Please fix security issues

[vbtelus]

This project has several vulnerabilities in the dependencies as reported by npm audit.

1. Newman Version (can be found via newman -v): 4.1.0
2. OS details (type, version, and architecture): macOS Version 10.13.6
3. Are you using Newman as a library, or via the CLI?: library
4. Did you encounter this recently, or has this bug always been there: since npm 5.7 added npm audit command
5. Expected behaviour: 0 vulnerabilities found
6. Command / script used to run Newman: npm audit on project that has "newman": "^4.1.0", ad dev dependency
7. Sample collection, and auxiliary files (minus the sensitive details):
8. Screenshots (if applicable):
   

Steps to reproduce the problem:

1. create new node project
2. add newman as dev dependency
3. run npm i
4. run npm audit
5. observe audit report with 3 high vulnerabilites

[kunagpal]

@vbtelus Thanks for opening this issue. Due to increased friction resulting from hawk being included in request, it was replaced with an in-house implementation here and removed in request v2.87.0. The v4.1.0 release of Newman uses a fork of request based off of v2.86.1. The current unreleased version of Newman effectively uses v2.88.1 (as can be seen here: https://github.com/postmanlabs/newman/blob/develop/package.json#L55). Thus, these vulnerabilities will be addressed in the next Newman release.

If you'd like, you can follow the original discussion that resulted in the removal of hawk from request here: request/request#2831

[kunagpal]

@vbtelus Newman v4.2.1 resolves the first and third vulnerabilities, the second will require code changes in our dependency chain. I'll keep this issue open until that is resolved.

[kunagpal]

@vbtelus This has been fixed in v4.2.2