[Security patch] Apply MitM security patch from https-proxy-agent

[omrilotan]

https-proxy-agent version 2.2.1 contains a reported man-in-the-middle vulnerability. A security patch was issued and released in version 3.0.0.

This mejor version does not include breaking changes in the code but has removed support to legacy node engines (4,5,7). Code is still tested on 6, 8, 10, 12.

I would like to include this security patch here.

Version 3.0.0 release notes

This release fixes the MitM vulnerability reported via HackerOne. It is a breaking change because Node 4, 5, and 7 are no longer tested in CI (note that Node 6 is still supported).

Major Changes

• Remove Node 5 and 7 from Travis: 590bc8b
• Remove Node 4 from Travis: 6c804a2

Minor Changes

• Update proxy to v1.0.0: d0e3c18
• Test on Node.js 10 and 12: 3535951
• Fix compatibility with Node.js >= 10.0.0: #73
• Add .editorconfig file: 06ead2f
• Add .eslintrc.js file: ae53572

Patches

• Update README with correct secureProxy behavior: #65
• Remove unreachable code: 46aad09
• [TypeScript] Allow port to be a string: #72
• Use an EventEmitter to replay failed proxy connect HTTP requests: #77

Credits

Huge thanks to @lpinca, @stoically, and @zkochan for helping!

• origin

• Complete changelog

[tdumitrescu]

Upgraded in v0.10.3, thanks!