Skip to content

chore(deps): update dependency http-proxy-middleware to v3.0.5 [security] #9785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Apr 16, 2025
Merged

chore(deps): update dependency http-proxy-middleware to v3.0.5 [security] #9785

renovate merged 1 commit into from
Apr 16, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 16, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
http-proxy-middleware 3.0.3 -> 3.0.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-32997

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

Release Notes

chimurai/http-proxy-middleware (http-proxy-middleware)

v3.0.5

Compare Source

  • fix(fixRequestBody): check readableLength (#​1096)

v3.0.4

Compare Source

  • fix(fixRequestBody): handle invalid request (#​1092)
  • fix(fixRequestBody): prevent multiple .write() calls (#​1089)
  • fix(websocket): handle errors in handleUpgrade (#​823)
  • ci(package): patch http-proxy (#​1084)
  • fix(fixRequestBody): support multipart/form-data (#​896)
  • feat(types): export Plugin type (#​1071)

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from melindafekete as a code owner April 16, 2025 20:00
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 16, 2025
@renovate renovate bot enabled auto-merge (squash) April 16, 2025 20:00
@vercel
Copy link

vercel bot commented Apr 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
unleash-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 16, 2025 8:03pm

@github-project-automation github-project-automation bot moved this from New to Approved PRs in Issues and PRs Apr 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Apr 16, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/http-proxy-middleware 3.0.5 🟢 5
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 73 existing vulnerabilities detected

Scanned Files

  • website/yarn.lock

@renovate renovate bot merged commit 4454656 into main Apr 16, 2025
12 checks passed
@renovate renovate bot deleted the renovate/npm-http-proxy-middleware-vulnerability branch April 16, 2025 20:04
@github-project-automation github-project-automation bot moved this from Approved PRs to Done in Issues and PRs Apr 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@melindafekete melindafekete Awaiting requested review from melindafekete melindafekete is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

Issues and PRs
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant