Skip to content

CRITICAL: Disable Newman CI workflows due to supply chain attack #4646

New issue
New issue
Closed
#4647
Closed
CRITICAL: Disable Newman CI workflows due to supply chain attack#4646
#4647
Assignees
quiet-node
Labels
internalFor changes that affect the project's internal workings but not its outward-facing functionality.
Milestone
0.74.0
@quiet-node

Description

@quiet-node
quiet-node
opened on Nov 25, 2025

Issue

The newman package has been compromised in a supply chain attack. All CI workflows using Newman must be disabled immediately to prevent execution of potentially malicious code.

Action Taken

  • All CI workflows containing Newman have been disabled
  • Newman execution paths have been commented out with security warnings
  • DO NOT UPDATE newman package

Next Steps

  • Identify and evaluate secure alternatives to Newman for API testing
  • Update CI workflows with the chosen alternative
  • Remove Newman dependency once replacement is verified

Metadata

Metadata

Assignees

Labels

internalFor changes that affect the project's internal workings but not its outward-facing functionality.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions