chore(deps): update dependency http-proxy-middleware to v3.0.5 [security] (#9785)

mirror of https://github.com/Unleash/unleash.git synced 2025-07-26 13:48:33 +02:00

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware)
| [`3.0.3` ->
`3.0.5`](https://renovatebot.com/diffs/npm/http-proxy-middleware/3.0.3/3.0.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/http-proxy-middleware/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/http-proxy-middleware/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/http-proxy-middleware/3.0.3/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/http-proxy-middleware/3.0.3/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2025-32997](https://nvd.nist.gov/vuln/detail/CVE-2025-32997)

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5,
fixRequestBody proceeds even if bodyParser has failed.

#### [CVE-2025-32996](https://nvd.nist.gov/vuln/detail/CVE-2025-32996)

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody
can be called twice because "else if" is not used.

---

### Release Notes

<details>
<summary>chimurai/http-proxy-middleware
(http-proxy-middleware)</summary>

###
[`v3.0.5`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v305)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.4...v3.0.5)

- fix(fixRequestBody): check readableLength
([#&#8203;1096](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1096))

###
[`v3.0.4`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v304)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.3...v3.0.4)

- fix(fixRequestBody): handle invalid request
([#&#8203;1092](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1092))
- fix(fixRequestBody): prevent multiple .write() calls
([#&#8203;1089](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1089))
- fix(websocket): handle errors in handleUpgrade
([#&#8203;823](https://redirect.github.com/chimurai/http-proxy-middleware/pull/823))
- ci(package): patch http-proxy
([#&#8203;1084](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1084))
- fix(fixRequestBody): support multipart/form-data
([#&#8203;896](https://redirect.github.com/chimurai/http-proxy-middleware/pull/896))
- feat(types): export Plugin type
([#&#8203;1071](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1071))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzguMCIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

This commit is contained in:

renovate[bot]

2025-04-16 20:04:17 +00:00

committed by

GitHub

parent 97ae82c134

commit 4454656713

No known key found for this signature in database

GPG Key ID: B5690EEEBB952194

2 changed files with 5 additions and 5 deletions

									
										2

website/package.json
									
										View File
										
				@ -63,7 +63,7 @@

				    "typescript": "5.6.3"

				  },

				  "resolutions": {

				    "http-proxy-middleware": "3.0.3",

				    "http-proxy-middleware": "3.0.5",

				    "express/path-to-regexp": "0.1.12"

				  },

				  "packageManager": "yarn@4.7.0"

8

website/yarn.lock

View File

 @ -9169,9 +9169,9 @@ __metadata:
   languageName: node
   linkType: hard
 "http-proxy-middleware@npm:3.0.3":
   version: 3.0.3
   resolution: "http-proxy-middleware@npm:3.0.3"
 "http-proxy-middleware@npm:3.0.5":
   version: 3.0.5
   resolution: "http-proxy-middleware@npm:3.0.5"
   dependencies:
     "@types/http-proxy": "npm:^1.17.15"
     debug: "npm:^4.3.6"
 @ -9179,7 +9179,7 @@ __metadata:
     is-glob: "npm:^4.0.3"
     is-plain-object: "npm:^5.0.0"
     micromatch: "npm:^4.0.8"
   checksum: 10c0/c4d68a10d8d42f02e59f7dc8249c98d1ac03aecee177b42c2d8b6a0cb6b71c6688e759e5387f4cdb570150070ca1c6808b38010cbdf67f4500a2e75671a36e05
   checksum: 10c0/89ff3c8fe65b22b8042a6173ae1b8f77c5171f7eecf3c8b5d6dcffe3c9d688acae7bcf498cc08d1525f566dc0781efaec4e2ddc49224b1f16f020de7987a446b
   languageName: node
   linkType: hard

chore(deps): update dependency http-proxy-middleware to v3.0.5 [security] (#9785)

2 website/package.json Unescape Escape View File

8 website/yarn.lock Unescape Escape View File

2

website/package.json

View File

8

website/yarn.lock

View File