Http-proxy-middleware saw a minor version bump from 1.0.3 to 1.0.4, introducing several updates primarily within its dependency and development dependency ecosystem. A key change for developers relying on its core proxy functionality is the update of the http-proxy dependency from version 1.18.0 to 1.18.1. This suggests a fix or minor improvement within the underlying proxying mechanism which could impact performance or stability.
The development environment also received updates, which, while not directly affecting the middleware's core functionality, contribute to improved developer experience and code quality. Notable updates include upgrades to testing frameworks like Jest (from 25.1.0 to 26.0.1) and related tools like ts-jest. Typescript and its related typings got updates, including @types/node and @types/lodash. Furthermore, tooling such as husky, tslint, and formatting tools like prettier saw version increases, likely incorporating new linting rules, pre-commit hooks, or code formatting standards. For developers contributing to the project, these enhancements mean a more robust and consistent development workflow, potentially leading to higher quality code and fewer integration issues. The ws dependency was also updated. While the unpacking size is slightly reduced nothing more than a dependency upgrade happened directly on the code.
All the vulnerabilities related to the version 1.0.4 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
