The http-proxy-middleware package, a popular choice for creating proxy servers in Node.js environments like Connect, Express, and Next.js, has recently released version 3.0.3. This update follows the previous stable version, 3.0.2. Upon comparing the two releases, the most notable change is the releaseDate on npm registry which indicates a relatively short turnaround between the two. Examining their dist information, we can also notice a slight increase in unpackedSize from 81022 bytes in version 3.0.2 to 81388 bytes in 3.0.3. While the core dependencies remain identical, this increased size may indicate minor bug fixes or internal improvements. Both versions boast the same set of robust dependencies, including debug for detailed logging, is-glob and micromatch for flexible path matching, and http-proxy as the underlying proxy engine. Developers will appreciate the continued stability and reliability offered by these core dependencies. The extensive suite of devDependencies used for testing, linting, and formatting, demonstrates a commitment to code quality and maintainability. For developers, these small changes can be critical for stability. While the surface-level changes between versions 3.0.2 and 3.0.3 appear minimal, developers should check official release notes for any specific bug fixes or performance enhancements that may affect their particular use case.
All the vulnerabilities related to the version 3.0.3 of the package
http-proxy-middleware can call writeBody twice because "else if" is not used
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
