Closed ivarprudnikov closed 4 years ago
Npm audit found a vulnerability in https-proxy-agent used by this module.
https-proxy-agent
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Machine-In-The-Middle │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ https-proxy-agent │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.0.0 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ speedtest-net [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ speedtest-net > https-proxy-agent │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/1184 │ └───────────────┴──────────────────────────────────────────────────────────────┘
The only non vulnerable version at this time is https-proxy-agent@3.0.0 and up.
https-proxy-agent@3.0.0
According to release docs the breaking change is only due to:
It is a breaking change because Node 4, 5, and 7 are no longer tested in CI (note that Node 6 is still supported).
More info in https-proxy-agent releases page https://github.com/TooTallNate/node-https-proxy-agent/releases
This is a duplicate of #93 which has a pending pull request
Npm audit found a vulnerability in
https-proxy-agent
used by this module.The only non vulnerable version at this time is
https-proxy-agent@3.0.0
and up.According to release docs the breaking change is only due to:
More info in
https-proxy-agent
releases page https://github.com/TooTallNate/node-https-proxy-agent/releases