The http-proxy-middleware package, a popular choice for creating proxy servers in Node.js environments using Connect, Express, and BrowserSync, saw a significant update with the release of version 1.0.0. Comparing it to the prior stable version 0.21.0, developers will find minimal changes to the core dependencies, suggesting the update focuses more on internal improvements and optimizations rather than radical feature additions. Both versions share identical dependencies such as lodash, is-glob, http-proxy, micromatch, and @types/http-proxy, ensuring a consistent foundation for proxy functionality.
The devDependencies also remain the same between versions, indicating a continued commitment to the existing development and testing environment. With the same devDependencies and dependencies, developers can expect a smooth transition while upgrading, without facing breaking changes related to core functionality or included libraries.
Both versions serve the same purpose: streamlining the creation of proxy middleware. Given similar configuration options, developers can seamlessly use the new version. The release date difference from 2020-02-16 to 2020-02-18 may reveal bug fixes or minor performance improvements. Upgrading to version 1.0.0 seems advisable for developers seeking the latest refinements and ongoing maintenance without the risk of significant compatibility disruptions.
All the vulnerabilities related to the version 1.0.0 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
