New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: vm2 is deprecated for critical security issue #10547
Comments
This issue was not reproducible. Please check that your example runs locally and the following:
Once the above checks are satisfied, please edit your issue with the changes and we will |
See patriksimek/vm2#533:
|
we do not directly depend on this but via the proxy-agents package that probably needs it to support PAC file proxies that can be for downloading of the browser binaries. |
Thanks - but could this transitive dependency still pose a security issue for Puppeteer? |
@jcmaunsell unlikely given that it is only used to process proxy settings (that are set by you as a user or your system administrator) and it is only used during installation to download browser binaries. |
anyway we will likely stop supporting pac file proxies as there seem to be no good solution for this. |
Thanks so much for the quick turnaround here! |
Minimal, reproducible example
It looks like a downstream dependency has a critical security issue and needs to be updated. Is it a big lift to update to isolated-vm?
The text was updated successfully, but these errors were encountered: