All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Improved request validation error messages (thanks @ilanashapiro) #2280
- Allow spec document to be requested via HTTP Basic auth via the URL parameters in Node 18+. #2279
- Put
chalk
as an explicit dependency in the HTTP package #x - Upgrade fast-xml-parser (thanks @spriggyjeff) #2262
- Do not error when there is no response content but accept header is set (thanks @ilanashapiro) #2267
- Improves handling of GET/HEAD requests in the proxy that look like they include a request body. #2260
- CLI option flag
--verboseLevel
or-v
to set log levels. #2231
- Various 3rd party dependency updates.
- Send a user-agent when fetching remote spec content. #2150
- Make x-json-schema-faker work more sensibly. #2181
- Fixed breaking change with mock command in v4.10.4. #2138
- Various 3rd party dependency updates and Dependabot configuration changes
- Fixed issue with recursive request body schemas. #2090
- Fixed issue with empty body when content-type header is set. #2103 - thanks @acolombier
- Added support for ranges of response status codes. #2065
- Update faker dependency to point to official community-maintained version. #2021 - thanks @jasonbarry
- Alphabetize properties for dynamic responses. #2041
- Fixed issue where query parameters weren't being forwarded in proxy mode. #2042
- Upgraded the minimum node engine version from 12 to 16 #2023 - thanks @jasonbarry
- Relaxed validation constraints for Postman Collections. All properties included in output are no longer marked as required in the generated json schema. Byproduct of removing dependency with security vulnerability. #2037
- Fixed deprecated usage of
parse
#1959 - thanks @jbl428 - Removed dependency that had critical security vulnerability #2037
- Upstream proxy support #1986 - thanks @DyspC
- Ignore
Content-Type
when validating a request and the body is empty instead of producing a HTTP 415. #1990
- CLI flag to control validating requests when running the proxy #1980
- When
allOf
has the effect of addingreadOnly
to a property, the property is no longer required in input. - When
allOf
has the effect of addingwriteOnly
to a property, the property is no longer required in output.
- in proxy mode, Prism does not send
Content-Encoding
header back to client as it was received from the upstream server because Prism's response is never compressed
- Prism now responds with 415 http code if request content-type does not match content-types available in operation body
- Ignoring example if prism decides to change response code #1919
- Updated dependencies #1916
- Do not check content-type for 204 code #1915
- Fixed issue with generating numbers with maximum and minimum range of
Number.MAX_VALUE
- Fixed memory leak #1881
- Added support for Deprecation header for deprecated operations #1879
- Better path matching for concrete and templated parts 1876
- Fixes issue with encoded URLs: was unable to find them in spec while mocking.
- Fixes performance regression in
prism-cli
#1860
- Fixed issue with date-time type validation #1856
- Supports readOnly writeOnly properties #1853
- Increase Max Request Size to 10mb by default #1844
- Support Circular JSON Refs #1835
- Improved the build pipeline #1834
- bumped
sanitize-html
dep to address security issue #1828
- encodeURI param names to avoid performance issues on startup #1816
- Bump @stoplight/json-schema-sampler to support
if/then/else
JSON Schema compound keywords in static mode #1792
- Accept OAS 3.1 documents #1783
- Return preferred example when validation fails #1786
- Prism is now supporting nullable validations #1782
- Yet another improvement for the returned path in Problem JSON payloads #1548
- Prism is now respecting
min/maxItems
properties in JSON Schemas #1530
- Multiple HTTP Headers coming from a proxied response are now correctly aggreagated using a
,
instead of a space. #1489 - Improved the returned path for Problem JSON payloads #1530
- Prism will now consider the first response in the document in case of the absence of a 2XX response, instead of requiring at least a successful response. #1531
- Prism will now validate that the requested code (either through prefer code header or __code query param) is a number. #1542
- When running in proxy mode and an upstream server responds with
501
, Prism will now "remock" the request and provide a meaningful response. This is a fancy way to say "if the upstream server has not yet implemented an operation, it will mock" #1426
- Fixed a type issue in the HTTP Client that would let you pass incorrect parameters #1391
- Prism will now refuse to start in case it will detect circular references. #1270
- Prism is now able to take in consideration all the responses defined for a request (typical in Postman Collection) and respond in a more appropriate way #1310
- BREAKING: The
getHttpOperationsFromSpec
has been moved from the HTTP Package to the CLI package. If you're using Prism programmatically, this might require some code changes on your side.getHttpOperationsFromResource
has been removed. #1009, #1192 - BREAKING: The
createClientFromOperations
is now exported asexport function
instead of exporting an object. If you're using Prism programmatically, this might require some code changes on your side #1009 - BREAKING: Prism does NOT support Node 8 and 10 anymore; the miminal runtime is now 12
