The http-proxy-middleware package provides a straightforward solution for proxying HTTP requests in Node.js applications, particularly useful within Connect, Express, and BrowserSync environments. Comparing versions 1.0.2 and 1.0.1, the core functionalities remain consistent, offering developers a one-liner approach to setting up proxy servers. Both versions depend on libraries like lodash, is-glob, http-proxy, and micromatch, suggesting a continued reliance on established utilities for core operations such as utility functions, glob pattern matching, actual proxying, and more advanced matching, respectively.
A key difference lies in the releaseDate, indicating version 1.0.2 was released on March 14, 2020, after version 1.0.1 which was released on February 29, 2020. While the dependencies listed appear identical, implying no functional upgrades related to breaking changes or new features, a version bump does indicate modifications or bug fixes that developers should bear in mind. The unpackedSize differs slightly between the two versions suggesting changes not reflected in the dependencies. Developers should consult a detailed changelog to understand the specific improvements, bug fixes, or security patches included in version 1.0.2 to improve the overall reliability and stability of their proxy setup. Both versions offer the same MIT license.
All the vulnerabilities related to the version 1.0.2 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
