build(deps-dev): bump http-proxy-middleware from 3.0.5 to 3.0.7

[dependabot]

Bumps http-proxy-middleware from 3.0.5 to 3.0.7.

Release notes

Sourced from http-proxy-middleware's releases.

v3.0.7

What's Changed

• fix(fixRequestBody): harden form-data stringification by @​chimurai in chimurai/http-proxy-middleware#1259
• chore(package.json): v3.0.7 by @​chimurai in chimurai/http-proxy-middleware#1261

Full Changelog: chimurai/http-proxy-middleware@v3.0.6...v3.0.7

v3.0.6

What's Changed

• fix(types): fix Logger type by @​chimurai in chimurai/http-proxy-middleware#1104
• fix(fixRequestBody): support text/plain by @​knudtty in chimurai/http-proxy-middleware#1103
• chore(examples): bump deps by @​chimurai in chimurai/http-proxy-middleware#1105
• build(prettier): improve prettier setup by @​chimurai in chimurai/http-proxy-middleware#1108
• chore(deps): fix punycode node deprecation warning by @​chimurai in chimurai/http-proxy-middleware#1109
• chore(examples): bump deps by @​chimurai in chimurai/http-proxy-middleware#1110
• build(codespaces): add devcontainer.json by @​chimurai in chimurai/http-proxy-middleware#1112
• chore(package): bump dev dependencies by @​chimurai in chimurai/http-proxy-middleware#1116
• ci(github-action): ci.yml add node v24 by @​chimurai in chimurai/http-proxy-middleware#1117
• chore(package): bump dev dependencies by @​chimurai in chimurai/http-proxy-middleware#1118
• chore(package): upgrade to jest v30 by @​chimurai in chimurai/http-proxy-middleware#1122
• chore(examples): upgrade deps by @​chimurai in chimurai/http-proxy-middleware#1124
• chore(package): update dev deps by @​chimurai in chimurai/http-proxy-middleware#1125
• test(websocket): fix ws import by @​chimurai in chimurai/http-proxy-middleware#1126
• chore(refactor): use node: protocol imports by @​chimurai in chimurai/http-proxy-middleware#1127
• ci(node24): pin node24 due to TLS issue with mockttp by @​chimurai in chimurai/http-proxy-middleware#1137
• docs(recipes/pathRewrite.md): fix comment by @​DEBargha2004 in chimurai/http-proxy-middleware#1135
• chore(package): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1138
• chore(deps): update actions/checkout action to v5 by @​chimurai in chimurai/http-proxy-middleware#1140
• fix(error-response-plugin): sanitize input by @​chimurai in chimurai/http-proxy-middleware#1141
• chore(package.json): update dev deps by @​chimurai in chimurai/http-proxy-middleware#1143
• chore: add context7.json by @​chimurai in chimurai/http-proxy-middleware#1144
• build(eslint): update eslint.config.mjs by @​chimurai in chimurai/http-proxy-middleware#1145
• ci(github workflow): harden github workflows by @​chimurai in chimurai/http-proxy-middleware#1146
• chore(package): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1147
• ci(ci.yml): unpin node 24 by @​chimurai in chimurai/http-proxy-middleware#1148
• docs(recipes): fix servers.md http.createServer example by @​hacklschorsch in chimurai/http-proxy-middleware#1150
• ci: publish with oidc by @​chimurai in chimurai/http-proxy-middleware#1152
• chore(package.json): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1153
• chore(package.json): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1155
• chore(package.json): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1158
• test(types.spec.ts): add type check when req or res are 'any' by @​chimurai in chimurai/http-proxy-middleware#1161
• chore(package.json): bump deps by @​chimurai in chimurai/http-proxy-middleware#1164
• chore(package.json): eslint v10 by @​chimurai in chimurai/http-proxy-middleware#1165
• chore(package.json): bump dev deps by @​chimurai in chimurai/http-proxy-middleware#1166
• chore(package.json): bump dev-deps by @​chimurai in chimurai/http-proxy-middleware#1171
• docs(examples): fix websocket example by @​chimurai in chimurai/http-proxy-middleware#1170
• build(vscode): use workspace version of TypeScript by @​chimurai in chimurai/http-proxy-middleware#1173
• fix(router): harden proxy-table matching by @​chimurai in chimurai/http-proxy-middleware#1254
• chore(package.json): v3.0.6 by @​chimurai in chimurai/http-proxy-middleware#1256

