[Snyk] Upgrade https-proxy-agent from 2.1.1 to 5.0.0

[snyk-bot]

Snyk has created this PR to upgrade https-proxy-agent from 2.1.1 to 5.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 9 versions ahead of your current version.
• The recommended version was released a year ago, on 2020-02-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Mature
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: https-proxy-agent

• 5.0.0 - 2020-02-07
  

  Major Changes

  • Refactor to TypeScript: #95
• 4.0.0 - 2019-12-10
  

  Major Changes

  • Set "engines" requirement to node 6.0.0: #82
  • Update dependencies: c846a68

  Minor Changes

  • Update debug to v4.0.0: #82

  Patches

  • Use localhost instead of 127.0.0.1 in tests: 829905f

  Credits

  Huge thanks to @ Krinkle for helping!

• 3.0.1 - 2019-10-23
  

  Patches

  • Update proxy to v1.0.1: 7ce932a
  • Add GitHub Actions for Node CI: 67f71c6
  • Delete .travis.yml: 3b680ba
  • Replace Travis CI status badge with workflow status badge: #80
  • Use a net.Socket instead of a plain EventEmitter for replaying proxy errors: #83
  • Test CI on "push to master" and "pull request": 11d4677

  Credits

  Huge thanks to @ lpinca for helping!

• 3.0.0 - 2019-10-07
  

  This release fixes the MitM vulnerability reported via HackerOne. It is a breaking change because Node 4, 5, and 7 are no longer tested in CI (note that Node 6 is still supported).

  Major Changes

  • Remove Node 5 and 7 from Travis: 590bc8b
  • Remove Node 4 from Travis: 6c804a2

  Minor Changes

  • Update proxy to v1.0.0: d0e3c18
  • Test on Node.js 10 and 12: 3535951
  • Fix compatibility with Node.js >= 10.0.0: #73
  • Add .editorconfig file: 06ead2f
  • Add .eslintrc.js file: ae53572

  Patches

  • Update README with correct secureProxy behavior: #65
  • Remove unreachable code: 46aad09
  • [TypeScript] Allow port to be a string: #72
  • Use an EventEmitter to replay failed proxy connect HTTP requests: #77

  Credits

  Huge thanks to @ lpinca, @ stoically, and @ zkochan for helping!

• 2.2.4 - 2019-10-25
  

  Patches

  • Add .editorconfig file: a0d4a20
  • Add .eslintrc.js file: eecea74
  • Use a net.Socket instead of a plain EventEmitter for replaying proxy errors: #83
  • Remove unused stream module: 9fdcd47

  Credits

  Huge thanks to @ lpinca for helping!

• 2.2.3 - 2019-10-22
  

  Patches

  • Update README with actual secureProxy behavior: #65
  • Update proxy to v1.0.0: d0e3c18
  • Remove unreachable code: 46aad09
  • Test on Node.js 10 and 12: 3535951
  • Fix compatibility with Node.js >= 10.0.0: #73
  • Use an EventEmitter to replay failed proxy connect HTTP requests: #77

  Credits

  Huge thanks to @ stoically, @ lpinca, and @ zkochan for helping!

• 2.2.2 - 2019-07-06
  

  Patches

  • Remove package-lock.json: c881009
  • Ignore test directory, History.md and .travis.yml when creating npm package. Fixes #42: #45
  • Update agent-base to v4.2: #50
  • Add TypeScript type definitions: #66
  • Feat(typescript): Allow input to be options or string: #68
  • Update agent-base to v4.3: #69

  Credits

  Huge thanks to @ marco-c, @ tareqhs, @ ianhowe76, and @ BYK for helping!

• 2.2.1 - 2018-03-29
  

  Patches

  • Add defaultPort field: #43

  Credits

  Huge thanks to @ jan-auer for helping!

• 2.2.0 - 2018-03-03
  

  Minor Changes

  • Use Buffer.from(): 1c24219
  • Add "engines" to package.json: a277922
• 2.1.1 - 2017-11-28
  

  Release 2.1.1

from https-proxy-agent GitHub release notes

Commit messages

Package name: https-proxy-agent

• 8fdb1a5 5.0.0
• 0379e01 Refactor to TypeScript (#95)
• 176d4b4 4.0.0
• 451edbb Prettier
• 829905f Use `localhost` instead of `127.0.0.1` in tests
• c846a68 Update dependencies
• 0e98671 Update `debug` to v4.0.0 (#82)
• 81574d0 Set "engines" requirement to node 6.0.0 (#82)
• c562fb6 3.0.1
• 11d4677 Test CI on "push to master" and "pull request"
• 2ee9793 Remove unused `stream` module
• 4c0d37e Use a `net.Socket` instead of a plain `EventEmitter` for replaying proxy errors (#83)
• 9d30891 Delete `History.md` file
• 03879f5 Replace Travis CI status badge with workflow status badge (Send version nodesecurity/nsp#80)
• 0638f19 Remove "with" from build name
• 3b680ba Delete `.travis.yml`
• 67f71c6 Add GitHub Actions for Node CI
• 7ce932a Update `proxy` to v1.0.1
• 200cc9f 3.0.0
• c6c6d9d Remove commented code
• 3a5420d Prettier
• ae53572 Add `.eslintrc.js` file
• 06ead2f Add `.editorconfig` file
• 36d8cf5 Use an `EventEmitter` to replay failed proxy connect HTTP requests (#77)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs