
- another fix for memory leak of schema validation (ded2a9b)
- ci: release please simpler config (#2489) (b6be539)
- ci: release please with checkout (#2492) (ea378fc)
- ci: release please with root (#2497) (6043a9b)
- ci: remove root from release please (#2494) (ad1743e)
- ci: STOP-267 add release please manifest (#2484) (82fe01e)
- ci: STOP-267 automate release branch creation (#2479) (182e4f9)
- ci: STOP-267 improve auto-release config (#2481) (bb29592)
- decode path before matching it (ed5bce8)
- deps: bump sanitize-html for security (#1828) (3fc86f4)
- fixed #1860 performance regression (fe6345d)
- http-server: discard request body if the content-length header i… (#2103) (c172f42)
- http: add explicit dependency on chalk (#2263) (55b07c9)
- json schema faker fillProperties not working (#2398) (e8acebd)
- keep encoded value if uri decoding fails. (#2387) (aba9bee)
- readme: npm downloads badge (#1849) (3245a22)
- remove deprecated usage of parse (#1959) (ea5b445)
- replace date-time validator with our bug fixed version (#1856) (44186db)
- testing circle ci build (0d2deb0)
- update http-spec (#2037) (72d6882)
- upgrade dependencies and resolve breaking http spec changes (#2105) (ebbc6c1)
- upgrade deps to clean up last security vulnerabilities (#2076) (b1ac6f4)
- upgrade jsrp to 9.2.4 to allow basic auth (#2279) (2148a2b)
- use proper client call in memory leak tests (c223192)
- validateOutput() when schema contains internal reference (#2363) (8e143e6)
- upgrade dependencies to eliminate lodash prototype pollution vulnerabilities #2459
- added functionality to show unevaluated property name in error message #2441 - thanks @aleung for your contribution!
- added support for default JSON deserialization for arrays of objects in form data request bodies in OpenAPI 3 #2379 - thanks @ilanashapiro for your contribution!
- fixed issue with int64 #2420
- added new cli flag
--ignoreExamples#2408 - thanks @ilanashapiro for your contribution!
- Fixed issue with filling additional properties #2398
- added more validation around optional security. #2401
- Fixed issue with internal refs inside json schemas #2402
- fixed issue with sending binary data in proxy mode. #2387
- fixed issue with validateOutput() when schema contains internal reference. #2363 - thanks @mtjandra for your contribution!
- added new cli parameter to control the json schema faker fillProperties setting universally. #2355
- correctly list Response or Request in violation messages. #2358
- added support for multipart/form-data in the request body. #2321 - thanks @ilanashapiro for your contribution!
- Improved error messages when using static mocking and the schema is too complex.
- Limit the
sl-violationsresponse header to around 8 KB. #2297 - Improve error messages that describe unresolvable JSON Pointer references. #2195
- Bump minimatch from 3.0.4 to 3.0.5.
- Bump json5 from 1.0.1 to 1.0.2.
- Handle exploded form query params. #2288
- Respect prefer header for validation proxy when server returns 501. #2292 - thanks @nursanamar for your contribution to this.
- Bump @stoplight/types and @stoplight/http-spec to support
unspecifiedparameter style to fix query param errors for OAS 2.0 documents.
- Improved request validation error messages (thanks @ilanashapiro) #2280
- Allow spec document to be requested via HTTP Basic auth via the URL parameters in Node 18+. #2279
- Put
chalkas an explicit dependency in the HTTP package #x - Upgrade fast-xml-parser (thanks @spriggyjeff) #2262
- Do not error when there is no response content but accept header is set (thanks @ilanashapiro) #2267
- Improves handling of GET/HEAD requests in the proxy that look like they include a request body. #2260
- CLI option flag
--verboseLevelor-vto set log levels. #2231
- Various 3rd party dependency updates.
