Http-proxy-middleware version 1.2.1 is a minor patch release following version 1.2.0, offering improvements and refinements to this popular Node.js proxy middleware. Primarily designed for Connect, Express, and BrowserSync, it simplifies the process of routing client requests to backend servers. Both versions share the same core dependencies, including "is-glob," "http-proxy," "micromatch," "is-plain-obj," and "@types/http-proxy," ensuring consistent functionality. Developers leveraging these dependencies will find the upgrade seamless.
The key distinction lies under the hood, primarily in bug fixes and minor enhancements which influence stability and potentially performance. While the developer dependencies, such as "jest," "eslint," "typescript," and various "@types/*" packages, remain the same, reflecting a consistent development and testing environment. The small increase in unpackedSize for version 1.2.1, suggests that changes have been made to the source code, likely including bug fixes and subtle improvements. Upgrading offers a more polished experience. The library’s robust testing suite, evident through the presence of testing and linting tools, assures developers of its reliability. This middleware remains an excellent choice for developers seeking a straightforward solution for proxying HTTP requests in their applications.
All the vulnerabilities related to the version 1.2.1 of the package
Denial of service in http-proxy-middleware
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