- A significant number of dependencies has been upgraded
- Prism's Proxy feature will stop proactively requesting Compressed responses, following what is really in the OAS document #1309,#1319
- Prism is now stop to claim error for paths declared in the document that are not starting with a
/
#1340
- Prism is not returning an error anymore when trying to construct a schema for HTTP headers and query string with mixed cases property names #1268
- Since the media type parameters are not standardised (apart from the quality one), the negotiator will discard them during the matching process or simply treat them as strings/numbers without trying to guess anything more #1159
- Prism is now handling correctly hypens on both Path parameters and Query Parameters #1189, #1992
- The mock diagram has been updated to include the security validations #1141
- Prism will now correctly refuse invalid requests even when used with the
proxy
command with the--errors
flag #1101 - Autogenerated security validation errors now have the
detail
field filled with an informative message #1101 - Correctly catch some exceptions and propagate them to the CLI #1107
- All the dependencies used by the various Prism packages have been explicitily declared avoiding some resolutions problems in case you are using Prism programmatically #1072
- Prism's current options aren't overriden internally anymore because of the
Prefer
header set #1074
- Prism will not correctly consider that HTTP Security Schemes are case insensitive #1044
- Prism is now able to correctly differentiate between a preflight request and a regular
OPTIONS
request #1031 - Fixed a condition where Prism would ignore CLI flags in case the nor
Prefer
or Query String preferences were passed #1034 - Created a specific error when a 200-299 response cannot be found for a successful request #1035
- Prism now supports sending its configuration parameters through the
Prefer
header #984 - Experimental Postman Collection support #985
- Correctly evaluate the
ServerMatch
property so that Prism will prefer concrete matches over templated ones #983 - HTTP Client now correctly returns empty bodies #993
- Correctly discriminate methods in the router when server is not defined #969
- Removed double definition of the
ProblemJsonError
#965
- Correctly set
access-control-expose-headers
headers for preflight and regular responses when CORS is enabled #958 - Prism public HTTP Client fixes and docs improvements #959
- Correctly set
vary
andaccess-control-request-headers
headers for preflight and regular responses when CORS is enabled
- Replaced Fastify HTTP server with its tinier counterpart: Micri #927
- Prism's proxy will now strip all the Hop By Hop headers #921
- Prism is now normalising the media types so that when looking for compatible contents charsets and other parameters are not taken in consideration #944
- Prism's external HTTP Client is now correctly constructing the internal log object #952
- Prism will not coerce JSON Payloads anymore during the schema validation #905
- Correctly handle the possibility of a body/headers generation failure #875
- Input validation errors should not trigger a
500
status code when the--errors
flag is set to true #892
- Put
chalk
as an explicit dependency in the CLI package #854 - Make sure callbacks work on
application/x-www-form-urlencoded
data #856
- Support for encoding > allowReserved flag when validating application/x-www-form-urlencoded body #630
- Validating output status code against available response specs #648
- Support for Contract Testing #650
- The CLI will now propose operation paths with meaningful examples #671
- Prism reloads itself every time there are changes being made to the specified document #689
- Path parameters are now validated against schema #702
- The Test Harness framework now requires the
${document}
parameter explicitly #720 - Prism now includes a new
proxy
command that will validate the request coming in, send the request to an upstream server and then validate the response coming back #669 - Prism has values for path/query params bolded and in color #743
- The CLI now displays a timestamp for all the logged operations #779
- Prism has now support for OpenAPI 3.0 callbacks #716
- Prism body validator will now show allowed enum parameters in error messages #828
- Killing sub-process only if Prism is running in multi-process mode #645
- UUIDs are never generated as URNs #661
- Relative references for remote documents are now resolved correctly #669
- Core types are now correctly referenced in the HTTP package, restoring the type checks when using the package separately #701
- By upgrading Json Schema Faker to the latest version, now the schemas with
additionalProperties:false
/additionalProperties:true
/additionalProperties:object
will be correctly handled when dynamic mocking is enabled #719 - Making a request to an operation with a
deprecated
parameter is no longer causing Prism to return a 422 response #721 - The
access-control-allow-origin
header, when CORS is enabled, will now reflect the request origin AND set the Credentials header #797 - When the request is missing the
Accept
header, Prism will now effectively treat it as a*/*
, according to the respective CFP #802 - Prism will now passthrough as response anything that matches
