Security issue in proxy-agent / pac-proxy-agent / pac-resolver

[buffcode]

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Code Injection                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ pac-resolver                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @pm2/agent-node                                              │
│               │ > proxy-agent > pac-proxy-agent > pac-resolver               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1784                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

All three packages proxy-agent / pac-proxy-agent / pax-resolver need to be updated to >=5.0 in order to mitigate the issue:

• https://github.com/TooTallNate/node-proxy-agent/releases/tag/5.0.0
• https://github.com/TooTallNate/node-pac-proxy-agent/releases/tag/5.0.0
• https://github.com/TooTallNate/node-pac-resolver/releases/tag/5.0.0