Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove use of superagent-proxy #126

Closed
tommoor opened this issue Dec 3, 2023 · 0 comments
Closed

Remove use of superagent-proxy #126

tommoor opened this issue Dec 3, 2023 · 0 comments

Comments

@tommoor
Copy link

tommoor commented Dec 3, 2023

Hey @jonkemp thanks for this useful module. Unfortunately the module depends on vm2 which has critical security vulnerabilities and is no longer maintained.

Fortunately the vm2 dependency is introduced through the use of superagent-proxy which according to the author doesn't really have a reason to exist anymore.

I suggest that superagent-proxy should also drop the parameter in .proxy(), and simply apply the ProxyAgent instance. Typing this out, I question whether this module even needs to exist anymore, since it's essentially would just boil down to:

I think we could remediate the security issue by removing this package with a small patch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonkemp @tommoor