Http-proxy-middleware saw a small but potentially important update with the release of version 1.1.2, following closely after version 1.1.1. Both versions share the same core functionality as a lightweight and versatile proxy middleware solution for Node.js applications using Connect, Express, and Browser-sync. They both rely on key dependencies such as is-glob, http-proxy, micromatch, and is-plain-obj for their core operations. Developers upgrading from 1.1.1 to 1.1.2 will find that the development dependencies remain consistent, indicating that the update primarily focuses on internal improvements or bug fixes rather than introducing significant new features.
While the listed dependencies and dev-dependencies remain identical, subtle changes under the hood are suggested by the difference in unpackedSize within the dist object (65011 bytes in 1.1.2 vs 64745 bytes in 1.1.1). The release date difference of four days hints at a quick turnaround for addressing potential issues or making minor enhancements.
For developers already using http-proxy-middleware, upgrading to 1.1.2 is recommended, as it likely includes stability improvements. For new users, either version offers a solid foundation for implementing proxy functionality in their web applications. Given the minimal changes, thorough testing after upgrading might not be essential, but it's always a good practice to ensure compatibility within your specific project setup. Overall, this highlights the ongoing maintenance and refinement of this popular middleware.
All the vulnerabilities related to the version 1.1.2 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
