From 3f0219a002be35ce1c257920ce92bd6872847f85 Mon Sep 17 00:00:00 2001 From: renovate <29139614+renovate@users.noreply.github.com> Date: Wed, 23 Oct 2024 02:17:27 +0000 Subject: [PATCH] chore: bump up http-proxy-middleware version to v3.0.3 [SECURITY] (#8579) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware) | [`3.0.2` -> `3.0.3`](https://renovatebot.com/diffs/npm/http-proxy-middleware/3.0.2/3.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/http-proxy-middleware/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/http-proxy-middleware/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/http-proxy-middleware/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/http-proxy-middleware/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-21536](https://nvd.nist.gov/vuln/detail/CVE-2024-21536) Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. --- ### Release Notes
chimurai/http-proxy-middleware (http-proxy-middleware) ### [`v3.0.3`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v303) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.2...v3.0.3) - fix(pathFilter): handle errors
--- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). --- yarn.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/yarn.lock b/yarn.lock index 8eb584a7c2..3045393045 100644 --- a/yarn.lock +++ b/yarn.lock @@ -22379,8 +22379,8 @@ __metadata: linkType: hard "http-proxy-middleware@npm:^2.0.3": - version: 2.0.6 - resolution: "http-proxy-middleware@npm:2.0.6" + version: 2.0.7 + resolution: "http-proxy-middleware@npm:2.0.7" dependencies: "@types/http-proxy": "npm:^1.17.8" http-proxy: "npm:^1.18.1" @@ -22392,13 +22392,13 @@ __metadata: peerDependenciesMeta: "@types/express": optional: true - checksum: 10/768e7ae5a422bbf4b866b64105b4c2d1f468916b7b0e9c96750551c7732383069b411aa7753eb7b34eab113e4f77fb770122cb7fb9c8ec87d138d5ddaafda891 + checksum: 10/4a51bf612b752ad945701995c1c029e9501c97e7224c0cf3f8bf6d48d172d6a8f2b57c20fec469534fdcac3aa8a6f332224a33c6b0d7f387aa2cfff9b67216fd languageName: node linkType: hard "http-proxy-middleware@npm:^3.0.0": - version: 3.0.2 - resolution: "http-proxy-middleware@npm:3.0.2" + version: 3.0.3 + resolution: "http-proxy-middleware@npm:3.0.3" dependencies: "@types/http-proxy": "npm:^1.17.15" debug: "npm:^4.3.6" @@ -22406,7 +22406,7 @@ __metadata: is-glob: "npm:^4.0.3" is-plain-object: "npm:^5.0.0" micromatch: "npm:^4.0.8" - checksum: 10/59be307aca2e0a8ba016bc8356e8a87cbfd53d65db5386edc65acd867ebd0a4683ff9be2e0eea12388cac13dffe387f0d374d35b01e625c98aee30c8f3023e72 + checksum: 10/32f58c29288ca63e109909fb998bd0f6f50eb15a98dec9487eac07dfc4f09d8507dbfa00b44442d868bafa904bd633c8bbd55686bb13b4d4af4f5c5b3bbca430 languageName: node linkType: hard