Skip to content

Bump http-proxy-middleware from 3.0.5 to 4.0.0#73

Merged
SilverKnightKMA merged 1 commit intomainfrom
dependabot/npm_and_yarn/http-proxy-middleware-4.0.0
May 6, 2026
Merged

Bump http-proxy-middleware from 3.0.5 to 4.0.0#73
SilverKnightKMA merged 1 commit intomainfrom
dependabot/npm_and_yarn/http-proxy-middleware-4.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps http-proxy-middleware from 3.0.5 to 4.0.0.

Release notes

Sourced from http-proxy-middleware's releases.

v4.0.0

Notable changes

  • Switched proxy from http-proxy to httpxy ✨ This replaces a long-standing core dependency and brings in many upstream fixes and behavior improvements documented by the httpxy project: unjs/httpxy#2.

  • ESM-only package [BREAKING CHANGE] 💣 http-proxy-middleware now ships as native ES modules only. CommonJS require() usage is no longer supported, so imports should use ESM syntax.

  • Updated Node.js support policy [BREAKING CHANGE] 💣 Dropped Node.js 14, 16, 18, and 20. New minimum supported runtime is Node.js 22.15.0

  • Removed legacyCreateProxyMiddleware() [BREAKING CHANGE] 💣 The legacy compatibility wrapper has been removed as part of API cleanup. Use createProxyMiddleware() directly.

  • Added IPv6 literal support ✨ target and forward now support literal IPv6 URLs, for example: http://[::1]:3000.

  • Experimental Hono support 🧪 Added createHonoProxyMiddleware() for Hono apps, including dedicated subpath support via http-proxy-middleware/hono.

Many thanks to everyone who helped make this release possible. 🙏

What's Changed

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v4.0.0

  • fix(types): fix Logger type
  • fix(error-response-plugin): sanitize input
  • feat: drop node v14/v16/v18 [BREAKING CHANGE]
  • refactor: replace http-proxy w/ httpxy
  • chore: remove legacyCreateProxyMiddleware() [BREAKING CHANGE]
  • ci: migrate from jest to vitest
  • chore(package.json): esm only [BREAKING CHANGE]
  • chore(package.json): bump to httpxy 0.5.0 (#1183)
  • chore(package.json): drop node20 [BREAKING CHANGE] (#1179)
  • refactor: remove deprecated url.parse() (#1176)
  • fix(fixRequestBody): support content-encoding on request body (#1142)
  • fix: prevent TypeError when ws enabled but server is undefined (#1163)
  • fix: applyPathRewrite logs old req.url instead of rewritten path (#1157)
  • feat(hono): support for hono with createHonoProxyMiddleware
  • feat(ipv6): support literal IPv6 addresses in target and forward options (ie. "http://[::1]:8000")
  • chore(package.json): bump httpxy to ^0.5.1
  • fix(logger-plugin): support ipv6 host and handle undefined protocol/host
  • ci(publish.yml): pin github.triggering_actor
  • chore(package.json): node ^22.15.0 (#1218)
  • refactor(package): subpath 'http-proxy-middleware/hono' (#1220)
  • chore: node 26 support
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump http-proxy-middleware from 3.0.5 to 4.0.0
2ccdd75 
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 3.0.5 to 4.0.0.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/master/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v3.0.5...v4.0.0)

---
updated-dependencies:
- dependency-name: http-proxy-middleware
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from SilverKnightKMA as a code owner May 6, 2026 02:54
@SilverKnightKMA SilverKnightKMA merged commit 98990c6 into main May 6, 2026
5 checks passed
@SilverKnightKMA SilverKnightKMA deleted the dependabot/npm_and_yarn/http-proxy-middleware-4.0.0 branch May 6, 2026 02:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SilverKnightKMA SilverKnightKMA Awaiting requested review from SilverKnightKMA SilverKnightKMA is a code owner

Assignees

@SilverKnightKMA SilverKnightKMA

Labels

automated dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SilverKnightKMA