Chore(deps): bump postman-runtime from 7.39.1 to 7.43.0

[dependabot]

Bumps postman-runtime from 7.39.1 to 7.43.0.

Changelog

Sourced from postman-runtime's changelog.

7.43.0: date: 2024-10-30 new features: - GH-1478 Added support for lazily fetching vault access status fixed bugs: - >- GH-1480 Fixed a bug where vault domain matching did not work with port in URL

7.42.0: date: 2024-09-04 new features: - GH-1452 Enabled async access to vault secrets - GH-1413 Added support for initializing local variables chores: - GH-1452 Update dependencies

7.41.2: date: 2024-08-16 fixed bugs: - Fixed a bug where script host was not disposed after the run chores: - GH-1443 Added support for agentIdleTimeout configuration

7.41.1: date: 2024-08-06 chores: - Updated dependencies

7.41.0: date: 2024-08-01 new features: - GH-1427 Added support for HTTP/2. Configurable via protocolVersion - GH-1412 Added support for pm.vault in scripts fixed bugs: - >- GH-1433 Fixed a bug where errors from pm.sendRequest were not transmitted correctly - GH-1437 Bailed out from executing empty scripts chores: - GH-1426 Added variable to track the downloaded content size in response - Updated dependencies

7.40.0: date: 2024-06-19 new features: - GH-1415 Added support for top-level await in scripts chores: - GH-1415 Updated postman-sandbox to v5.0.0 - GH-1418 Dropped support for Node.js < v16

... (truncated)

Commits

• b4f8101 Merge branch 'release/7.43.0'
• f21b654 Release v7.43.0
• e5b3f69 Update changelog
• ec6c130 Add support for lazily fetching vault access status (#1478)
• 9efdc9d Fix domain regex to match doimains with or without port (#1480)
• 90a805b Merge branch 'release/7.42.0'
• f06a951 Merge branch 'release/7.42.0' into develop
• 1308c7b Release v7.42.0
• 7ddff0f Integrated async access to vault secrets (#1452)
• 7c6debc Added option to initialise local variables (#1413)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[brennx0r]

Would love to see this update as npm audit for projects using the latest version of newman will flag on the need for this update. Specifically, on a package used by postman-runtime

npm audit report

jose 3.0.0 - 4.15.4
Severity: moderate
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext - GHSA-hhhv-q57g-882q