Skip to content

chore(deps): bump the server-dependencies group with 2 updates#1075

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/server-dependencies-eb85516c44
Open

chore(deps): bump the server-dependencies group with 2 updates#1075
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/server-dependencies-eb85516c44

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Bumps the server-dependencies group with 2 updates: ejs and http-proxy-middleware.

Updates ejs from 5.0.2 to 6.0.1

Release notes

Sourced from ejs's releases.

v6.0.1

Version 6.0.1

Commits

Updates http-proxy-middleware from 3.0.5 to 4.0.0

Release notes

Sourced from http-proxy-middleware's releases.

v4.0.0

Notable changes

  • Switched proxy from http-proxy to httpxy ✨ (chimurai/http-proxy-middleware#1160) This replaces a long-standing core dependency and brings in many upstream fixes and behavior improvements documented by the httpxy project: unjs/httpxy#2

  • ESM-only package [BREAKING CHANGE] 💣 http-proxy-middleware now ships as native ES modules only. CommonJS require() usage is no longer supported, so imports should use ESM syntax.

  • Updated Node.js support policy [BREAKING CHANGE] 💣 Dropped Node.js 14, 16, 18, and 20. New minimum supported runtime is Node.js 22.15.0

  • Removed legacyCreateProxyMiddleware() [BREAKING CHANGE] 💣 The legacy compatibility wrapper has been removed as part of API cleanup. Use createProxyMiddleware() directly.

  • Added IPv6 literal support ✨ target and forward now support literal IPv6 URLs, for example: http://[::1]:3000.

  • Experimental Hono support 🧪 Added createHonoProxyMiddleware() for Hono apps, including dedicated subpath support via http-proxy-middleware/hono.

Many thanks to everyone who helped make this release possible. 🙏

What's Changed

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v4.0.0

  • fix(types): fix Logger type
  • fix(error-response-plugin): sanitize input
  • feat: drop node v14/v16/v18 [BREAKING CHANGE]
  • refactor: replace http-proxy w/ httpxy
  • chore: remove legacyCreateProxyMiddleware() [BREAKING CHANGE]
  • ci: migrate from jest to vitest
  • chore(package.json): esm only [BREAKING CHANGE]
  • chore(package.json): bump to httpxy 0.5.0 (#1183)
  • chore(package.json): drop node20 [BREAKING CHANGE] (#1179)
  • refactor: remove deprecated url.parse() (#1176)
  • fix(fixRequestBody): support content-encoding on request body (#1142)
  • fix: prevent TypeError when ws enabled but server is undefined (#1163)
  • fix: applyPathRewrite logs old req.url instead of rewritten path (#1157)
  • feat(hono): support for hono with createHonoProxyMiddleware
  • feat(ipv6): support literal IPv6 addresses in target and forward options (ie. "http://[::1]:8000")
  • chore(package.json): bump httpxy to ^0.5.1
  • fix(logger-plugin): support ipv6 host and handle undefined protocol/host
  • ci(publish.yml): pin github.triggering_actor
  • chore(package.json): node ^22.15.0 (#1218)
  • refactor(package): subpath 'http-proxy-middleware/hono' (#1220)
  • chore: node 26 support
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the server-dependencies group with 2 updates
8ce682a 
Bumps the server-dependencies group with 2 updates: [ejs](https://github.com/mde/ejs) and [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware).


Updates `ejs` from 5.0.2 to 6.0.1
- [Release notes](https://github.com/mde/ejs/releases)
- [Changelog](https://github.com/mde/ejs/blob/main/RELEASE_NOTES_v5.md)
- [Commits](mde/ejs@v5.0.2...v6.0.1)

Updates `http-proxy-middleware` from 3.0.5 to 4.0.0
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/master/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v3.0.5...v4.0.0)

---
updated-dependencies:
- dependency-name: ejs
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: server-dependencies
- dependency-name: http-proxy-middleware
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: server-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@carlosthe19916
fix: set no limit to commit message
d63cc27 
Signed-off-by: Carlos Feria <2582866+carlosthe19916@users.noreply.github.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented May 29, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 50.70%. Comparing base (746ee90) to head (d63cc27).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1075   +/-   ##
=======================================
  Coverage   50.70%   50.70%           
=======================================
  Files         253      253           
  Lines        5499     5499           
  Branches     1660     1660           
=======================================
  Hits         2788     2788           
  Misses       2440     2440           
  Partials      271      271
Flag Coverage Δ
e2e 68.96% <ø> (ø)
unit 2.01% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

Trustify
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@carlosthe19916