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v3.0.7

• fix(fixRequestBody): harden form-data stringification

v3.0.6

• fix(types): fix Logger type
• fix(error-response-plugin): sanitize input
• fix(router): harden proxy-table matching (exact host for host+path keys, prefix-only path matching) to prevent routing bypass

Commits

• 8cc4eba chore(package.json): v3.0.7 (#1261)
• c13a99c fix(fixRequestBody): harden form-data stringification (#1259)
• ea0bb98 chore(package.json): v3.0.6 (#1256)
• f377520 fix(router): harden proxy-table matching (#1254)
• f6be2c6 chore(yarn.lock): bump to follow-redirects 1.16.0
• a36f009 ci(publish.yml): npm stage publish
• 3471790 ci(github actions): update publish.yml for 3.x branch
• bcf1864 build(vscode): use workspace version of TypeScript (#1173)
• 48ed092 docs(examples): fix websocket example (#1170)
• 0fe7c24 chore(package.json): bump dev-deps (#1171)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[greptile-apps]

Greptile Summary

Routine Dependabot bump of the dev-only http-proxy-middleware package from 3.0.5 to 3.0.7, pulling in three bug fixes from upstream.

• v3.0.6: hardens proxy-table router matching to prevent routing bypass, sanitizes error-response-plugin input, and adds text/plain support in fixRequestBody.
• v3.0.7: further hardens form-data stringification in fixRequestBody.
• The lock file also reflects a minor Node 14 engine floor change (^14.15.0 → ^14.18.0), which has no practical impact since Node 14 is end-of-life.

Confidence Score: 5/5

Safe to merge — this is a dev-only dependency bump that brings in upstream bug and hardening fixes with no breaking changes.

The change touches only package.json and package-lock.json, updating a dev dependency used for webpack proxying during local development. The two intermediate releases contain hardening fixes with no API surface changes.

No files require special attention.

Important Files Changed

Filename	Overview
package.json	Bumps http-proxy-middleware dev dependency from ^3.0.5 to ^3.0.7
package-lock.json	Lock file updated to resolve http-proxy-middleware 3.0.7 with new integrity hash; minimum Node 14 engine requirement tightened from ^14.15.0 to ^14.18.0 (Node 14 is EOL, no practical impact)

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[package.json\nhttp-proxy-middleware ^3.0.5] -->|Dependabot bump| B[package.json\nhttp-proxy-middleware ^3.0.7]
    B --> C[v3.0.6 fixes]
    B --> D[v3.0.7 fix]
    C --> C1[Router: harden proxy-table matching]
    C --> C2[Error-response-plugin: sanitize input]
    C --> C3[fixRequestBody: support text/plain]
    D --> D1[fixRequestBody: harden form-data stringification]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[package.json\nhttp-proxy-middleware ^3.0.5] -->|Dependabot bump| B[package.json\nhttp-proxy-middleware ^3.0.7]
    B --> C[v3.0.6 fixes]
    B --> D[v3.0.7 fix]
    C --> C1[Router: harden proxy-table matching]
    C --> C2[Error-response-plugin: sanitize input]
    C --> C3[fixRequestBody: support text/plain]
    D --> D1[fixRequestBody: harden form-data stringification]

Loading

_{Reviews (1): Last reviewed commit: "build(deps-dev): bump http-proxy-middlew..." | Re-trigger Greptile}