Use proxy-agent instead of superagent-proxy #5042
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use proxy-agent instead of superagent-proxy to get rid of vm2
Resolves: #5035, resolves: #5030, resolves: #4921
vm2
is a deprecated package with critical security issues.For details see:
@ionic-cli
hasvm2
in its dependency tree viasuperagent-proxy@3.0.0
There has been multiple issues and PRs in
superagent-proxy
about this. See TooTallNate/superagent-proxy#50 for example. But even after months, no solution has been taken in their repo. Which prompted many of the consumers of this library to just cutsuperagent-proxy
and fall back toproxy-agent
.One such examples is Microsoft's appcenter-cli, whose approach I followed. Refer to for details on their corresponding PR: microsoft/appcenter-cli#2387
Note:
proxy-agent
has already gotten rid ofvm2
as a dependency: TooTallNate/proxy-agents#224Test results
Tested the change locally by:
HTTPS_PROXY
env variable to a local proxy instance (Charles Proxy)See below: