Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
The current version of
proxy-agent
has the packagevm2
as a dependency.vm2
has a current vulnerability found here. Unfortunatelyvm2
is no longer supported. The only mitigation is to upgradeproxy-agent
to a version that no longer relies onvm2
.I've upgraded this dependency to the latest version.
Difference
The main differences between the old and the new
proxy-agent
are:ProxyAgent
is an attribute of the exported packageProxyAgent
instance we no longer have to pass in the HTTP(S) proxy URL, it is retrieved from the environment variables.Issues addressed
#257