Skip to content

[Temporarily] Removed support for Proxies on ApiClient#1

Open
cwilgenhoff wants to merge 1 commit into
masterfrom
fork/remove-support-for-proxy
Open

[Temporarily] Removed support for Proxies on ApiClient#1
cwilgenhoff wants to merge 1 commit into
masterfrom
fork/remove-support-for-proxy

Conversation

@cwilgenhoff

@cwilgenhoff cwilgenhoff commented Jul 25, 2023

Copy link
Copy Markdown
Owner

Description

This library has now a critical security flaw in a deep dependency called vm2. You can see the chain below:

  • superagent-proxy -> proxy-agent -> pac-proxy-agent -> pac-resolver -> degenerator

Fortunately for us proxy-agent has been updated to not use vm2 anymore but it hasn't been integrated yet to superagent-proxy although there is a PR open here

The Cybersource SDK uses the superagent-proxy dependency to offer a way to support networks underproxies, so getting rid of that functionality will probably not be desirable for the Cybersource team.

Our recomendation is therefore, to wait for the superagent-proxy library to get upgraded and either raise a PR against the Cybersource SDK or talk to the CyberSource account managers to get it done for us. In the meantime, we can remove the support for proxies.

Screenshots

  • Client using the SDK with useProxy set to true:
image
  • Client using the SDK with useProxy set to false or unset, and a capture token can be created with the SDK:
image

@cwilgenhoff cwilgenhoff force-pushed the fork/remove-support-for-proxy branch from b8d7953 to 90def55 Compare July 25, 2023 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant