From 6cf2389a8f6a57a2d1a2c1ed53e683c44a165e16 Mon Sep 17 00:00:00 2001 From: Adriana Lopez Lopez <71252798+dlpzx@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:25:37 +0200 Subject: [PATCH] Upgrade `http-proxy-middleware` 2.0.7 (#1656) ### Feature or Bugfix - Upgrade dependencies ### Detail Upgrade `http-proxy-middleware` from 2.0.6 -> 2.0.7 Solves: https://github.com/advisories/GHSA-c7qv-q95q-8v27 ### Relates - https://github.com/advisories/GHSA-c7qv-q95q-8v27 ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored? - Are you introducing any new policies/roles/users? - Have you used the least-privilege principle? How? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- frontend/package-lock.json | 6 +++--- frontend/package.json | 6 ++++-- frontend/yarn.lock | 8 ++++---- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/frontend/package-lock.json b/frontend/package-lock.json index b25a528f7..5378d63cd 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -20885,9 +20885,9 @@ } }, "node_modules/http-proxy-middleware": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz", - "integrity": "sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw==", + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.7.tgz", + "integrity": "sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA==", "dependencies": { "@types/http-proxy": "^1.17.8", "http-proxy": "^1.18.1", diff --git a/frontend/package.json b/frontend/package.json index 887716522..8e4ad8aa5 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -100,7 +100,8 @@ "path-to-regexp": "0.1.10", "body-parser": "^1.20.3", "send": "0.19.0", - "rollup": "3.29.5" + "rollup": "3.29.5", + "http-proxy-middleware": "2.0.7" }, "resolutions": { "react-redux": "^7.2.6", @@ -120,7 +121,8 @@ "path-to-regexp": "0.1.10", "body-parser": "^1.20.3", "send": "0.19.0", - "rollup": "3.29.5" + "rollup": "3.29.5", + "http-proxy-middleware": "2.0.7" }, "devDependencies": { "env-cmd": "^10.1.0", diff --git a/frontend/yarn.lock b/frontend/yarn.lock index e21471454..34b4ebbb9 100644 --- a/frontend/yarn.lock +++ b/frontend/yarn.lock @@ -9201,10 +9201,10 @@ http-proxy-agent@^4.0.1: agent-base "6" debug "4" -http-proxy-middleware@^2.0.3: - version "2.0.6" - resolved "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.6.tgz" - integrity sha512-ya/UeJ6HVBYxrgYotAZo1KvPWlgB48kUJLDePFeneHsVujFaW5WNj2NgWCAE//B1Dl02BIfYlpNgBy8Kf8Rjmw== +http-proxy-middleware@2.0.7: + version "2.0.7" + resolved "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.7.tgz" + integrity sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA== dependencies: "@types/http-proxy" "^1.17.8" http-proxy "^1.18.1"