From ad5627a0eddda83e0b706ff6c6df2d8d4bde2c53 Mon Sep 17 00:00:00 2001 From: Utkarsh Maheshwari Date: Thu, 14 Mar 2024 11:35:35 +0530 Subject: [PATCH 1/7] Fix types for `pm.execution.setNextRequest` --- lib/sandbox/pmapi.js | 1 + types/index.d.ts | 19 ++++++++----------- types/sandbox/prerequest.d.ts | 19 ++++++++----------- types/sandbox/test.d.ts | 17 +++++++---------- 4 files changed, 24 insertions(+), 32 deletions(-) diff --git a/lib/sandbox/pmapi.js b/lib/sandbox/pmapi.js index 16249e7f..ef742c93 100644 --- a/lib/sandbox/pmapi.js +++ b/lib/sandbox/pmapi.js @@ -298,6 +298,7 @@ function Postman (execution, onRequest, onSkipRequest, onAssertion, cookieStore, * running the collection. Passing `null` stops the collection run * after the current request is executed. * + * @instance * @param {string|null} request - name of the request to run next */ setNextRequest: function setNextRequest (request) { diff --git a/types/index.d.ts b/types/index.d.ts index 5018699f..2d416bc8 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -1,4 +1,4 @@ -// Type definitions for postman-sandbox 4.5.0 +// Type definitions for postman-sandbox 4.5.1 // Project: https://github.com/postmanlabs/postman-sandbox // Definitions by: PostmanLabs // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped @@ -254,16 +254,6 @@ declare interface Visualizer { clear(): void; } -declare namespace Execution { - /** - * Sets the next request to be run after the current request, when - * running the collection. Passing `null` stops the collection run - * after the current request is executed. - * @param request - name of the request to run next - */ - function setNextRequest(request: string | null): void; -} - declare interface Execution { request: any; response: any; @@ -275,6 +265,13 @@ declare interface Execution { * The path of the current request. */ location: ExecutionLocation; + /** + * Sets the next request to be run after the current request, when + * running the collection. Passing `null` stops the collection run + * after the current request is executed. + * @param request - name of the request to run next + */ + setNextRequest(request: string | null): void; } declare interface ExecutionLocation extends Array { diff --git a/types/sandbox/prerequest.d.ts b/types/sandbox/prerequest.d.ts index be96c103..7f8d526a 100644 --- a/types/sandbox/prerequest.d.ts +++ b/types/sandbox/prerequest.d.ts @@ -1,4 +1,4 @@ -// Type definitions for postman-sandbox 4.5.0 +// Type definitions for postman-sandbox 4.5.1 // Project: https://github.com/postmanlabs/postman-sandbox // Definitions by: PostmanLabs // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped @@ -113,16 +113,6 @@ declare interface Visualizer { clear(): void; } -declare namespace Execution { - /** - * Sets the next request to be run after the current request, when - * running the collection. Passing `null` stops the collection run - * after the current request is executed. - * @param request - name of the request to run next - */ - function setNextRequest(request: string | null): void; -} - declare interface Execution { /** * Stops the current request and its scripts from executing. @@ -133,6 +123,13 @@ declare interface Execution { * The path of the current request. */ location: ExecutionLocation; + /** + * Sets the next request to be run after the current request, when + * running the collection. Passing `null` stops the collection run + * after the current request is executed. + * @param request - name of the request to run next + */ + setNextRequest(request: string | null): void; } declare interface ExecutionLocation extends Array { diff --git a/types/sandbox/test.d.ts b/types/sandbox/test.d.ts index 9660d936..af43315a 100644 --- a/types/sandbox/test.d.ts +++ b/types/sandbox/test.d.ts @@ -1,4 +1,4 @@ -// Type definitions for postman-sandbox 4.5.0 +// Type definitions for postman-sandbox 4.5.1 // Project: https://github.com/postmanlabs/postman-sandbox // Definitions by: PostmanLabs // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped @@ -119,21 +119,18 @@ declare interface Visualizer { clear(): void; } -declare namespace Execution { +declare interface Execution { + /** + * The path of the current request. + */ + location: ExecutionLocation; /** * Sets the next request to be run after the current request, when * running the collection. Passing `null` stops the collection run * after the current request is executed. * @param request - name of the request to run next */ - function setNextRequest(request: string | null): void; -} - -declare interface Execution { - /** - * The path of the current request. - */ - location: ExecutionLocation; + setNextRequest(request: string | null): void; } declare interface ExecutionLocation extends Array { From 03ec5b4d45f84239581f4880249d7d72abaf4df9 Mon Sep 17 00:00:00 2001 From: Utkarsh Maheshwari Date: Thu, 14 Mar 2024 11:39:01 +0530 Subject: [PATCH 2/7] Update CHANGELOG --- CHANGELOG.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.yaml b/CHANGELOG.yaml index 48a164d7..0f218fab 100644 --- a/CHANGELOG.yaml +++ b/CHANGELOG.yaml @@ -1,3 +1,7 @@ +unreleased: + fixed bugs: + - GH-986 Fixed the types for `pm.execution.setNextRequest` + 4.6.0: date: 2024-03-13 fixed bugs: From 4f417c29e5a64b6b0c2d1579aa10228c2da1193c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 17 Mar 2024 01:30:47 +0000 Subject: [PATCH 3/7] Bump follow-redirects from 1.15.5 to 1.15.6 Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.5 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5d08fcce..d223b0ae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2823,9 +2823,9 @@ "dev": true }, "follow-redirects": { - "version": "1.15.5", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", - "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==", + "version": "1.15.6", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", "dev": true }, "foreach": { From 66773050972fc2d4473c1e543d2e72a8a76da184 Mon Sep 17 00:00:00 2001 From: Udit Vasu Date: Tue, 26 Mar 2024 21:23:35 +0530 Subject: [PATCH 4/7] Sanitize the global scope by deleting the timers properties --- CHANGELOG.yaml | 1 + lib/sandbox/cookie-store.js | 2 +- lib/sandbox/index.js | 9 +++++---- lib/sandbox/timers.js | 20 ++++++++++++-------- test/unit/sandbox-sanity.test.js | 1 - 5 files changed, 19 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.yaml b/CHANGELOG.yaml index 0f218fab..2167c3e2 100644 --- a/CHANGELOG.yaml +++ b/CHANGELOG.yaml @@ -1,6 +1,7 @@ unreleased: fixed bugs: - GH-986 Fixed the types for `pm.execution.setNextRequest` + - GH-990 Sanitized the global scope by deleting the timers properties 4.6.0: date: 2024-03-13 diff --git a/lib/sandbox/cookie-store.js b/lib/sandbox/cookie-store.js index e45281d1..c2404ff9 100644 --- a/lib/sandbox/cookie-store.js +++ b/lib/sandbox/cookie-store.js @@ -75,7 +75,7 @@ STORE_METHODS.forEach(function (method) { // This timeout ensures that the event is processed asynchronously // without blocking the rest of the script execution. // Refer: https://github.com/postmanlabs/postman-app-support/issues/11064 - setTimeout(() => { + this.timers.wrapped.setTimeout(() => { // finally, dispatch event over the bridge this.emitter.dispatch(eventName, eventId, EVENT_STORE_ACTION, method, args); }); diff --git a/lib/sandbox/index.js b/lib/sandbox/index.js index f0b1aab0..156c7c39 100644 --- a/lib/sandbox/index.js +++ b/lib/sandbox/index.js @@ -19,6 +19,9 @@ */ /* global bridge */ +// Setup