Audit alert in dependencies newman@v6.2.2

[JoaquimFlavio]

We are receiving npm audit alerts due to vulnerabilities in transitive dependencies of newman (v6.2.2).

Dependency QS:

├─┬ newman@6.2.2
│ ├─┬ postman-request@2.88.1-postman.48
│ │ └── qs@6.14.2
│ └─┬ postman-runtime@7.39.1
│   └─┬ postman-request@2.88.1-postman.34
│     └── qs@6.5.5

Dependency node-forge:

└─┬ newman@6.2.2
  └─┬ postman-runtime@7.39.1
    └── node-forge@1.3.1

I noticed that postman-runtime has been updated recently on npm, and looks to solve this issue. However, in newman@6.2.2, the dependency is locked to version 7.39.1.

Are there any plans to release a new version of newman that updates postman-runtime to a more recent version, potentially resolving these audit warnings?

[juanitosvq]

someone opened a PR to address this:
#3345

[JoaquimFlavio]

Great!
I hope this fix is ​​in the next version; the pipeline is alerting us quite a bit. lol

[JoaquimFlavio]

@juanitosvq the autor closed the pr #3345... so I opened a new one: #3351