- Send a user-agent when fetching remote spec content. #2150
- Make x-json-schema-faker work more sensibly. #2181
- Fixed breaking change with mock command in v4.10.4. #2138
- Various 3rd party dependency updates and Dependabot configuration changes
- Fixed issue with recursive request body schemas. #2090
- Fixed issue with empty body when content-type header is set. #2103 - thanks @acolombier
- Added support for ranges of response status codes. #2065
- Update faker dependency to point to official community-maintained version. #2021 - thanks @jasonbarry
- Alphabetize properties for dynamic responses. #2041
- Fixed issue where query parameters weren't being forwarded in proxy mode. #2042
- Upgraded the minimum node engine version from 12 to 16 #2023 - thanks @jasonbarry
- Relaxed validation constraints for Postman Collections. All properties included in output are no longer marked as required in the generated json schema. Byproduct of removing dependency with security vulnerability. #2037
- Fixed deprecated usage of
parse#1959 - thanks @jbl428 - Removed dependency that had critical security vulnerability #2037
- Upstream proxy support #1986 - thanks @DyspC
- Ignore
Content-Typewhen validating a request and the body is empty instead of producing a HTTP 415. #1990
- CLI flag to control validating requests when running the proxy #1980
- When
allOfhas the effect of addingreadOnlyto a property, the property is no longer required in input. - When
allOfhas the effect of addingwriteOnlyto a property, the property is no longer required in output.
- in proxy mode, Prism does not send
Content-Encodingheader back to client as it was received from the upstream server because Prism's response is never compressed
- Prism now responds with 415 http code if request content-type does not match content-types available in operation body
- Ignoring example if prism decides to change response code #1919
- Updated dependencies #1916
- Do not check content-type for 204 code #1915
- Fixed issue with generating numbers with maximum and minimum range of
Number.MAX_VALUE
- Fixed memory leak #1881
- Added support for Deprecation header for deprecated operations #1879
- Better path matching for concrete and templated parts 1876
- Fixes issue with encoded URLs: was unable to find them in spec while mocking.
- Fixes performance regression in
prism-cli#1860
- Fixed issue with date-time type validation #1856
- Supports readOnly writeOnly properties #1853
- Increase Max Request Size to 10mb by default #1844
- Support Circular JSON Refs #1835
- Improved the build pipeline #1834
- bumped
sanitize-htmldep to address security issue #1828
- encodeURI param names to avoid performance issues on startup #1816
- Bump @stoplight/json-schema-sampler to support
if/then/elseJSON Schema compound keywords in static mode #1792
- Accept OAS 3.1 documents #1783
- Return preferred example when validation fails #1786
- Prism is now supporting nullable validations #1782
- Yet another improvement for the returned path in Problem JSON payloads #1548
- Prism is now respecting
min/maxItemsproperties in JSON Schemas #1530
- Multiple HTTP Headers coming from a proxied response are now correctly aggreagated using a
,instead of a space. #1489 - Improved the returned path for Problem JSON payloads #1530
- Prism will now consider the first response in the document in case of the absence of a 2XX response, instead of requiring at least a successful response. #1531
- Prism will now validate that the requested code (either through prefer code header or __code query param) is a number. #1542
- When running in proxy mode and an upstream server responds with
501, Prism will now "remock" the request and provide a meaningful response. This is a fancy way to say "if the upstream server has not yet implemented an operation, it will mock" #1426
- Fixed a type issue in the HTTP Client that would let you pass incorrect parameters #1391
- Prism will now refuse to start in case it will detect circular references. #1270
- Prism is now able to take in consideration all the responses defined for a request (typical in Postman Collection) and respond in a more appropriate way #1310
- BREAKING: The
getHttpOperationsFromSpechas been moved from the HTTP Package to the CLI package. If you're using Prism programmatically, this might require some code changes on your side.getHttpOperationsFromResourcehas been removed. #1009, #1192 - BREAKING: The
createClientFromOperationsis now exported asexport functioninstead of exporting an object. If you're using Prism programmatically, this might require some code changes on your side #1009 - BREAKING: Prism does NOT support Node 8 and 10 anymore; the miminal runtime is now 12
- A significant number of dependencies has been upgraded
- Prism's Proxy feature will stop proactively requesting Compressed responses, following what is really in the OAS document #1309,#1319
- Prism is now stop to claim error for paths declared in the document that are not starting with a
/#1340
- Prism is not returning an error anymore when trying to construct a schema for HTTP headers and query string with mixed cases property names #1268
- Since the media type parameters are not standardised (apart from the quality one), the negotiator will discard them during the matching process or simply treat them as strings/numbers without trying to guess anything more #1159
- Prism is now handling correctly hypens on both Path parameters and Query Parameters #1189, #1992
- The mock diagram has been updated to include the security validations #1141
- Prism will now correctly refuse invalid requests even when used with the
proxycommand with the--errorsflag #1101 - Autogenerated security validation errors now have the
detailfield filled with an informative message #1101 - Correctly catch some exceptions and propagate them to the CLI #1107
- All the dependencies used by the various Prism packages have been explicitily declared avoiding some resolutions problems in case you are using Prism programmatically #1072
- Prism's current options aren't overriden internally anymore because of the
Preferheader set #1074
- Prism will not correctly consider that HTTP Security Schemes are case insensitive #1044
- Prism is now able to correctly differentiate between a preflight request and a regular
OPTIONSrequest #1031 - Fixed a condition where Prism would ignore CLI flags in case the nor
Preferor Query String preferences were passed #1034 - Created a specific error when a 200-299 response cannot be found for a successful request #1035
- Prism now supports sending its configuration parameters through the
Preferheader #984 - Experimental Postman Collection support #985
- Correctly evaluate the
ServerMatchproperty so that Prism will prefer concrete matches over templated ones #983 - HTTP Client now correctly returns empty bodies #993
- Correctly discriminate methods in the router when server is not defined #969
- Removed double definition of the
ProblemJsonError#965
- Correctly set
access-control-expose-headersheaders for preflight and regular responses when CORS is enabled #958 - Prism public HTTP Client fixes and docs improvements #959
- Correctly set
varyandaccess-control-request-headersheaders for preflight and regular responses when CORS is enabled
- Replaced Fastify HTTP server with its tinier counterpart: Micri #927
- Prism's proxy will now strip all the Hop By Hop headers #921
- Prism is now normalising the media types so that when looking for compatible contents charsets and other parameters are not taken in consideration #944
- Prism's external HTTP Client is now correctly constructing the internal log object #952
- Prism will not coerce JSON Payloads anymore during the schema validation #905
- Correctly handle the possibility of a body/headers generation failure #875
- Input validation errors should not trigger a
500status code when the--errorsflag is set to true #892
- Put
chalkas an explicit dependency in the CLI package #854 - Make sure callbacks work on
application/x-www-form-urlencodeddata #856
- Support for encoding > allowReserved flag when validating application/x-www-form-urlencoded body #630
- Validating output status code against available response specs #648
- Support for Contract Testing #650
- The CLI will now propose operation paths with meaningful examples #671
- Prism reloads itself every time there are changes being made to the specified document #689
- Path parameters are now validated against schema #702
- The Test Harness framework now requires the
${document}parameter explicitly #720 - Prism now includes a new
proxycommand that will validate the request coming in, send the request to an upstream server and then validate the response coming back #669 - Prism has values for path/query params bolded and in color #743
- The CLI now displays a timestamp for all the logged operations #779
- Prism has now support for OpenAPI 3.0 callbacks #716
- Prism body validator will now show allowed enum parameters in error messages #828
- Killing sub-process only if Prism is running in multi-process mode #645
- UUIDs are never generated as URNs #661
- Relative references for remote documents are now resolved correctly #669
- Core types are now correctly referenced in the HTTP package, restoring the type checks when using the package separately #701
- By upgrading Json Schema Faker to the latest version, now the schemas with
additionalProperties:false/additionalProperties:true/additionalProperties:objectwill be correctly handled when dynamic mocking is enabled #719 - Making a request to an operation with a
deprecatedparameter is no longer causing Prism to return a 422 response #721 - The
access-control-allow-originheader, when CORS is enabled, will now reflect the request origin AND set the Credentials header #797 - When the request is missing the
Acceptheader, Prism will now effectively treat it as a*/*, according to the respective CFP #802 - Prism will now passthrough as response anything that matches
text/*instead of onlytext/plain#796
- Prism is now giving precedence to
application/jsoninstead of using it as a "fallback" serializer, fixing some conditions where it wouldn't get triggered correctly. #604 - Prism is now taking in consideration the
requiredproperties for combined schemas (oneOf, allOf). This is coming through an update to the Json Schema Faker Library #623 - Prism will never have enough information to return a
403status code; all these occurences have been now replaced with a401status code which is more appropriate #625 - Prism is now negotiating the error response dynamically based on the validation result (security or schema validation) instead of always returning a static order of responses #628
- Prism is now selecting proper serializer when Accept header contains content type which is missing in spec. This is a result of simplifying serializer selection approach. #620
- HEAD requests no longer fail with 406 Not Acceptable #603
- Prism is now able to validate the security specification of the loaded document #484
- Prism is not crashing anymore when referencing the same model multiple times in the specification document #552
- Prism will now correctly use the
examplekeyword for a Schema Object in OpenAPI 3.0 documents #560 - Prism won't return 406 when users request a
text/plainresponse whose content is a primitive (string, number) #560 - Prism's router is now able to correctly handle a path ending with a parameter, such as
/test.{format}, while it would previously not match with anything. #561 - Prism is correctly handling the
allowEmptyValueproperty in OAS2 documents #569 - Prism is correctly handling the
csvcollection format argument property in OAS2 documents #577 - Prism is correctly returning the response when the request has
*/*as Accept header #578 - Prism is correctly returning a single root node with the payload for XML data #578
- Prism is correctly returning payload-less responses #606
- Prism is now returning CORS headers by default and responding to all the preflights requests. You can disable this behaviour by running Prism with the
--corsflag set to false #525
- Prism now respects the
nullablevalue for OpenAPI 3.x documents when generating examples #506 - Prism now loads correctly OpenAPI 3.x documents with
encodingswith non specifiedstyleproperty #507 - Prism got rid of some big internal dependencies that now aren't required anymore, making it faster and lighter. #490
- Prism now correctly validates OAS2
application/x-www-urlencoded(form data) params (#483)
- Prism is now returning a
406error instead of an empty response in case it is not able to find a response whose content type satisfies the providedAcceptHeader - Prism now respects the
qvalue in theAcceptheader to specify the content type preference - Prism is now returning
text/plainwhen the document does not specify any Content Type for the examples - Prism is now returning the example according to the
Acceptheader for OAS2 documents - Prism is now returning
404instead of500in case the requested named example does not exist in the document
- Prism HTTP Client is now adding 'user-agent' header with Prism/<<PRISM_VERSION>> as the value when making HTTP requests
- Prism is now using
yargsfor its command line interface, replacing oclif.
- Fixed an error in the JSON Path bundling for NPM Package download
This is nothing more than the beta 6 rebranded.
- Prism now loads correctly files from the internet with urls using query parameters #452
- Prism now correctly respects the
requiredproperty in OpenAPI 2 body parameters #450 - Prism now validates any payload, as long it has a schema and it's parsable #446
- Prism now will tell you explicitly when a response has been constructed from a
defaultresponse definition #445
- Internal refactoring: Prism validation process is now completely sync #400
- Prism examples generator supports
x-fakerextensions #384 — thanks @vanhoofmaarten! - Documentation reorganisation #393
- Introduced Azure Pipelines to make sure Prism works on Windows #388
- Prism has now a diagram in the readme that shows you the mocker flow #386
- Several improvements to the logging of the Http Mocker #382
- Our
application/vnd+problem.jsonmessages have been improved #370
- Prism is now able to parse HTTP FormData payloads #381
- Prism now works correctly on Windows thanks to some internal libraries updates #374
- Prism 3 has now a Docker Image; you can try it at
stoplight/prism:3
- Static JSON Schema examples generator gives precendece to
defaultoverexamples#373
-
Prism is now logging all the negotiator phases for a better observability #323
-
The HTTP Client API has been documented #355
- Prism's build process in TypeScript has been revisited #356
- Prism can now validate servers #351
- Prism's build process received some tweaks, but there's more work to do #352
- Prism now has got a static example fallback in case the
dynamicflag is not enabled #347
- Prism is now handling the fact that HTTP headers are case insensitive #338
- Prism is now normalising OAS2/3 schemas improving and simplyfing the validation capabilites #338
- Prism is not able to correctly handle the Content Type header #344
- Prism CLI has now a new CLI option to specify the IP Address where it will listen connections for #340
- Fixed the security issue intrisic in Axios by updating its dependency in the project #334
- Fix a bug where paremeters where undetected, returning a REQUIERD error #325
