build(deps): [security] bump https-proxy-agent from 2.2.2 to 3.0.0

[dependabot-preview]

Bumps https-proxy-agent from 2.2.2 to 3.0.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The Node Security Working Group.

Man-in-the-Middle
[https-proxy-agent] Socket returned without TLS upgrade on non-200 CONNECT response, allowing request data to be sent over unencrypted connection

Affected versions: <3.0.0

Release notes

Sourced from https-proxy-agent's releases.

3.0.0

This release fixes the MitM vulnerability reported via HackerOne. It is a breaking change because Node 4, 5, and 7 are no longer tested in CI (note that Node 6 is still supported).

Major Changes

• Remove Node 5 and 7 from Travis: 590bc8bed1348de6543f8d34d482c7e12a0a21ae
• Remove Node 4 from Travis: 6c804a2c919b53d29030340da8b02fd8225fd258

Minor Changes

• Update proxy to v1.0.0: d0e3c18079119057b05582cb72d4fda21dfc2546
• Test on Node.js 10 and 12: 3535951e482ea52af4888938f59649ed92e81b2b
• Fix compatibility with Node.js >= 10.0.0: #73
• Add .editorconfig file: 06ead2fe61f8123fbcc876f975fa2a0896d5c232
• Add .eslintrc.js file: ae5357223f5f3b7e13a8f684715dc1e291fd4a7a

Patches

• Update README with correct secureProxy behavior: #65
• Remove unreachable code: 46aad0988b471f042856436cf3192b0e09e36fe6
• [TypeScript] Allow port to be a string: #72
• Use an EventEmitter to replay failed proxy connect HTTP requests: #77

Credits

Huge thanks to @​lpinca, @​stoically, and @​zkochan for helping!

Commits

• 200cc9f 3.0.0
• c6c6d9d Remove commented code
• 3a5420d Prettier
• ae53572 Add .eslintrc.js file
• 06ead2f Add .editorconfig file
• 36d8cf5 Use an EventEmitter to replay failed proxy connect HTTP requests (#77)
• 5252bb9 Revert "Meh…" (#79)
• 6c804a2 Remove Node 4 from Travis
• 2170151 [TypeScript] Allow port to be a string (#72)
• 590bc8b Remove Node 5 and 7 from Travis
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[coveralls]

Coverage remained the same at 90.833% when pulling 34baea4 on dependabot/npm_and_yarn/https-proxy-agent-3.0.0 into e497eec on master.

[coveralls]

Coverage remained the same at 90.833% when pulling 34baea4 on dependabot/npm_and_yarn/https-proxy-agent-3.0.0 into e497eec on master.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.