build(deps): bump the npm_and_yarn group across 1 directory with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
webpack-dev-server	2.11.3	5.2.1
minimist	0.2.0	0.2.4
cli	0.6.6	removed
highlight.js	9.15.5	9.18.5
elliptic	6.4.1	6.6.1
fstream	1.0.11	1.0.12
tunnel-agent	0.4.3	0.6.0
request	2.40.0	2.88.2
js-yaml	3.12.1	3.14.1
lodash.mergewith	4.6.1	4.6.2
mixin-deep	1.3.1	1.3.2
object-path	0.11.4	removed
set-value	2.0.0	2.0.1
yargs-parser	5.0.0	5.0.1
y18n	3.2.1	3.2.2

Updates webpack-dev-server from 2.11.3 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits

• 0d22a08 chore(release): 5.2.1
• 6045b1e chore(deps): update (#5444)
• ffd0b86 fix: take the first network found instead of the last one, this restores the ...
• 9ea7b08 ci: update dependency-review-action (#5442)
• 5c9378b Merge commit from fork
• d2575ad Merge commit from fork
• 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
• 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
• 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
• 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Updates minimist from 0.2.0 to 0.2.4

Changelog

Sourced from minimist's changelog.

v0.2.4 - 2023-02-24

Commits

• [Tests] check side-effects of pollution protection 3dbebff
• [Robustness] rework isConstructorOrProto 34e20b8
• [Dev Deps] update tape d031f9b

v0.2.3 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 36ac5d0
• [eslint] fix indentation 34b0f1c
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] add missing npmignore dev dep 3226afa

v0.2.2 - 2022-10-10

Commits

• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0

v0.2.1 - 2020-03-12

Commits

• 8c6be48 v0.2.4
• d031f9b [Dev Deps] update tape
• 3dbebff [Tests] check side-effects of pollution protection
• 34e20b8 [Robustness] rework isConstructorOrProto
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Removes cli

Updates highlight.js from 9.15.5 to 9.18.5

Release notes

Sourced from highlight.js's releases.

11.10.0 - Welcome to the 2024 Mega-smorgisbord update.

Sorry for the wait, this one is a doozie, thanks to all the contributors who made it possible!

---

CAVEATS / POTENTIALLY BREAKING CHANGES

[!IMPORTANT] This version drops support for Node 16.x, which is no longer supported by Node.js.

---

Core Grammars:

• enh(typescript) add support for satisfies operator [Kisaragi Hiu][]
• enc(c) added more C23 keywords [Melkor-1][]
• enh(json) added jsonc as an alias [BackupMiles][]
• enh(gml) updated to latest language version (GML v2024.2) [gnysek][]
• enh(c) added more C23 keywords and preprcoessor directives [Eisenwave][]
• enh(js/ts) support namespaced tagged template strings [Aral Balkan][]
• enh(perl) fix false-positive variable match at end of string [Josh Goebel][]
• fix(cpp) not all kinds of number literals are highlighted correctly [Lê Duy Quang][]
• fix(css) fix overly greedy pseudo class matching [Bradley Mackey][]
• enh(arcade) updated to ArcGIS Arcade version 1.24 [Kristian Ekenes][]
• fix(typescript): params types [Mohamed Ali][]
• fix(rust) fix escaped double quotes in string [Mohamed Ali][]
• fix(rust) fix for r# raw identifier not being highlighted correctly. [JaeBaek Lee][]
• enh(rust) Adding union to be recognized as a keyword in Rust. [JaeBaek Lee][]
• fix(yaml) fix for yaml with keys having brackets highlighted incorrectly [Aneesh Kulkarni][]
• fix(csharp) add raw string highlighting for C# 11. [Tara][]
• fix(bash) fix # within token being detected as the start of a comment [Felix Uhl][]
• fix(python) fix or conflicts with string highlighting [Mohamed Ali][]
• enh(python) adds a scope to the self variable [Lee Falin][]
• enh(delphi) allow digits to be omitted for hex and binary literals [Jonah Jeleniewski][]
• enh(delphi) add support for digit separators [Jonah Jeleniewski][]
• enh(delphi) add support for character strings with non-decimal numerics [Jonah Jeleniewski][]
• fix(javascript) incorrect function name highlighting [CY Fung][]
• fix(1c) fix escaped symbols "+-;():=,[]" literals [Vitaly Barilko][]
• fix(swift) correctly highlight generics and conformances in type definitions [Bradley Mackey][]
• enh(swift) add package keyword [Bradley Mackey][]
• fix(swift) ensure keyword attributes highlight correctly [Bradley Mackey][]
• fix(types) fix interface LanguageDetail > keywords [Patrick Chiu]
• enh(java) add goto to be recognized as a keyword in Java [Alvin Joy][]
• enh(bash) add keyword sudo [Alvin Joy][]
• fix(haxe) captures new keyword without capturing it within variables/class names [Cameron Taylor][]
• fix(go) fix go number literals to accept _ separators, add hex p exponents [Lisa Ugray][]
• enh(markdown) add entity support [David Schach][] [TaraLei][]
• enh(css) add justify-items and justify-self attributes [Vasily Polovnyov][]
• enh(css) add accent-color, appearance, color-scheme, rotate, scale and translate attributes [Carl Räfting][]
• fix(fortran) fixes parsing of keywords delimited by dots [Julien Bloino][]

