[Snyk] Security upgrade proxy-agent from 2.3.1 to 4.0.0

Open snyk-bot opened this issue 4 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	778/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: proxy-agent

The new version differs by 17 commits.

b9fcf37 4.0.0
d18c6bd Update `agent-base` to v6 (#55)
4af6f5e 3.1.1
af5434d Update "pack-proxy-agent" to v3.0.1
cd18ccf Use `localhost` instead of `127.0.0.1` for tests
778ea05 Update dependencies
70ffd00 Meh…
1a1abb5 Use GH Actions instead of Travis-CI
3588645 Update `https-proxy-agent` to v3.0.0 (#47)
10ff67b 3.1.0
063ad8f Remove `package-lock.json` file
199f29f Add TypeScript types (#34)
bfe9ec5 3.0.3
d32e248 Upgrade pac-proxy-agent to 3.x (#31)
d392bc7 Release 3.0.1 (#30)
d67cb23 Update `socks-proxy-agent` to v4.0.1 (#26)
65fcf7a Release 3.0.0 (#22)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Apr 01 '21 02:04 snyk-bot

Codecov Report

Merging #68 (b82c605) into master (40bf197) will not change coverage. The diff coverage is n/a.

:exclamation: Current head b82c605 differs from pull request most recent head 659bbc1. Consider uploading reports for the commit 659bbc1 to get more accurate results

@@           Coverage Diff           @@
##           master      #68   +/-   ##
=======================================
  Coverage   83.87%   83.87%           
=======================================
  Files           1        1           
  Lines         217      217           
=======================================
  Hits          182      182           
  Misses         35       35

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 40bf197...659bbc1. Read the comment docs.

Apr 01 '21 02:04 codecov[bot]