Skip to content

Maintenance: remove proxy-agent from dependencies #1610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
am29d opened this issue Jul 14, 2023 · 2 comments · Fixed by #1611
Closed
1 of 2 tasks

Maintenance: remove proxy-agent from dependencies #1610

am29d opened this issue Jul 14, 2023 · 2 comments · Fixed by #1611
Assignees
@am29d
Labels
completed This item is complete and has been merged/shipped internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.)

Comments

@am29d
Copy link
Contributor

am29d commented Jul 14, 2023

Summary

We have proxy-agent in our devDependencies but it is not used anywhere. With the recent CVE on vm2 which is a transitive dependency of the proxy-agent I could not find any usage in our codebase. I suggest to remove the dependency.

Why is this needed?

Because there is a critical CVE GHSA-cchq-frgv-rjh5 and we don't use it.

Which area does this relate to?

Other

Solution

No response

Acknowledgment

Future readers

Please react with 👍 and your use case to help us understand customer demand.
@am29d am29d added triage This item has not been triaged by a maintainer, please wait internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.) labels Jul 14, 2023
@am29d am29d self-assigned this Jul 14, 2023
@am29d am29d added the confirmed The scope is clear, ready for implementation label Jul 14, 2023
@am29d am29d mentioned this issue Jul 14, 2023
Merged
9 tasks
@github-actions
Copy link
Contributor

⚠️ COMMENT VISIBILITY WARNING ⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot added pending-release This item has been merged and will be released soon and removed confirmed The scope is clear, ready for implementation labels Jul 14, 2023
@am29d am29d mentioned this issue Jul 14, 2023
Closed
9 tasks
@dreamorosi dreamorosi moved this from Coming soon to Shipped in Powertools for AWS Lambda (TypeScript) Jul 14, 2023
@dreamorosi dreamorosi added completed This item is complete and has been merged/shipped dependencies and removed triage This item has not been triaged by a maintainer, please wait pending-release This item has been merged and will be released soon labels Jul 14, 2023
@dreamorosi
Copy link
Contributor

If I remember correctly http-proxy was added around the time this script was also added: packages/commons/tests/utils/cdk-cli.ts.

If the e2e tests are still running then we're good!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@am29d am29d

Labels
completed This item is complete and has been merged/shipped internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.)
Projects
Powertools for AWS Lambda (TypeScript)
Status: Shipped
Milestone
No milestone
2 participants
@am29d @dreamorosi