New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency http-proxy-middleware to version 2.x 🌟 #1585

Open

renovate wants to merge 1 commit into develop from renovate/npm-http-proxy-middleware-vulnerability

Contributor

renovate bot commented Oct 24, 2024 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
http-proxy-middleware	`0.19.1` -> `2.0.7`

GitHub Vulnerability Alerts

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

Release Notes

chimurai/http-proxy-middleware (http-proxy-middleware)

`v2.0.7`

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

`v2.0.6`

fix(proxyReqWs): catch socket errors (#763)

`v2.0.5`

fix(error handler): add default handler to econnreset (#759)

`v2.0.4`

fix(fix-request-body): improve content type check (#725) (kevinxh)

`v2.0.3`

feat(package): optional @types/express peer dependency (#707)

`v2.0.2`

chore(deps): update @types/http-proxy to 1.17.8 (#701)
fix(fixRequestBody): fix request body for empty JSON object requests (#640) (mhassan1)
fix(types): fix type regression (#700)

`v2.0.1`

fix(fixRequestBody): fix type error (#615)
test(coverage): improve coverage config (#609) (leonardobazico)
test: add test coverage to fixRequestBody and responseInterceptor (#608) (leonardobazico)
chore(typescript): extract handlers types (#603) (leonardobazico)

`v2.0.0`

chore(package): drop node 10 [BREAKING CHANGE] (#577)

`v1.3.1`

fix(fix-request-body): make sure the content-type exists (#578) (oufeng)

`v1.3.0`

docs(response interceptor): align with nodejs default utf8 (#567)
feat: try to proxy body even after body-parser middleware (#492) (midgleyc)

`v1.2.1`

fix(response interceptor): proxy original response headers (#563)

`v1.2.0`

feat(handler): response interceptor (#520)
fix(log error): handle undefined target when websocket errors (#527)

`v1.1.2`

fix(log error): handle optional target (#523)

`v1.1.1`

fix(error handler): re-throw http-proxy missing target error (#517)
refactor(dependency): remove camelcase
fix(option): optional target when router is used (#512)

`v1.1.0`

fix(errorHandler): fix confusing error message (#509)
fix(proxy): close proxy when server closes (#508)
refactor(lodash): remove lodash (#459) (#507) (TrySound)
fix(ETIMEDOUT): return 504 on ETIMEDOUT (#480) (aremishevsky)

`v1.0.6`

chore(deps): lodash 4.17.20 (#475)

`v1.0.5`

chore(deps): lodash 4.17.19 (#454)

`v1.0.4`

chore(deps): http-proxy 1.18.1 (#442)

`v1.0.3`

build(package): exclude build artifact tsconfig.tsbuildinfo (#415)

`v1.0.2`

fix(router): handle rejected promise in custom router (#410) (bforbis)

`v1.0.1`

fix(typescript): fix proxyRes and router types (#410) (dylang)

`v1.0.0`

feat(createProxyMiddleware): explicit import http-proxy-middleware (BREAKING CHANGE)(#400)
feat(typescript): export http-proxy-middleware types (#400)
fix(typescript): ES6 target - TS1192 (#400)

`v0.21.0`

feat(http-proxy): bump to v1.18.0
feat: async router (#379) (LiranBri)
feat(typescript): types support (#369)
feat: async pathRewrite (#397) (rsethc)

`v0.20.0`

fix(ws): concurrent websocket requests do not get upgraded (#335)
chore: drop node 6 (BREAKING CHANGE)
chore: update to micromatch@4 (BREAKING CHANGE)
chore: update dev dependencies
refactor: migrate to typescript (#328)
feat(middleware): Promise / async support (#328)
refactor: remove legacy options proxyHost and proxyTable (BREAKING CHANGE)

`v0.19.2`

chore(deps): http-proxy 1.18.1

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cypress-app-bot commented Oct 24, 2024

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.


          chore(deps): update http-proxy-middleware to 2.0.7 🌟

e76bc90

renovate bot force-pushed the renovate/npm-http-proxy-middleware-vulnerability branch from 1ed23c9 to e76bc90 Compare

October 24, 2024 20:53

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet