Http-proxy-middleware version 1.1.0 represents an evolution of the popular Node.js proxy middleware, enhancing its capabilities for Connect, Express, and BrowserSync environments. A key difference from version 1.0.6 lies in its dependencies. Notably, version 1.1.0 replaces lodash with camelcase and is-plain-obj. This suggests a shift towards potentially smaller bundle sizes and a focus on specific utility functions rather than a large, general-purpose library, improving efficiency. The update also brings in newer versions of development dependencies, indicating improvements in testing, linting, and overall code quality.
For developers, these changes translate to a more streamlined and potentially performant proxy solution. The updated development dependencies ensure better alignment with modern tooling and practices. Specifically, the bump in versions for tools like eslint, prettier, and typescript suggests enhanced code maintainability and fewer style-related conflicts. The inclusion of @typescript-eslint further solidifies the project's commitment to TypeScript support, making it easier for developers to integrate the middleware into TypeScript projects. Additionally, the minor version bump (1.0.6 to 1.1.0) signifies that functionalities might have been added, optimized or deprecated, encouraging users of version 1.0.6 to assess their current implementation for breaking changes and enhancements before upgrading.
All the vulnerabilities related to the version 1.1.0 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
