High vulnerability https-proxy-agent install should be updated/removed

[korbonits]

While following the CONTRIBUTIONS.md instructions, when you run an npm install from the main directory, you get the following warning:

✔ Configured custom merge driver
added 1214 packages from 742 contributors and audited 884553 packages in 15.08s
found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

After running an npm audit, you get the following message:

                      === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Machine-In-The-Middle                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ danger [dev]                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ danger > https-proxy-agent                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1184                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 884553 scanned packages
  1 vulnerability requires manual review. See the full report for details.

And, last, after running npm audit fix, this is what I get:

up to date in 4.926s
fixed 0 of 1 vulnerability in 884553 scanned packages
  1 vulnerability required manual review and could not be updated

Expected behavior: the main npm install of this package should not include any high vulnerability installations.

[welcome]

Thank you so much for opening your first issue in this project! We'll try to get back to it as quickly as possible. While you are waiting...here's a random picture of a corgi (powered by dog.ceo)

[korbonits]

The link says: Upgrade to version 3.0.0 or later. I'll open a PR for that :)

[korbonits]

Tried to update danger-js directly but the hooks were weird when I tried to make a contribution... 🙈

[r0b9]

I'm running into this same issue. Still research if I can find out why. Sadly being new to most of this it's slow goings.