refactor!: replace global-agent with proxy-agent

[BlackHole1]

Fixed: #304 #243

The global-agent dependency is in a state of maintenance stagnation. Although 4 releases have been published in the three weeks ago., they are all in an unusable state (which reduces my confidence in this dependency).

Also, personally, I don't think the proxy should pollute the entire global scope - all requests are being proxied. It should be more atomic.

Fortunately, we have set the minimum node version requirement to >= 22.12.0. Based on this, we can gracefully use proxy-agents to use a proxy for specific requests without polluting the global scope.

Regarding proxy behavior, I referred to curl: automatically detect proxy variables and apply them. Instead of controlling whether to use a proxy through special env variables, this will reduce the cognitive load on developers (because many developers simply don't know that npm install electron actually calls @electron/get to download, let alone look at the @electron/get documentation).

No Proxy ENV

Has Proxy ENV

BREAKING CHANGE: GLOBAL_AGENT_* env vars no longer work. ELECTRON_GET_USE_PROXY is no longer checked. getEnv() and setEnv() removed from public API.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	proxy-agent@​6.5.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Deprecated by its maintainer: npm basic-ftp Reason: Security vulnerability fixed in 5.2.0, please upgrade From: ? → npm/proxy-agent@6.5.0 → npm/basic-ftp@5.1.0 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/basic-ftp@5.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dsanders11]

Paper trail from a Slack conversation, I asked @BlackHole1 if he could evaluate EnvHttpProxyAgent from undici as a similar alternative to proxy-agent, given that it's used internally by Node.js and has no dependencies.