... (truncated)

Changelog

Sourced from highlight.js's changelog.

Release v9.18.5

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• enh: Post-install script can be disabled with HLJS_HIDE_UPGRADE_WARNING=yes
• fix: Deprecation notice logged at library startup a console.log vs console.warn.
  • Notice only shown if actually highlighting code, not just requiring the library.
  • Node.js treats warn the same as error and that was problematic.
  • You (or perhaps your indirect dependency) may disable the notice with the hideUpgradeWarningAcceptNoSupportOrSecurityUpdates option
  • You can also set HLJS_HIDE_UPGRADE_WARNING=yes in your envionment to disable the warning

Example:

hljs.configure({
  hideUpgradeWarningAcceptNoSupportOrSecurityUpdates: true
})

Reference: highlightjs/highlight.js#2877

Release v9.18.4

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• fix(livescript) fix potential catastrophic backtracking (#2852) [commit]

Version 9.18.3

• fix(parser) Freezing issue with illegal 0 width illegals (#2524)
  • backported from v10.x

Version 9.18.2

Fixes:

• fix(night) Prevent object prototype values from being returned by getLanguage (#2636) night

... (truncated)

Commits

• f54e96c 9.18.5
• c34318b fix the link since i saw it
• d2e9bdd include date of last release
• f5e0645 typos and tweaks
• 2e0e8ee changelog
• dc45f7c fix(livescript) fix potential catastrophic backtracking
• 0a2624a update readme
• d571b23 add warning
• ec0bfd5 9.18.4
• 2a04835 bump v9.18.3
• Additional commits viewable in compare view

Updates dns-packet from 1.3.1 to 5.6.1

Changelog

Sourced from dns-packet's changelog.

Version 5.6.0 - 2023-04-18

• Feature: Added support for the TLSA record type.

Version 5.5.0 - 2023-03-27

• Feature: Added support for the NAPTR record type.

Version 5.4.0 - 2022-06-14

• Feature: Added support for the SSHFP record type.

Version 5.2.0 - 2019-02-21

• Feature: Added support for de/encoding certain OPT options.

Version 5.1.0 - 2019-01-22

• Feature: Added support for the RP record type.

Version 5.0.0 - 2018-06-01

• Breaking: Node.js 6.0.0 or greater is now required.
• Feature: Added support for DNSSEC record types.

Version 4.1.0 - 2018-02-11

• Feature: Added support for the MX record type.

Version 4.0.0 - 2018-02-04

• Feature: Added streamEncode and streamDecode methods for encoding TCP packets.
• Breaking: Changed the decoded value of TXT records to an array of Buffers. This is to accomodate DNS-SD records which rely on the individual strings record being separated.
• Breaking: Renamed the flag_trunc and flag_auth to flag_tc and flag_aa to match the names of these in the dns standards.

Version 3.0.0 - 2018-01-12

• Breaking: The class option has been changed from integer to string.

Version 2.0.0 - 2018-01-11

• Breaking: Converted module to ES2015, now requires Node.js 4.0 or greater

Commits

• 7b66620 v5.6.1
• 13f19d9 Proper Encoding/Decoding for Email Name Representation for SOA and RP Records...
• 519f55d test node 20
• e50f34c 5.6.0
• f14f483 Add TLSA support (#92)
• ec4d317 sort record types in README alphabetically
• a0687b3 5.5.0
• aca1ff7 implement the NAPTR record (#89)
• 31d3caf 5.4.0
• 0fc249c add SSHFP to readme
• Additional commits viewable in compare view

Updates elliptic from 6.4.1 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• Additional commits viewable in compare view

Updates fstream from 1.0.11 to 1.0.12

Commits

• 4235459 1.0.12
• 6a77d2f Clobber a Link if it's in the way of a File
• See full diff in compare view

Updates uglify-js from 2.3.6 to 2.8.29

Commits

• 0af80ec v2.8.29
• 23876a8 v2.8.28
• 092d027 Merge pull request #2048 from alexlamsl/v2.8.28
• 06296be add tests for AST_SymbolAccessor (#2049)
• 3818a9e fix non-identifier getter/setter name (#2041)
• 75e2748 v2.8.27
• a7c987a Merge pull request #1971 from alexlamsl/v2.8.27
• 957c54b introduce unsafe_regexp (#1970)
• 4cbf5a7 v2.8.26
• 93d4224 Merge pull request #1947 from alexlamsl/v2.8.26
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by alexlamsl, a new releaser for uglify-js since your current version.

Updates highlight.js from 9.15.5 to 9.18.5

Release notes

Sourced from highlight.js's releases.

11.10.0 - Welcome to the 2024 Mega-smorgisbord update.

Sorry for the wait, this one is a doozie, thanks to all the contributors who made it possible!

---

CAVEATS / POTENTIALLY BREAKING CHANGES

[!IMPORTANT] This version drops support for Node 16.x, which is no longer supported by Node.js.

---

Core Grammars:

• enh(typescript) add support for satisfies operator [Kisaragi Hiu][]
• enc(c) added more C23 keywords [Melkor-1][]
• enh(json) added jsonc as an alias [BackupMiles][]
• enh(gml) updated to latest language version (GML v2024.2) [gnysek][]
• enh(c) added more C23 keywords and preprcoessor directives [Eisenwave][]
• enh(js/ts) support namespaced tagged template strings [Aral Balkan][]
• enh(perl) fix false-positive variable match at end of string [Josh Goebel][]
• fix(cpp) not all kinds of number literals are highlighted correctly [Lê Duy Quang][]
• fix(css) fix overly greedy pseudo class matching [Bradley Mackey][]
• enh(arcade) updated to ArcGIS Arcade version 1.24 [Kristian Ekenes][]
• fix(typescript): params types [Mohamed Ali][]
• fix(rust) fix escaped double quotes in string [Mohamed Ali][]
• fix(rust) fix for r# raw identifier not being highlighted correctly. [JaeBaek Lee][]
• enh(rust) Adding union to be recognized as a keyword in Rust. [JaeBaek Lee][]
• fix(yaml) fix for yaml with keys having brackets highlighted incorrectly [Aneesh Kulkarni][]
• fix(csharp) add raw string highlighting for C# 11. [Tara][]
• fix(bash) fix # within token being detected as the start of a comment [Felix Uhl][]
• fix(python) fix or conflicts with string highlighting [Mohamed Ali][]
• enh(python) adds a scope to the self variable [Lee Falin][]
• enh(delphi) allow digits to be omitted for hex and binary literals [Jonah Jeleniewski][]
• enh(delphi) add support for digit separators [Jonah Jeleniewski][]
• enh(delphi) add support for character strings with non-decimal numerics [Jonah Jeleniewski][]
• fix(javascript) incorrect function name highlighting [CY Fung][]
• fix(1c) fix escaped symbols "+-;():=,[]" literals [Vitaly Barilko][]
• fix(swift) correctly highlight generics and conformances in type definitions [Bradley Mackey][]
• enh(swift) add package keyword [Bradley Mackey][]
• fix(swift) ensure keyword attributes highlight correctly [Bradley Mackey][]
• fix(types) fix interface LanguageDetail > keywords [Patrick Chiu]
• enh(java) add goto to be recognized as a keyword in Java [Alvin Joy][]
• enh(bash) add keyword sudo [Alvin Joy][]
• fix(haxe) captures new keyword without capturing it within variables/class names [Cameron Taylor][]
• fix(go) fix go number literals to accept _ separators, add hex p exponents [Lisa Ugray][]
• enh(markdown) add entity support [David Schach][] [TaraLei][]
• enh(css) add justify-items and justify-self attributes [Vasily Polovnyov][]
• enh(css) add accent-color, appearance, color-scheme, rotate, scale and translate attributes [Carl Räfting][]
• fix(fortran) fixes parsing of keywords delimited by dots [Julien Bloino][]

... (truncated)

Changelog

Sourced from highlight.js's changelog.

Release v9.18.5

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• enh: Post-install script can be disabled with HLJS_HIDE_UPGRADE_WARNING=yes
• fix: Deprecation notice logged at library startup a console.log vs console.warn.
  • Notice only shown if actually highlighting code, not just requiring the library.
  • Node.js treats warn the same as error and that was problematic.
  • You (or perhaps your indirect dependency) may disable the notice with the hideUpgradeWarningAcceptNoSupportOrSecurityUpdates option
  • You can also set HLJS_HIDE_UPGRADE_WARNING=yes in your envionment to disable the warning

Example:

hljs.configure({
  hideUpgradeWarningAcceptNoSupportOrSecurityUpdates: true
})

Reference: highlightjs/highlight.js#2877

Release v9.18.4

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• fix(livescript) fix potential catastrophic backtracking (#2852) [commit]

Version 9.18.3

• fix(parser) Freezing issue with illegal 0 width illegals (#2524)
  • backported from v10.x

Version 9.18.2

Fixes:

• fix(night) Prevent object prototype values from being returned by getLanguage (#2636) night

... (truncated)

Commits

• f54e96c 9.18.5
• c34318b fix the link since i saw it
• d2e9bdd include date of last release
• f5e0645 typos and tweaks
• 2e0e8ee changelog
• dc45f7c fix(livescript) fix potential catastrophic backtracking
• 0a2624a update readme
• d571b23 add warning
• ec0bfd5 9.18.4
• 2a04835 bump v9.18.3
• Additional commits viewable in compare view

Updates tunnel-agent from 0.4.3 to 0.6.0

Commits

• 67df643 0.6.0
• 9ca95ec Use .from
• 8a7c86e 0.5.1
• 5fe6221 0.5.0
• 5bbaf62 Merge pull request #25 from request/safe-buffer
• cdc47b9 Migrating to safe-buffer for security reasons.
• See full diff in compare view

Updates request from 2.40.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

v2.83.0 (2017/09/27)

• #2776 Updating tough-cookie due to security fix. (#2776) (@​karlnorling)

v2.82.0 (2017/09/19)

• #2703 Add Node.js v8 to Travis CI (@​ryysud)
• #2751 Update of hawk and qs to latest version (#2751) (@​Olivier-Moreau)
• #2658 Fixed some text in README.md (#2658) (@​Marketionist)
• #2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@​greenkeeperio-bot)
• #2641 Update README to simplify & update convenience methods (#2641) (@​FredKSchott)
• #2541 Add convenience method for HTTP OPTIONS (#2541) (@​jamesseanwright)
• #2605 Add promise support section to README (#2605) (@​FredKSchott)
• #2579 refactor(lint): replace eslint with standard (#2579) (@​ahmadnassri)
• #2598 Update codecov to version 2.0.2 🚀 (@​greenkeeperio-bot)
• #2590 Adds test-timing keepAlive test (@​nicjansma)
• #2589 fix tabulation on request example README.MD (@​odykyi)
• #2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@​ahmadnassri)

v2.81.0 (2017/03/09)

• #2584 Security issue: Upgrade qs to version 6.4.0 (@​sergejmueller)
• #2578 safe-buffer doesn't zero-fill by default, its just a polyfill. (#2578) (@​mikeal)
• #2566 Timings: Tracks 'lookup', adds 'wait' time, fixes connection re-use (#2566) (@​nicjansma)
• #2574 Migrating to safe-buffer for improved security. (@​mikeal)
• #2573 fixes #2572 (@​ahmadnassri)

v2.80.0 (2017/03/04)

... (truncated)

Commits

• See full diff in compare view

Updates http-proxy from 1.17.0 to 1.18.1

Changelog

Sourced from http-proxy's changelog.

v1.18.1 - 2020-05-17

Merged

• Skip sending the proxyReq event when the expect header is present [#1447](https://github.com/http-party/node-http-proxy/issues/1447)
• Remove node6 support, add node12 to build [#1397](https://github.com/http-party/node-http-proxy/issues/1397)

1.18.0 - 2019-09-18

Merged

• Added in auto-changelog module set to keepachangelog format [#1373](https://github.com/http-party/node-http-proxy/issues/1373)
• fix 'Modify Response' readme section to avoid unnecessary array copying [#1300](https://github.com/http-party/node-http-proxy/issues/1300)
• Fix incorrect target name for reverse proxy example [#1135](https://github.com/http-party/node-http-proxy/issues/1135)
• Fix modify response middleware example [#1139](https://github.com/http-party/node-http-proxy/issues/1139)
• [dist] Update dependency async to v3 [#1359](https://github.com/http-party/node-http-proxy/issues/1359)
• Fix path to local http-proxy in examples. [#1072](https://github.com/http-party/node-http-proxy/issues/1072)
• fix reverse-proxy example require path [#1067](https://github.com/http-party/node-http-proxy/issues/1067)
• Update README.md [#970](https://github.com/http-party/node-http-proxy/issues/970)
• [dist] Update dependency request to ~2.88.0 [SECURITY] [#1357](https://github.com/http-party/node-http-proxy/issues/1357)
• [dist] Update dependency eventemitter3 to v4 [#1365](https://github.com/http-party/node-http-proxy/issues/1365)
• [dist] Update dependency colors to v1 [#1360](https://github.com/http-party/node-http-proxy/issues/1360)
• [dist] Update all non-major dependencies [#1356](https://github.com/http-party/node-http-proxy/issues/1356)
• [dist] Update dependency agentkeepalive to v4 [#1358](https://github.com/http-party/node-http-proxy/issues/1358)
• [dist] Update dependency nyc to v14 [#1367](https://github.com/http-party/node-http-proxy/issues/1367)
• [dist] Update dependency concat-stream to v2 [#1363](https://github.com/http-party/node-http-proxy/issues/1363)
• x-forwarded-host overwrite for mutli level proxies [#1267](https://github.com/http-party/node-http-proxy/issues/1267)
• [refactor doc] Complete rename to http-party org. [#1362](https://github.com/http-party/node-http-proxy/issues/1362)
• Highlight correct lines for createProxyServer [#1117](https://github.com/http-party/node-http-proxy/issues/1117)
• Fix docs for rewrite options - 201 also handled [#1147](https://github.com/http-party/node-http-proxy/issues/1147)
• Update .nyc_output [#1339](https://github.com/http-party/node-http-proxy/issues/1339)
• Configure Renovate [#1355](https://github.com/http-party/node-http-proxy/issues/1355)
• [examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded [#1264](https://github.com/http-party/node-http-proxy/issues/1264)

Commits

• [dist] New test fixtures. 7e4a0e5
• [dist] End of an era. a9b09cc
• [dist] Version bump. 1.18.0 9bbe486
• [fix] Latest versions. 59c4403
• [fix test] Update tests. dd1d08b
• [dist] Update dependency ws to v3 [SECURITY] b00911c
• [dist] .gitattributes all the things. fc93520
• [dist] Regenerate package-lock.json. 16d4f8a

Commits

• 9b96cd7 1.18.1
• 335aeeb Skip sending the proxyReq event when the expect header is present (#1447)
• dba3966 Remove node6 support, add node12 to build (#1397)
• 9bbe486 [dist] Version bump. 1.18.0
• 6e4bef4 Added in auto-changelog module set to keepachangelog format (#1373)
• d056241 fix 'Modify Response' readme section to avoid unnecessary array copying (#1300)
• 244303b Fix incorrect target name for reverse proxy example (#1135)
• b4028ba Fix modify response middleware example (#1139)
• 77a9815 [dist] Update dependency async to v3 (