Update dependency http-proxy-middleware to v2#22

Open

mend-for-github-com[bot] wants to merge 1 commit intoalphafrom

whitesource-remediate/http-proxy-middleware-2.x

mend-for-github-com bot commented Oct 28, 2025 •

edited

Loading

This PR contains the following updates:

Package	Type	Update	Change
http-proxy-middleware	dependencies	major	`^1.0.4` → `^2.0.0`

By merging this PR, the issue #54 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
High	8.0	CVE-2022-0155	Reachable
High	7.3	CVE-2023-26159	Reachable
Medium	6.5	CVE-2024-28849	Reachable
Medium	4.0	CVE-2025-32996	Reachable
Medium	4.0	CVE-2025-32997	Reachable
Low	2.6	CVE-2022-0536	Reachable

Release Notes

chimurai/http-proxy-middleware (http-proxy-middleware)

`v2.0.9`

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in #1097
chore(package): v2.0.9 by @chimurai in #1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

`v2.0.8`

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in #1090
fix(fixRequestBody): handle invalid request by @chimurai in #1091
chore(package): v2.0.8 by @chimurai in #1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

`v2.0.7`

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

`v2.0.6`

fix(proxyReqWs): catch socket errors (#763)

`v2.0.5`

fix(error handler): add default handler to econnreset (#759)

`v2.0.4`

fix(fix-request-body): improve content type check (#725) (kevinxh)

`v2.0.3`

feat(package): optional @types/express peer dependency (#707)

`v2.0.2`

chore(deps): update @types/http-proxy to 1.17.8 (#701)
fix(fixRequestBody): fix request body for empty JSON object requests (#640) (mhassan1)
fix(types): fix type regression (#700)

`v2.0.1`

fix(fixRequestBody): fix type error (#615)
test(coverage): improve coverage config (#609) (leonardobazico)
test: add test coverage to fixRequestBody and responseInterceptor (#608) (leonardobazico)
chore(typescript): extract handlers types (#603) (leonardobazico)

`v2.0.0`

chore(package): drop node 10 [BREAKING CHANGE] (#577)

`v1.3.1`

fix(fix-request-body): make sure the content-type exists (#578) (oufeng)

`v1.3.0`

docs(response interceptor): align with nodejs default utf8 (#567)
feat: try to proxy body even after body-parser middleware (#492) (midgleyc)

`v1.2.1`

fix(response interceptor): proxy original response headers (#563)

`v1.2.0`

feat(handler): response interceptor (#520)
fix(log error): handle undefined target when websocket errors (#527)

`v1.1.2`

fix(log error): handle optional target (#523)

`v1.1.1`

fix(error handler): re-throw http-proxy missing target error (#517)
refactor(dependency): remove camelcase
fix(option): optional target when router is used (#512)

`v1.1.0`

fix(errorHandler): fix confusing error message (#509)
fix(proxy): close proxy when server closes (#508)
refactor(lodash): remove lodash (#459) (#507) (TrySound)
fix(ETIMEDOUT): return 504 on ETIMEDOUT (#480) (aremishevsky)

`v1.0.6`

chore(deps): lodash 4.17.20 (#475)

`v1.0.5`

chore(deps): lodash 4.17.19 (#454)

If you want to rebase/retry this PR, check this box


          Update dependency http-proxy-middleware to v2

3277e67

mend-for-github-com bot added the security fix label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels