Skip to content

fix(@angular-devkit/build-angular): update http-proxy-middleware to 3.0.7#33535

Merged
alan-agius4 merged 1 commit into
angular:21.2.xfrom
alan-agius4:fix-http-proxy-middleware-21.2.x
Jul 9, 2026
Merged

fix(@angular-devkit/build-angular): update http-proxy-middleware to 3.0.7#33535
alan-agius4 merged 1 commit into
angular:21.2.xfrom
alan-agius4:fix-http-proxy-middleware-21.2.x

Conversation

@alan-agius4

@alan-agius4 alan-agius4 commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

This updates http-proxy-middleware to version 3.0.7 to address a security vulnerability.

CVE-2026-55603.

Fixes #33534

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the dependency http-proxy-middleware from version 3.0.5 to 3.0.7 in both the root package.json and the packages/angular_devkit/build_angular/package.json files. I have no feedback to provide as there are no review comments.

@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: lts This PR is targeting a version currently in long-term support labels Jul 9, 2026
….0.7

This updates http-proxy-middleware to version 3.0.7 to address a security vulnerability.

CVE-2026-55603.

Fixes angular#33534
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Jul 9, 2026
@alan-agius4 alan-agius4 merged commit df54298 into angular:21.2.x Jul 9, 2026
34 of 35 checks passed
@alan-agius4 alan-agius4 deleted the fix-http-proxy-middleware-21.2.x branch July 9, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

action: merge The PR is ready for merge by the caretaker area: @angular-devkit/build-angular target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Development

Successfully merging this pull request may close these issues.

(CVE-2026-55603) http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody LTS

2 participants