Skip to content

chore(deps): update dependency http-proxy-middleware to v2.0.8 [security] #9787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Apr 16, 2025
Merged

chore(deps): update dependency http-proxy-middleware to v2.0.8 [security] #9787

renovate merged 1 commit into from
Apr 16, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 16, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
http-proxy-middleware 2.0.7 -> 2.0.8 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-32996

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

Release Notes

chimurai/http-proxy-middleware (http-proxy-middleware)

v2.0.8

Compare Source

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 16, 2025
@vercel
Copy link

vercel bot commented Apr 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
unleash-docs ⬜️ Ignored (Inspect) Visit Preview Apr 16, 2025 8:08pm

@renovate renovate bot enabled auto-merge (squash) April 16, 2025 20:06
@github-project-automation github-project-automation bot moved this from New to Approved PRs in Issues and PRs Apr 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Apr 16, 2025

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

frontend/yarn.lock

NameVersionVulnerabilitySeverity
http-proxy-middleware2.0.8http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failedmoderate
Only included vulnerabilities with severity moderate or higher.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/http-proxy-middleware 2.0.8 🟢 5
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/http-proxy-middleware 2.0.8 🟢 5
Details
CheckScoreReason
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 73 existing vulnerabilities detected

Scanned Files

  • frontend/package.json
  • frontend/yarn.lock

@renovate renovate bot merged commit 61c98a9 into main Apr 16, 2025
11 of 12 checks passed
@renovate renovate bot deleted the renovate/npm-http-proxy-middleware-vulnerability branch April 16, 2025 20:10
@github-project-automation github-project-automation bot moved this from Approved PRs to Done in Issues and PRs Apr 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

Issues and PRs
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant