Https-agent-proxy is vulnerable

mmanela / chutzpah

Chutzpah is an open source JavaScript test runner which enables you to run unit tests using QUnit, Jasmine, Mocha and TypeScript.

http://mmanela.github.io/chutzpah/

Apache License 2.0

550 stars 142 forks source link

Https-agent-proxy is vulnerable #779

Closed antondats closed 4 years ago

antondats commented 4 years ago

Hello! The chutzpah uses some vulnerable https-agent-proxy package start from the 4.4.0 version. After some investigation, I have noticed that this package is used by other npm packages like "puppeteer" and "puppeteer-core"(chutzpah\Chutzpah\Node\packages and chutzpah\EdgeJsPackages). Please update the versions of these packages to make the chutzpah safe for using in projects.

Thanks a lot)

mmanela commented 4 years ago

Should be fixed by b21cf9d581155e9926113a04be77078bb2f54346