Skip to content

fix(@angular-devkit/build-angular): update http-proxy-middleware to 3.0.7#33536

Merged
alan-agius4 merged 1 commit into
angular:20.3.xfrom
alan-agius4:fix-http-proxy-middleware-20.3.x
Jul 9, 2026
Merged

fix(@angular-devkit/build-angular): update http-proxy-middleware to 3.0.7#33536
alan-agius4 merged 1 commit into
angular:20.3.xfrom
alan-agius4:fix-http-proxy-middleware-20.3.x

Conversation

@alan-agius4

@alan-agius4 alan-agius4 commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

This updates http-proxy-middleware to version 3.0.7 to address a security vulnerability.

CVE-2026-55603.

Fixes #33534

….0.7

This updates http-proxy-middleware to version 3.0.7 to address a security vulnerability.

CVE-2026-55603.

Fixes angular#33534

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the dependency 'http-proxy-middleware' from version 3.0.5 to 3.0.7 in both the root package.json and packages/angular_devkit/build_angular/package.json. There are no review comments, and I have no feedback to provide.

@alan-agius4 alan-agius4 requested a review from clydin July 9, 2026 14:03
@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: lts This PR is targeting a version currently in long-term support labels Jul 9, 2026
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Jul 9, 2026
@alan-agius4 alan-agius4 merged commit d4e07cb into angular:20.3.x Jul 9, 2026
51 of 59 checks passed
@alan-agius4 alan-agius4 deleted the fix-http-proxy-middleware-20.3.x branch July 9, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

action: merge The PR is ready for merge by the caretaker area: @angular-devkit/build-angular target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Development

Successfully merging this pull request may close these issues.

(CVE-2026-55603) http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody LTS

2 participants