[Security] Bump https-proxy-agent from 1.0.0 to 2.2.1

[dependabot-preview[bot]]

Bumps https-proxy-agent from 1.0.0 to 2.2.1. This update includes security fixes.

Vulnerabilities fixed

Sourced from The Sonatype OSS Index.

CWE-20: Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Affected versions: <=2.1.1

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects https-proxy-agent https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized memory leak.

Affected versions: < 2.2.0

Sourced from The Node Security Working Group.

Denial of Service https-proxy-agent passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak

Affected versions: <=2.1.1

Release notes

Sourced from https-proxy-agent's releases.

2.2.1

Patches

• Add defaultPort field: #43

Credits

Huge thanks to jan-auer for helping!

2.2.0

Minor Changes

• Use Buffer.from(): 1c24219df87524e6ed973127e81f30801d658f07
• Add "engines" to package.json: a27792225b652c5483247c96654d40bda27873d0

Changelog

Sourced from https-proxy-agent's changelog.

2.2.0 / 2018-03-03

• Add "engines" to package.json - requires Node.js >= 4.5.0
• Use Buffer.from()

2.1.1 / 2017-11-28

• Update debug - Security Problems with Previous Version (#38)

2.1.0 / 2017-08-08

• only include the port number in the Host header when non-default port (#22)
• set ALPN to "http 1.1" by default when using tlsproxy (#25)
• only set ALPNProtocols when the property does not already exist
• support SNI (#14)

2.0.0 / 2017-06-26

• rename https-proxy-agent.js to index.js
• update dependencies and remove semver-specific test case
• update agent-base to v4
• remove extend dependency
• :arrow_up: update minimum version of debug dependency
• opts/options
• drop Node versions < v4 from Travis-CI
• test Node.js 5, 6, 7 and 8 on Travis-CI
• README: remove outdated secureEndpoint reference
• README: remove secureEndpoint docs, add headers
• https-proxy-agent: add support for proxy "headers"

Commits

• 8c3a75b 2.2.1
• 84a1210 Add defaultPort field (#43)
• b9d5b7e 2.2.0
• a277922 Add "engines" to package.json
• 1c24219 Use Buffer.from()
• c58d365 Release 2.1.1
• 7d221cf Update Debug - Security Problems with Previous Version (#38)
• 5543d28 Release 2.1.0
• d7a4c70 only include the port number in the Host header when non-default port
• ed300a4 only set ALPNProtocols when the property does not already exist
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[digitalcitizenship]

	Warnings
:warning:	Please include a Pivotal story at the beginning of the PR title (see below).

Example of PR titles that include pivotal stories:

• single story: [#123456] my PR title
• multiple stories: [#123456,#123457,#123458] my PR title

Generated by :no_entry_sign: dangerJS

[codecov[bot]]

Codecov Report

Merging #355 into master will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #355   +/-   ##
=======================================
  Coverage   91.64%   91.64%           
=======================================
  Files          42       42           
  Lines        1914     1914           
  Branches      217      217           
=======================================
  Hits         1754     1754           
  Misses        155      155           
  Partials        5        5

[dependabot-preview[bot]]

A newer version of https-proxy-agent exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.