Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency http-proxy-middleware to v3.0.3 [SECURITY] #1724

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Update dependency http-proxy-middleware to v3.0.3 [SECURITY] #1724

merged 1 commit into from
Oct 23, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 22, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
http-proxy-middleware 3.0.2 -> 3.0.3 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-21536

Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.

Release Notes

chimurai/http-proxy-middleware (http-proxy-middleware)

v3.0.3

Compare Source

  • fix(pathFilter): handle errors

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team labels Oct 22, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 33.52%. Comparing base (55d481f) to head (caa5049).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master    #1724   +/-   ##
=========================================
  Coverage     33.52%   33.52%           
  Complexity     1608     1608           
=========================================
  Files           557      557           
  Lines         14477    14477           
  Branches        871      871           
=========================================
  Hits           4854     4854           
  Misses         9398     9398           
  Partials        225      225

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@RomuDeuxfois RomuDeuxfois merged commit 9102151 into master Oct 23, 2024
7 checks passed
@RomuDeuxfois RomuDeuxfois deleted the renovate/npm-http-proxy-middleware-vulnerability branch October 23, 2024 06:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RomuDeuxfois RomuDeuxfois RomuDeuxfois approved these changes

Assignees
No one assigned
Labels
dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@RomuDeuxfois