Skip to content

chore(deps): bump http-proxy-middleware from 2.0.9 to 2.0.10#4795

Merged
webpack[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/http-proxy-middleware-2.0.10
Jul 3, 2026
Merged

chore(deps): bump http-proxy-middleware from 2.0.9 to 2.0.10#4795
webpack[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/http-proxy-middleware-2.0.10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps http-proxy-middleware from 2.0.9 to 2.0.10.

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.10-beta.0

What's Changed

New Contributors

Full Changelog: chimurai/http-proxy-middleware@v2.0.9...v2.0.10-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.10

  • fix(router): harden proxy-table matching (exact host for host+path keys, prefix-only path matching) to prevent routing bypass
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.9 to 2.0.10.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.10/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.9...v2.0.10)

---
updated-dependencies:
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 3, 2026
@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: abef988

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@webpack webpack Bot enabled auto-merge (squash) July 3, 2026 20:34
@webpack webpack Bot merged commit 6cafa00 into main Jul 3, 2026
17 checks passed
@webpack webpack Bot deleted the dependabot/npm_and_yarn/http-proxy-middleware-2.0.10 branch July 3, 2026 20:51
alexander-akait added a commit that referenced this pull request Jul 3, 2026
webpack 5.108 introduces the universal, deno and bun targets and
supports combining targets like node and web via universal ESM
output, which broke the target flag tests:

- update the "Unknown target" stderr snapshots to include the new
  universal, deno and bun entries
- replace the "should throw an error for incompatible multiple
  targets" test with "should allow multiple different targets",
  since node + web now builds successfully
- bump webpack to 5.108.3 in the lockfile so the snapshots match
  the installed version

Fixes the failing CI on #4792 and unblocks #4795.


Claude-Session: https://claude.ai/code/session_012iKSSr35Ue6UtyA6rcw6UA

Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants