From 44546567139ea1b282f4ef6e065471d4c3b3383a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 16 Apr 2025 20:04:17 +0000
Subject: [PATCH] chore(deps): update dependency http-proxy-middleware to
 v3.0.5 [security] (#9785)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware)
| [`3.0.3` ->
`3.0.5`](https://renovatebot.com/diffs/npm/http-proxy-middleware/3.0.3/3.0.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/http-proxy-middleware/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/http-proxy-middleware/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/http-proxy-middleware/3.0.3/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/http-proxy-middleware/3.0.3/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2025-32997](https://nvd.nist.gov/vuln/detail/CVE-2025-32997)

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5,
fixRequestBody proceeds even if bodyParser has failed.

#### [CVE-2025-32996](https://nvd.nist.gov/vuln/detail/CVE-2025-32996)

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody
can be called twice because "else if" is not used.

---

### Release Notes

<details>
<summary>chimurai/http-proxy-middleware
(http-proxy-middleware)</summary>

###
[`v3.0.5`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v305)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.4...v3.0.5)

- fix(fixRequestBody): check readableLength
([#&#8203;1096](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1096))

###
[`v3.0.4`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v304)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.3...v3.0.4)

- fix(fixRequestBody): handle invalid request
([#&#8203;1092](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1092))
- fix(fixRequestBody): prevent multiple .write() calls
([#&#8203;1089](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1089))
- fix(websocket): handle errors in handleUpgrade
([#&#8203;823](https://redirect.github.com/chimurai/http-proxy-middleware/pull/823))
- ci(package): patch http-proxy
([#&#8203;1084](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1084))
- fix(fixRequestBody): support multipart/form-data
([#&#8203;896](https://redirect.github.com/chimurai/http-proxy-middleware/pull/896))
- feat(types): export Plugin type
([#&#8203;1071](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1071))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzguMCIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 website/package.json | 2 +-
 website/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/website/package.json b/website/package.json
index fd3b69b7b4..644bd315ac 100644
--- a/website/package.json
+++ b/website/package.json
@@ -63,7 +63,7 @@
     "typescript": "5.6.3"
   },
   "resolutions": {
-    "http-proxy-middleware": "3.0.3",
+    "http-proxy-middleware": "3.0.5",
     "express/path-to-regexp": "0.1.12"
   },
   "packageManager": "yarn@4.7.0"
diff --git a/website/yarn.lock b/website/yarn.lock
index 3f181ad2c6..02def2af59 100644
--- a/website/yarn.lock
+++ b/website/yarn.lock
@@ -9169,9 +9169,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"http-proxy-middleware@npm:3.0.3":
-  version: 3.0.3
-  resolution: "http-proxy-middleware@npm:3.0.3"
+"http-proxy-middleware@npm:3.0.5":
+  version: 3.0.5
+  resolution: "http-proxy-middleware@npm:3.0.5"
   dependencies:
     "@types/http-proxy": "npm:^1.17.15"
     debug: "npm:^4.3.6"
@@ -9179,7 +9179,7 @@ __metadata:
     is-glob: "npm:^4.0.3"
     is-plain-object: "npm:^5.0.0"
     micromatch: "npm:^4.0.8"
-  checksum: 10c0/c4d68a10d8d42f02e59f7dc8249c98d1ac03aecee177b42c2d8b6a0cb6b71c6688e759e5387f4cdb570150070ca1c6808b38010cbdf67f4500a2e75671a36e05
+  checksum: 10c0/89ff3c8fe65b22b8042a6173ae1b8f77c5171f7eecf3c8b5d6dcffe3c9d688acae7bcf498cc08d1525f566dc0781efaec4e2ddc49224b1f16f020de7987a446b
   languageName: node
   linkType: hard