http-proxy-middleware offers a straightforward solution for routing client requests to backend servers in Node.js applications built with Connect, Express, or BrowserSync. Version 1.1.1 builds upon the solid foundation of 1.1.0, introducing subtle yet potentially impactful changes primarily within its dependencies.
A key difference lies in the removal of camelcase as a direct dependency. While seemingly minor, developers employing http-proxy-middleware who previously relied on camelcase implicitly through the middleware should be aware of its absence and may need to explicitly include it in their projects if its functionality is still required.
The update includes also updates for @types/express from version 4.17.3 to 4.17.7. This TypeScript definition update likely incorporates bug fixes, new type definitions, or improvements related to Express.js, offering potentially better type safety for TypeScript users.
Both versions share core dependencies like http-proxy, which handles the actual proxying, micromatch for flexible path matching, and is-plain-obj for object validation. Development dependencies related to testing, linting, and TypeScript remain largely consistent, suggesting a focus on code quality and maintainability across both releases. The library is MIT licensed. Upgrading should be smooth for most users, but be sure to check if your code was relying on camelcase which has now been removed.
All the vulnerabilities related to the version 1.1.1 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
