chore: bump up http-proxy-middleware version to v3.0.3 [SECURITY] (#8579)

This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware) | [`3.0.2` -> `3.0.3`](https://renovatebot.com/diffs/npm/http-proxy-middleware/3.0.2/3.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/http-proxy-middleware/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/http-proxy-middleware/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/http-proxy-middleware/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/http-proxy-middleware/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-21536](https://nvd.nist.gov/vuln/detail/CVE-2024-21536) Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. --- ### Release Notes <details> <summary>chimurai/http-proxy-middleware (http-proxy-middleware)</summary> ### [`v3.0.3`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v303) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.2...v3.0.3) - fix(pathFilter): handle errors </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
2024-11-23 05:02:17 +03:00 · 2024-10-23 02:17:27 +00:00 · 2024-10-23 02:17:27 +00:00 · 3f0219a002
commit 3f0219a002
parent dc89b583ba
1 changed files with 6 additions and 6 deletions
--- a/yarn.lock
+++ b/yarn.lock
@ -22379,8 +22379,8 @@ __metadata:
  linkType: hard

 "http-proxy-middleware@npm:^2.0.3":
-  version: 2.0.6
-  resolution: "http-proxy-middleware@npm:2.0.6"
+  version: 2.0.7
+  resolution: "http-proxy-middleware@npm:2.0.7"
  dependencies:
    "@types/http-proxy": "npm:^1.17.8"
    http-proxy: "npm:^1.18.1"
@ -22392,13 +22392,13 @@ __metadata:
  peerDependenciesMeta:
    "@types/express":
      optional: true
-  checksum: 10/768e7ae5a422bbf4b866b64105b4c2d1f468916b7b0e9c96750551c7732383069b411aa7753eb7b34eab113e4f77fb770122cb7fb9c8ec87d138d5ddaafda891
+  checksum: 10/4a51bf612b752ad945701995c1c029e9501c97e7224c0cf3f8bf6d48d172d6a8f2b57c20fec469534fdcac3aa8a6f332224a33c6b0d7f387aa2cfff9b67216fd
  languageName: node
  linkType: hard

 "http-proxy-middleware@npm:^3.0.0":
-  version: 3.0.2
-  resolution: "http-proxy-middleware@npm:3.0.2"
+  version: 3.0.3
+  resolution: "http-proxy-middleware@npm:3.0.3"
  dependencies:
    "@types/http-proxy": "npm:^1.17.15"
    debug: "npm:^4.3.6"
@ -22406,7 +22406,7 @@ __metadata:
    is-glob: "npm:^4.0.3"
    is-plain-object: "npm:^5.0.0"
    micromatch: "npm:^4.0.8"
-  checksum: 10/59be307aca2e0a8ba016bc8356e8a87cbfd53d65db5386edc65acd867ebd0a4683ff9be2e0eea12388cac13dffe387f0d374d35b01e625c98aee30c8f3023e72
+  checksum: 10/32f58c29288ca63e109909fb998bd0f6f50eb15a98dec9487eac07dfc4f09d8507dbfa00b44442d868bafa904bd633c8bbd55686bb13b4d4af4f5c5b3bbca430
  languageName: node
  linkType: hard