Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
This PR contains the following updates:
1.0.5->2.0.7GitHub Vulnerability Alerts
CVE-2024-21536
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
Release Notes
chimurai/http-proxy-middleware (http-proxy-middleware)
### [`v2.0.7`](https://redirect.github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7) **Full Changelog**: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7 ### [`v2.0.6`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v206) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.5...v2.0.6) - fix(proxyReqWs): catch socket errors ([#763](https://redirect.github.com/chimurai/http-proxy-middleware/pull/763)) ### [`v2.0.5`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v205) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.4...v2.0.5) - fix(error handler): add default handler to econnreset ([#759](https://redirect.github.com/chimurai/http-proxy-middleware/pull/759)) ### [`v2.0.4`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v204) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.3...v2.0.4) - fix(fix-request-body): improve content type check ([#725](https://redirect.github.com/chimurai/http-proxy-middleware/pull/725)) ([kevinxh](https://redirect.github.com/kevinxh)) ### [`v2.0.3`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v203) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.2...v2.0.3) - feat(package): optional [@types/express](https://redirect.github.com/types/express) peer dependency ([#707](https://redirect.github.com/chimurai/http-proxy-middleware/pull/707)) ### [`v2.0.2`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v202) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.1...v2.0.2) - chore(deps): update [@types/http-proxy](https://redirect.github.com/types/http-proxy) to 1.17.8 ([#701](https://redirect.github.com/chimurai/http-proxy-middleware/pull/701)) - fix(fixRequestBody): fix request body for empty JSON object requests ([#640](https://redirect.github.com/chimurai/http-proxy-middleware/pull/640)) ([mhassan1](https://redirect.github.com/mhassan1)) - fix(types): fix type regression ([#700](https://redirect.github.com/chimurai/http-proxy-middleware/pull/700)) ### [`v2.0.1`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v201) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.0...v2.0.1) - fix(fixRequestBody): fix type error ([#615](https://redirect.github.com/chimurai/http-proxy-middleware/pull/615)) - test(coverage): improve coverage config ([#609](https://redirect.github.com/chimurai/http-proxy-middleware/pull/609)) ([leonardobazico](https://redirect.github.com/leonardobazico)) - test: add test coverage to fixRequestBody and responseInterceptor ([#608](https://redirect.github.com/chimurai/http-proxy-middleware/pull/608)) ([leonardobazico](https://redirect.github.com/leonardobazico)) - chore(typescript): extract handlers types ([#603](https://redirect.github.com/chimurai/http-proxy-middleware/pull/603)) ([leonardobazico](https://redirect.github.com/leonardobazico)) ### [`v2.0.0`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v200) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.3.1...v2.0.0) - chore(package): drop node 10 \[BREAKING CHANGE] ([#577](https://redirect.github.com/chimurai/http-proxy-middleware/pull/577)) ### [`v1.3.1`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v131) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.3.0...v1.3.1) - fix(fix-request-body): make sure the content-type exists ([#578](https://redirect.github.com/chimurai/http-proxy-middleware/pull/578)) ([oufeng](https://redirect.github.com/oufeng)) ### [`v1.3.0`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v130) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.2.1...v1.3.0) - docs(response interceptor): align with nodejs default utf8 ([#567](https://redirect.github.com/chimurai/http-proxy-middleware/pull/567)) - feat: try to proxy body even after body-parser middleware ([#492](https://redirect.github.com/chimurai/http-proxy-middleware/pull/492)) ([midgleyc](https://redirect.github.com/midgleyc)) ### [`v1.2.1`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v121) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.2.0...v1.2.1) - fix(response interceptor): proxy original response headers ([#563](https://redirect.github.com/chimurai/http-proxy-middleware/pull/563)) ### [`v1.2.0`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v120) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.1.2...v1.2.0) - feat(handler): response interceptor ([#520](https://redirect.github.com/chimurai/http-proxy-middleware/pull/520)) - fix(log error): handle undefined target when websocket errors ([#527](https://redirect.github.com/chimurai/http-proxy-middleware/pull/527)) ### [`v1.1.2`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v112) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.1.1...v1.1.2) - fix(log error): handle optional target ([#523](https://redirect.github.com/chimurai/http-proxy-middleware/pull/523)) ### [`v1.1.1`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v111) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.1.0...v1.1.1) - fix(error handler): re-throw http-proxy missing target error ([#517](https://redirect.github.com/chimurai/http-proxy-middleware/pull/517)) - refactor(dependency): remove `camelcase` - fix(option): optional `target` when `router` is used ([#512](https://redirect.github.com/chimurai/http-proxy-middleware/pull/512)) ### [`v1.1.0`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v110) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.0.6...v1.1.0) - fix(errorHandler): fix confusing error message ([#509](https://redirect.github.com/chimurai/http-proxy-middleware/pull/509)) - fix(proxy): close proxy when server closes ([#508](https://redirect.github.com/chimurai/http-proxy-middleware/pull/508)) - refactor(lodash): remove lodash ([#459](https://redirect.github.com/chimurai/http-proxy-middleware/pull/459)) ([#507](https://redirect.github.com/chimurai/http-proxy-middleware/pull/507)) ([TrySound](https://redirect.github.com/TrySound)) - fix(ETIMEDOUT): return 504 on ETIMEDOUT ([#480](https://redirect.github.com/chimurai/http-proxy-middleware/pull/480)) ([aremishevsky](https://redirect.github.com/aremishevsky)) ### [`v1.0.6`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v106) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v1.0.5...v1.0.6) - chore(deps): lodash 4.17.20 ([#475](https://redirect.github.com/chimurai/http-proxy-middleware/pull/475))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.