JakeSidSmith / watfish

Simple development platform with process management & router
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade http-proxy from 1.17.0 to 1.18.1 #36

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

✨What is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139
No Proof of Concept
Commit messages
Package name: http-proxy The new version differs by 33 commits.
  • 9b96cd7 1.18.1
  • 335aeeb Skip sending the proxyReq event when the expect header is present (#1447)
  • dba3966 Remove node6 support, add node12 to build (#1397)
  • 9bbe486 [dist] Version bump. 1.18.0
  • 6e4bef4 Added in auto-changelog module set to keepachangelog format (#1373)
  • d056241 fix 'Modify Response' readme section to avoid unnecessary array copying (#1300)
  • 244303b Fix incorrect target name for reverse proxy example (#1135)
  • b4028ba Fix modify response middleware example (#1139)
  • 77a9815 [dist] Update dependency async to v3 (#1359)
  • c662f9e Fix path to local http-proxy in examples. (#1072)
  • 806e492 fix reverse-proxy example require path (#1067)
  • c8fa599 Update README.md (#970)
  • 0d9ed36 [dist] Update dependency request to ~2.88.0 [SECURITY] (#1357)
  • 9d75b98 [dist] Update dependency eventemitter3 to v4 (#1365)
  • 192b2b9 [dist] Update dependency colors to v1 (#1360)
  • 4a657a7 [dist] Update all non-major dependencies (#1356)
  • 7a154f8 [dist] Update dependency agentkeepalive to v4 (#1358)
  • 749eec6 [dist] Update dependency nyc to v14 (#1367)
  • e588213 [dist] Update dependency concat-stream to v2 (#1363)
  • 59c4403 [fix] Latest versions.
  • dd1d08b [fix test] Update tests.
  • 16d4f8a [dist] Regenerate package-lock.json.
  • fc93520 [dist] .gitattributes all the things.
  • 7e4a0e5 [dist] New test fixtures.
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic