feat(deps): upgrade http-proxy-middleware to v4.0.0-beta.2#189
feat(deps): upgrade http-proxy-middleware to v4.0.0-beta.2#189chenjiahan wants to merge 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Upgrades the dev server’s proxy middleware dependency to the http-proxy-middleware v4 beta (bringing in the upstream httpxy refactor) and updates the v1→v2 migration guide accordingly.
Changes:
- Bump
http-proxy-middlewarefrom^3.0.5to^4.0.0-beta.2. - Update
pnpm-lock.yamlto reflect the new dependency graph (httpxy, engine constraints, removed@types/http-proxy, etc.). - Adjust migration guide wording for the proxy middleware upgrade.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| pnpm-lock.yaml | Lockfile updates for http-proxy-middleware@4.0.0-beta.2 (incl. new httpxy and engine metadata). |
| package.json | Bumps http-proxy-middleware version spec. |
| docs/migrate-v1-to-v2.md | Updates the migration guide section header/text for the proxy middleware upgrade. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "http-compression": "^1.1.2", | ||
| "http-proxy": "^1.18.1", | ||
| "http-proxy-middleware": "^3.0.5", | ||
| "http-proxy-middleware": "^4.0.0-beta.2", |
There was a problem hiding this comment.
http-proxy-middleware@4.0.0-beta.2 declares engines.node: ^22.12.0 || >=24.0.0 (see pnpm-lock.yaml entry), which effectively drops Node 20 support at runtime. This conflicts with this package’s declared engines.node: ^20.19.0 || >=22.12.0; please either keep using a Node-20-compatible http-proxy-middleware release, or bump this package’s engine range + migration docs to match the new minimum Node requirement.
| "http-proxy-middleware": "^4.0.0-beta.2", | |
| "http-proxy-middleware": "^3.0.0", |
| "http-compression": "^1.1.2", | ||
| "http-proxy": "^1.18.1", | ||
| "http-proxy-middleware": "^3.0.5", | ||
| "http-proxy-middleware": "^4.0.0-beta.2", | ||
| "ipaddr.js": "^2.3.0", |
There was a problem hiding this comment.
PR title/summary references upgrading http-proxy-middleware in @rsbuild/core, but the actual change here updates @rspack/dev-server’s devDependency. Please align the PR description/title with the package being changed to avoid confusion for reviewers and release notes.
| - `bypass` also allowed sending data; this can no longer be done. If you really need to do it, you’d have to create a new route in the proxy that sends the same data, or alternatively create a new route on the main server and, following the example above, send the data you wanted. | ||
|
|
||
| > Refer to the [http-proxy-middleware v3 migration guide](https://github.com/chimurai/http-proxy-middleware/blob/master/MIGRATION.md) for details. | ||
| > Refer to the [http-proxy-middleware v3 breaking changes](https://github.com/chimurai/http-proxy-middleware/blob/master/MIGRATION.md#v3-breaking-changes) for details. |
There was a problem hiding this comment.
This section is labeled as an upgrade to v4, but the reference link text and anchor still point to “v3 breaking changes”. Please update the link (and/or wording) to a v4-specific migration reference (e.g., the v4 beta release notes or a v4 migration section) so readers aren’t sent to the wrong version’s guidance.
| > Refer to the [http-proxy-middleware v3 breaking changes](https://github.com/chimurai/http-proxy-middleware/blob/master/MIGRATION.md#v3-breaking-changes) for details. | |
| > Refer to the [http-proxy-middleware v4 breaking changes](https://github.com/chimurai/http-proxy-middleware/blob/master/MIGRATION.md#v4-breaking-changes) for details. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 11e09d33a1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "http-compression": "^1.1.2", | ||
| "http-proxy": "^1.18.1", | ||
| "http-proxy-middleware": "^3.0.5", | ||
| "http-proxy-middleware": "^4.0.0-beta.2", |
There was a problem hiding this comment.
Bumping http-proxy-middleware to ^4.0.0-beta.2 introduces a transitive engine requirement of ^22.12.0 || >=24.0.0 (as reflected in pnpm-lock.yaml), which conflicts with this package’s advertised Node support (^20.19.0 || >=22.12.0 in package.json). In Node 20 environments that enforce engines (common in CI or strict package manager configs), installs will fail, and even non-strict installs put proxy behavior on an upstream-unsupported runtime; either keep v3 until Node 20 is dropped, or update this package’s engine/support policy at the same time.
Useful? React with 👍 / 👎.
Summary
http-proxy-middlewarein@rsbuild/corefrom^3.0.5to^4.0.0-beta.2, which brings in the upstreamhttpxyrefactor.Related Links
http-proxyw/httpxychimurai/http-proxy-middleware#1160