Closed szaboopeeter closed 7 months ago
This solution is not complete, I'm not sure how I missed this - apparently the npm commands I ran to build/watch this were not building what I expected. Will close this for now, and re-open if I have time to clean it up. But either way - reading through the discussions linked in the description I still think this is probably the best route to take sans superagent-proxy pushing a new version with upgarded proxy-agent.
Use proxy-agent instead of superagent-proxy to get rid of vm2
Resolves: #5035, resolves: #5030, resolves: #4921
vm2
is a deprecated package with critical security issues.For details see:
@ionic-cli
hasvm2
in its dependency tree viasuperagent-proxy@3.0.0
There has been multiple issues and PRs in
superagent-proxy
about this. See https://github.com/TooTallNate/superagent-proxy/pull/50 for example. But even after months, no solution has been taken in their repo. Which prompted many of the consumers of this library to just cutsuperagent-proxy
and fall back toproxy-agent
.One such examples is Microsoft's appcenter-cli, whose approach I followed. Refer to for details on their corresponding PR: https://github.com/microsoft/appcenter-cli/pull/2387
Note:
proxy-agent
has already gotten rid ofvm2
as a dependency: https://github.com/TooTallNate/proxy-agents/pull/224Test results
Tested the change locally by:
HTTPS_PROXY
env variable to a local proxy instance (Charles Proxy)See below: