dhuang612
commented
4 years ago @criticalfault
Hey I took a look the line that changed under package.lock was this
"from": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln",for the following package:
"https-proxy-agent-snyk-fork"I'm investigating into this now and will update this comment with a response.
updated
reviewed synk and found out that they had to update the https-proxy-agent-snyk-fork package to remove a man in the middle vulnerability. https://snyk.io/vuln/npm:https-proxy-agent
suggested fix is to update snyk cli to the latest version.
Issue is now resolved, please try the latest version of the cli 1.230.6https://github.com/snyk/snyk/issues/796
It looks like they temp pinned the version for a bit while they were fixing the error so they gave a direct link to download the package from. Now that the issue is resolved they removed that and now you let it download like normal
added in travis.yml file following: https://docs.travis-ci.com/user/languages/javascript-with-nodejs/
Please let me know if anything else needs to be changed.