Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): bump htmp-proxy-middleware #2665

Closed
wants to merge 2 commits into from
Closed

fix(deps): bump htmp-proxy-middleware #2665

wants to merge 2 commits into from

Conversation

vaibhavarora14
Copy link

  • This is a bugfix
  • This is a feature
  • This is a code refactor
  • This is a test update
  • This is a docs update
  • This is a metadata update

For Bugs and Features; did you add new tests?

Motivation / Use-Case

A package named http-proxy fixes "Denial of Service" vulnerability in their 1.18.1 and later packages.
Package named http-proxy-middleware has submitted a independent release to handle this with https://github.com/chimurai/http-proxy-middleware/releases/tag/v0.19.2

Now I am requesting for webpack-dev-server to update http-proxy-middleware from 0.19.1 to 0.19.2 version

Breaking Changes

Additional Info

@jsf-clabot
Copy link

jsf-clabot commented Jun 30, 2020
edited
Loading

CLA assistant check
All committers have signed the CLA.

@codecov
Copy link

codecov bot commented Jun 30, 2020
edited
Loading

Codecov Report

Merging #2665 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #2665   +/-   ##
=======================================
  Coverage   93.77%   93.77%           
=======================================
  Files          34       34           
  Lines        1333     1333           
  Branches      381      381           
=======================================
  Hits         1250     1250           
  Misses         81       81           
  Partials        2        2

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ab1f21...587c267. Read the comment docs.

@vaibhavarora14
Copy link
Author

vaibhavarora14 commented Jun 30, 2020
edited
Loading

can anyone guide me a little on errors coming inside this pipelines regarding "commit message linting" and "tests run with coverage"?

@vaibhavarora14 vaibhavarora14 mentioned this pull request Jul 1, 2020
Closed
@nathggns
Copy link

This is triggering an alert on our vulnerability tracker – does anyone know what needs to happen to get this moving?

@moonflare moonflare mentioned this pull request Sep 28, 2020
Closed
6 tasks
@vaibhavarora14
Copy link
Author

@nathggns I would suggest to use yarn with "resolutions" feature available.
https://yarnpkg.com/configuration/manifest/#resolutions

it gives you better control in case you want specific child dependency to be fetched of different version, without waiting for it's parent to release a patch on that fix 😉

@alexander-akait
Copy link
Member

Fixed in v4, we are preparing the new release where it already fixed, anyway you can update it locally (don't forget about the lock file), anyway thanks for the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexander-akait alexander-akait Awaiting requested review from alexander-akait alexander-akait is a code owner

@hiroppy hiroppy Awaiting requested review from hiroppy hiroppy is a code owner

@knagaitsev knagaitsev Awaiting requested review from knagaitsev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vaibhavarora14 @jsf-clabot @nathggns @alexander-akait