Timerz before we delete the global timers +require('./timers'); + // Although we execute the user code in a well-defined scope using the uniscope // module but still to cutoff the reference to the globally available properties // we sanitize the global scope by deleting the forbidden properties in this UVM @@ -35,9 +38,7 @@ 'require', 'eval', 'console', // 3. allow uvm internals because these will be cleared by uvm itself at the end. // make sure any new property added in uvm firmware is allowed here as well. - 'bridge', '__uvm_emit', '__uvm_dispatch', '__uvm_addEventListener', - // 4.allow all the timer methods - 'setTimeout', 'clearTimeout', 'setInterval', 'clearInterval', 'setImmediate', 'clearImmediate' + 'bridge', '__uvm_emit', '__uvm_dispatch', '__uvm_addEventListener' ]), deleteProperty = function (key) { // directly delete the property without setting it to `null` or `undefined` @@ -78,7 +79,7 @@ require('./purse'); // setup the ping-pong and execute routines bridge.on('ping', require('./ping').listener('pong')); -// initialise execution +// initialize execution require('./execute')(bridge, { console: (typeof console !== 'undefined' ? console : null), window: (typeof window !== 'undefined' ? window : null) diff --git a/lib/sandbox/timers.js b/lib/sandbox/timers.js index facd68f2..9e6f4fc7 100644 --- a/lib/sandbox/timers.js +++ b/lib/sandbox/timers.js @@ -1,5 +1,5 @@ /** - * @fileoverview This file contains the module that is required to enable specialised timers that have better control + * @fileOverview This file contains the module that is required to enable specialized timers that have better control * on a global level. * * @todo - the architecture of this sucks even if this "works". @@ -13,7 +13,7 @@ const /** FUNCTION = 'function', /** - * The set of timer function names. We use this array to define common behaviour of all setters and clearer timer + * The set of timer function names. We use this array to define common behavior of all setters and clearer timer * functions * * @constant {Array.} @@ -21,7 +21,7 @@ const /** timerFunctionNames = ['Timeout', 'Interval', 'Immediate', 'Event'], /** - * This object defines a set of timer function names that are trigerred a number of times instead of a single time. + * This object defines a set of timer function names that are triggered a number of times instead of a single time. * Such timers, when placed in generic rules, needs special attention. * * @constant {Array.} @@ -54,7 +54,7 @@ const /** * * @note This is a very important piece of code from compatibility standpoint. * The global timers need to be returned as a function that does not hold reference to the scope - * and does not retain references to scope. Aditionally, the invocation of the timer function is + * and does not retain references to scope. Additionally, the invocation of the timer function is * done without changing the scope to avoid Illegal Invocation errors. * * `timerFunctionNames` returns the suffixes of all timer operations that needs a @@ -82,13 +82,17 @@ const /** isGlobalClearAvailable = (new Function(`return typeof clear${name} === 'function'`))(); if (isGlobalSetterAvailable) { - // eslint-disable-next-line no-new-func - timers[('set' + name)] = (new Function(`return function (fn, ms) { return set${name}(fn, ms); }`))(); + timers[`set${name}`] = ( + // eslint-disable-next-line no-new-func + new Function('_setFn', `return function set${name} (fn, ms) { return _setFn(fn, ms); }`) + )(this[`set${name}`]); } if (isGlobalClearAvailable) { - // eslint-disable-next-line no-new-func - timers[('clear' + name)] = (new Function(`return function (id) { return clear${name}(id); }`))(); + timers[`clear${name}`] = ( + // eslint-disable-next-line no-new-func + new Function('_clearFn', `return function clear${name} (id) { return _clearFn(id); }`) + )(this[`clear${name}`]); } return timers; diff --git a/test/unit/sandbox-sanity.test.js b/test/unit/sandbox-sanity.test.js index 70f92cde..d3512b89 100644 --- a/test/unit/sandbox-sanity.test.js +++ b/test/unit/sandbox-sanity.test.js @@ -86,7 +86,6 @@ describe('sandbox', function () { var ignoredProps = [ 'TEMPORARY', 'PERSISTENT', // DedicatedWorkerGlobalScope constants (in Browser) 'require', 'eval', 'console', // uniscope ignored - 'setTimeout', 'clearTimeout', 'setInterval', 'clearInterval', 'setImmediate', 'clearImmediate' ] var propNames = []; From 4f5f55312a91df5ab3f3181d4ddfdcf3f8ced607 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Mar 2024 22:04:44 +0000 Subject: [PATCH 5/7] Bump terser from 5.29.1 to 5.30.0 Bumps [terser](https://github.com/terser/terser) from 5.29.1 to 5.30.0. - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/compare/v5.29.1...v5.30.0) --- updated-dependencies: - dependency-name: terser dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5d08fcce..bc256a1b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6147,9 +6147,9 @@ "integrity": "sha512-j1llvWVFyEn/6XIFDfX5LAU43DXe0GCt3NfXDwJ8XpRRMkS+i50SAkonAONBy+vxwPFBd50MFU8a2uj8R/ccLg==" }, "terser": { - "version": "5.29.1", - "resolved": "https://registry.npmjs.org/terser/-/terser-5.29.1.tgz", - "integrity": "sha512-lZQ/fyaIGxsbGxApKmoPTODIzELy3++mXhS5hOqaAWZjQtpq/hFHAc+rm29NND1rYRxRWKcjuARNwULNXa5RtQ==", + "version": "5.30.0", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.30.0.tgz", + "integrity": "sha512-Y/SblUl5kEyEFzhMAQdsxVHh+utAxd4IuRNJzKywY/4uzSogh3G219jqbDDxYu4MXO9CzY3tSEqmZvW6AoEDJw==", "dev": true, "requires": { "@jridgewell/source-map": "^0.3.3", From 75dd177df02c6ea76b17b161c5c60db86d59bf59 Mon Sep 17 00:00:00 2001 From: Udit Vasu Date: Mon, 1 Apr 2024 13:32:11 +0530 Subject: [PATCH 6/7] Update CHANGELOG --- CHANGELOG.yaml | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.yaml b/CHANGELOG.yaml index 2167c3e2..823b47fa 100644 --- a/CHANGELOG.yaml +++ b/CHANGELOG.yaml @@ -2,6 +2,8 @@ unreleased: fixed bugs: - GH-986 Fixed the types for `pm.execution.setNextRequest` - GH-990 Sanitized the global scope by deleting the timers properties + chores: + - Updated dependencies 4.6.0: date: 2024-03-13 diff --git a/package.json b/package.json index 71c8f842..ac167bc7 100644 --- a/package.json +++ b/package.json @@ -89,7 +89,7 @@ "shelljs": "^0.8.5", "sinon": "^12.0.1", "sinon-chai": "^3.7.0", - "terser": "^5.29.1", + "terser": "^5.30.0", "tsd-jsdoc": "^2.5.0", "tv4": "1.3.0", "uniscope": "2.2.0", From 7bfadb57304a59aa0b42af667063ab397bdde056 Mon Sep 17 00:00:00 2001 From: Udit Vasu Date: Mon, 1 Apr 2024 13:32:56 +0530 Subject: [PATCH 7/7] Release v4.6.1 --- CHANGELOG.yaml | 3 ++- package-lock.json | 2 +- package.json | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.yaml b/CHANGELOG.yaml index 823b47fa..36b636d9 100644 --- a/CHANGELOG.yaml +++ b/CHANGELOG.yaml @@ -1,4 +1,5 @@ -unreleased: +4.6.1: + date: 2024-04-01 fixed bugs: - GH-986 Fixed the types for `pm.execution.setNextRequest` - GH-990 Sanitized the global scope by deleting the timers properties diff --git a/package-lock.json b/package-lock.json index d8ad080c..9704e5a8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "postman-sandbox", - "version": "4.6.0", + "version": "4.6.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index ac167bc7..7162fc71 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "postman-sandbox", - "version": "4.6.0", + "version": "4.6.1", "description": "Sandbox for Postman Scripts to run in Node.js or browser", "author": "Postman Inc.", "license": "Apache-2.0",