text/*
instead of onlytext/plain
#796
- Prism is now giving precedence to
application/json
instead of using it as a "fallback" serializer, fixing some conditions where it wouldn't get triggered correctly. #604 - Prism is now taking in consideration the
required
properties for combined schemas (oneOf, allOf
). This is coming through an update to the Json Schema Faker Library #623 - Prism will never have enough information to return a
403
status code; all these occurences have been now replaced with a401
status code which is more appropriate #625 - Prism is now negotiating the error response dynamically based on the validation result (security or schema validation) instead of always returning a static order of responses #628
- Prism is now selecting proper serializer when Accept header contains content type which is missing in spec. This is a result of simplifying serializer selection approach. #620
- HEAD requests no longer fail with 406 Not Acceptable #603
- Prism is now able to validate the security specification of the loaded document #484
- Prism is not crashing anymore when referencing the same model multiple times in the specification document #552
- Prism will now correctly use the
example
keyword for a Schema Object in OpenAPI 3.0 documents #560 - Prism won't return 406 when users request a
text/plain
response whose content is a primitive (string, number) #560 - Prism's router is now able to correctly handle a path ending with a parameter, such as
/test.{format}
, while it would previously not match with anything. #561 - Prism is correctly handling the
allowEmptyValue
property in OAS2 documents #569 - Prism is correctly handling the
csv
collection format argument property in OAS2 documents #577 - Prism is correctly returning the response when the request has
*/*
as Accept header #578 - Prism is correctly returning a single root node with the payload for XML data #578
- Prism is correctly returning payload-less responses #606
- Prism is now returning CORS headers by default and responding to all the preflights requests. You can disable this behaviour by running Prism with the
--cors
flag set to false #525
- Prism now respects the
nullable
value for OpenAPI 3.x documents when generating examples #506 - Prism now loads correctly OpenAPI 3.x documents with
encodings
with non specifiedstyle
property #507 - Prism got rid of some big internal dependencies that now aren't required anymore, making it faster and lighter. #490
- Prism now correctly validates OAS2
application/x-www-urlencoded
(form data) params (#483)
- Prism is now returning a
406
error instead of an empty response in case it is not able to find a response whose content type satisfies the providedAccept
Header - Prism now respects the
q
value in theAccept
header to specify the content type preference - Prism is now returning
text/plain
when the document does not specify any Content Type for the examples - Prism is now returning the example according to the
Accept
header for OAS2 documents - Prism is now returning
404
instead of500
in case the requested named example does not exist in the document
- Prism HTTP Client is now adding 'user-agent' header with Prism/<<PRISM_VERSION>> as the value when making HTTP requests
- Prism is now using
yargs
for its command line interface, replacing oclif.
- Fixed an error in the JSON Path bundling for NPM Package download
This is nothing more than the beta 6 rebranded.
- Prism now loads correctly files from the internet with urls using query parameters #452
- Prism now correctly respects the
required
property in OpenAPI 2 body parameters #450 - Prism now validates any payload, as long it has a schema and it's parsable #446
- Prism now will tell you explicitly when a response has been constructed from a
default
response definition #445
- Internal refactoring: Prism validation process is now completely sync #400
- Prism examples generator supports
x-faker
extensions #384 — thanks @vanhoofmaarten! - Documentation reorganisation #393
- Introduced Azure Pipelines to make sure Prism works on Windows #388
- Prism has now a diagram in the readme that shows you the mocker flow #386
- Several improvements to the logging of the Http Mocker #382
- Our
application/vnd+problem.json
messages have been improved #370
- Prism is now able to parse HTTP FormData payloads #381
- Prism now works correctly on Windows thanks to some internal libraries updates #374
- Prism 3 has now a Docker Image; you can try it at
stoplight/prism:3
- Static JSON Schema examples generator gives precendece to
default
overexamples
#373
-
Prism is now logging all the negotiator phases for a better observability #323
-
The HTTP Client API has been documented #355
- Prism's build process in TypeScript has been revisited #356
- Prism can now validate servers #351
- Prism's build process received some tweaks, but there's more work to do #352
- Prism now has got a static example fallback in case the
dynamic
flag is not enabled #347
- Prism is now handling the fact that HTTP headers are case insensitive #338
- Prism is now normalising OAS2/3 schemas improving and simplyfing the validation capabilites #338
- Prism is not able to correctly handle the Content Type header #344
- Prism CLI has now a new CLI option to specify the IP Address where it will listen connections for #340
- Fixed the security issue intrisic in Axios by updating its dependency in the project #334
- Fix a bug where paremeters where undetected, returning a REQUIERD error #325
- Respect the
Accept
header when requesting content to Prism #333 - Create a LICENSE file for the project #330
- Add new GitHub ISSUES template files for the project #326
- Decouple payload generation from its serialisation #322
- a bug where http operations were not resolved (6aee679)
- add missing referenced project (7621f8a)
- add tsconfig paths to make the CLI work natively in TS SL-2369 (#219) (30298a9)
- correctly install dependencies (#302) (d3de5b1)
- dependencies (ebd2536)
- do not overwrite the default config object (bcb20f5)
- do not throw when you can't find an example (06f9435)
- error serialisation SO-195 (#274) (1199919)
- get rid of ajv console warn (b11cd48)
- get rid of resolutions (#289) (758cbfa)
- it's ok if we do not have examples or schemas (5a93f1d)
- look for 422 for invalid requests (#278) (7a1c073)
- make jest faster in startup and runtime (d9b6c2a)
- make sure http download works (#276) (01828f3)
- OAS3 integration tests and fixes SO-103 (#253) (930d29e)
- prism forwarder can work without an API in place [SL-1619]7c61c62
- Prism should read yml files too SO-200 (#299) (cbc96b2)
- prism-server should always return a response (e72c6bf)
- put oclif only where it is needed (68bf27d)
- remove explicit dependency (fd2885f)
- remove nvmrc (3eaee34)
- remove other packages and update (9eb9bfa)
- require the correct code (2e6d242)
- running
prism
cli threw exception (#190) (1893ccc) - schema faker fix (#195) (5889cc7)
- separate config concept sl-2191 (96e45fd)
- SL-2028 fixed absolute paths handling (#197) (8d668a1)
- SL-2030 disabled fastify's body serializing (#192) (7262c5f)
- SL-2192 stringify examples (#205) (bbf6492)
- SL-2377 host/forwarded headers support (#249) (f8a1131)
- SL-80 fixed router logic (7a3d35e)
- SL-80 fixed test (d1c8974)
- SL-80 more reasonable examples (68025c6)
- SL-82 created common args/flags place for cli (9f53eef)
- SO-80 added integration test (b1936e1)
- SO-80 added missing file (ff94b7b)
- SO-80 default to empty body, match even if no servers (c92e487)
- SO-80 fixed example (b7afa9b)
- SO-80 path fix (04cba58)
- SO-80 updated test name (d67d04a)
- SO-82 fixed tests (545294a)
- sync stuff should be sync (b4b3e8b)
- try to generate an example only if the schema is provided (b9b3310)
- try to publish first, and then publish binaries (#318) (1d8618c)
- upgrade graphite (#308) (4b6458a)
- use rootDirs and outDir to help oclif config find source commands (964b043)
- mocker: a bug where Content-Type was set but we didn't find it (b5a9dd8)
- validator: a bug where fastify omits hasOwnProperty in query obj (726fcff)
- validator: a bug where json object failed to parse (fbdab3c)
- --dynamic flag for CLI SO-217 (#301) (f1f27cf)
- Add binary script SO-162 (#271) (3b6b508)
- add changelog when releasing (#317) (df4aa95)
- add install script (#286) (766297d)
- add npm token to file to publish (0410836)
- add oas3 plugin (58ebc4c)
- CLI show endpoints and status SO-201 (#296) (d60830b)
- Implement header mocking functionality SO-227 (#314) (5f0c0ba)
- http-forwarder: add support for timeout and cancelToken (#309) (8e1db46)
- add some unit tests (46ac012)
- add tests and modify error response message (73db545)
- do not build (0a4a814)
- GitHub Releases and binary uploads (#279) (388df6d)
- integrate Prism with Graph (WIP) (f4d8b1e)
- release (#294) (a09dfb3)
- release manually (ab2f06e)
- release prism 3.x alpha with required scripts (6864986)
- revisit the build process (d7d307f)
- SL-2035 cli url spec (#200) (76ae24f)
- SL-2037 forbidding dirs to be supplied to --spec cli's arg (#198) (05c4b3c)
- SL-82 split mock and server commands (4ba0c28)
- SL-82 split mock and server commands (ddf87bd)
- SO-141 Problem+Json for error messages SO-141 (#270) (a5a3a67)
- support OAS json schema formats (7c3c4f5)
- throw exception when path is matched but method is not allowed. (de32fb0)
- upgrade ts (2bc6638)
- cli: add validation support and resource resolution (14b4b7d)
- config: add functional tests to meet AC (32f486b)
- core: implement a graph resource loader (431789e)
- httpConfig: add default config support and unit test (4f0a062)
- mocker: fix tests (27b74a3)
- mocker: fixed test (08c4d7f)
- mocker: integrate mocker with business logic (e4513c5)
- mocker: remove httpRequest from method signature (5163835)
- mocker: take http request into account (85f1bc0)
- negotiator: add remaining negotiator tests (944531f)
- negotiator: add unit tests for helpers (45603e9)
- negotiator: WIP tests (3776042)
- router: add matchPath function (7292957)
- router: add two more corner case tests for clarification (23dc242)
- router: implemented and unit tested router (07a31a1)
- router: lint and autofix all style issues (9eb501c)
- router: made baseUrl optional to ignore server matching (91669a8)
- router: make disambiguateMatches() private (91c2a7b)
- router: throw exceptions instead return null (ebb6d2c)
- router: WIP add disambiguation and server matching (c778ae6)
- router: WIP dummy router implementation and specs (2dc3f8b)
- sampler: add basic class structure and basic implementation (2c31635)