- Respect the
Acceptheader when requesting content to Prism #333 - Create a LICENSE file for the project #330
- Add new GitHub ISSUES template files for the project #326
- Decouple payload generation from its serialisation #322
- a bug where http operations were not resolved (6aee679)
- add missing referenced project (7621f8a)
- add tsconfig paths to make the CLI work natively in TS SL-2369 (#219) (30298a9)
- correctly install dependencies (#302) (d3de5b1)
- dependencies (ebd2536)
- do not overwrite the default config object (bcb20f5)
- do not throw when you can't find an example (06f9435)
- error serialisation SO-195 (#274) (1199919)
- get rid of ajv console warn (b11cd48)
- get rid of resolutions (#289) (758cbfa)
- it's ok if we do not have examples or schemas (5a93f1d)
- look for 422 for invalid requests (#278) (7a1c073)
- make jest faster in startup and runtime (d9b6c2a)
- make sure http download works (#276) (01828f3)
- OAS3 integration tests and fixes SO-103 (#253) (930d29e)
- prism forwarder can work without an API in place [SL-1619]7c61c62
- Prism should read yml files too SO-200 (#299) (cbc96b2)
- prism-server should always return a response (e72c6bf)
- put oclif only where it is needed (68bf27d)
- remove explicit dependency (fd2885f)
- remove nvmrc (3eaee34)
- remove other packages and update (9eb9bfa)
- require the correct code (2e6d242)
- running
prismcli threw exception (#190) (1893ccc) - schema faker fix (#195) (5889cc7)
- separate config concept sl-2191 (96e45fd)
- SL-2028 fixed absolute paths handling (#197) (8d668a1)
- SL-2030 disabled fastify's body serializing (#192) (7262c5f)
- SL-2192 stringify examples (#205) (bbf6492)
- SL-2377 host/forwarded headers support (#249) (f8a1131)
- SL-80 fixed router logic (7a3d35e)
- SL-80 fixed test (d1c8974)
- SL-80 more reasonable examples (68025c6)
- SL-82 created common args/flags place for cli (9f53eef)
- SO-80 added integration test (b1936e1)
- SO-80 added missing file (ff94b7b)
- SO-80 default to empty body, match even if no servers (c92e487)
- SO-80 fixed example (b7afa9b)
- SO-80 path fix (04cba58)
- SO-80 updated test name (d67d04a)
- SO-82 fixed tests (545294a)
- sync stuff should be sync (b4b3e8b)
- try to generate an example only if the schema is provided (b9b3310)
- try to publish first, and then publish binaries (#318) (1d8618c)
- upgrade graphite (#308) (4b6458a)
- use rootDirs and outDir to help oclif config find source commands (964b043)
- mocker: a bug where Content-Type was set but we didn't find it (b5a9dd8)
- validator: a bug where fastify omits hasOwnProperty in query obj (726fcff)
- validator: a bug where json object failed to parse (fbdab3c)
- --dynamic flag for CLI SO-217 (#301) (f1f27cf)
- Add binary script SO-162 (#271) (3b6b508)
- add changelog when releasing (#317) (df4aa95)
- add install script (#286) (766297d)
- add npm token to file to publish (0410836)
- add oas3 plugin (58ebc4c)
- CLI show endpoints and status SO-201 (#296) (d60830b)
- Implement header mocking functionality SO-227 (#314) (5f0c0ba)
- http-forwarder: add support for timeout and cancelToken (#309) (8e1db46)
- add some unit tests (46ac012)
- add tests and modify error response message (73db545)
- do not build (0a4a814)
- GitHub Releases and binary uploads (#279) (388df6d)
- integrate Prism with Graph (WIP) (f4d8b1e)
- release (#294) (a09dfb3)
- release manually (ab2f06e)
- release prism 3.x alpha with required scripts (6864986)
- revisit the build process (d7d307f)
- SL-2035 cli url spec (#200) (76ae24f)
- SL-2037 forbidding dirs to be supplied to --spec cli's arg (#198) (05c4b3c)
- SL-82 split mock and server commands (4ba0c28)
- SL-82 split mock and server commands (ddf87bd)
- SO-141 Problem+Json for error messages SO-141 (#270) (a5a3a67)
- support OAS json schema formats (7c3c4f5)
- throw exception when path is matched but method is not allowed. (de32fb0)
- upgrade ts (2bc6638)
- cli: add validation support and resource resolution (14b4b7d)
- config: add functional tests to meet AC (32f486b)
- core: implement a graph resource loader (431789e)
- httpConfig: add default config support and unit test (4f0a062)
- mocker: fix tests (27b74a3)
- mocker: fixed test (08c4d7f)
- mocker: integrate mocker with business logic (e4513c5)
- mocker: remove httpRequest from method signature (5163835)
- mocker: take http request into account (85f1bc0)
- negotiator: add remaining negotiator tests (944531f)
- negotiator: add unit tests for helpers (45603e9)
- negotiator: WIP tests (3776042)
- router: add matchPath function (7292957)
- router: add two more corner case tests for clarification (23dc242)
- router: implemented and unit tested router (07a31a1)
- router: lint and autofix all style issues (9eb501c)
- router: made baseUrl optional to ignore server matching (91669a8)
- router: make disambiguateMatches() private (91c2a7b)
- router: throw exceptions instead return null (ebb6d2c)
- router: WIP add disambiguation and server matching (c778ae6)
- router: WIP dummy router implementation and specs (2dc3f8b)
- sampler: add basic class structure and basic implementation (2c31635)