Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().

Update to version 2.2.0 or later.