fix(cli): resolve vm2 security vulnerability #5070
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ionic CLI currently reports a security vulnerability with the
vm2
dependency as a result ofsuperagent-proxy
→proxy-agent
.The
superagent-proxy
package is a smaller wrapper aroundsuperagent
andproxy-agent
that is not maintained.This PR removes the dependency for
superagent-proxy
and upgrades toproxy-agent@6
which no longer has thevm2
dependency requirement. Theproxy-agent
package uses ESM & as a result a lot of other usages had to be migrated onceesmoduleInterop
was enabled. The proxy behavior thatsuperagent-proxy
was responsible for has been added here: https://github.com/ionic-team/ionic-cli/blob/4332a24af67b98424ff19083a6f9e2e09a66c0a8/packages/%40ionic/cli/src/lib/utils/superagent-proxy.tsHere is the error message without
esmoduleInterop
: