Skip to content

build(deps-dev): bump proxy from 4.0.0 to 4.1.0#5433

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/proxy-4.1.0
Jun 15, 2026
Merged

build(deps-dev): bump proxy from 4.0.0 to 4.1.0#5433
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/proxy-4.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps proxy from 4.0.0 to 4.1.0.

Release notes

Sourced from proxy's releases.

proxy@4.1.0

Minor Changes

  • 84e85ed: Add onProxyAuth callback and negotiate option for Kerberos/SPNEGO proxy authentication

    • Extract shared Negotiate/SPNEGO auth logic into new proxy-agent-negotiate package
    • Added optional onProxyAuth async callback to HttpsProxyAgent and HttpProxyAgent options
    • When the proxy responds with 407 Proxy-Authentication Required, the callback is invoked with the response and auth scheme
    • The callback returns headers (e.g. Proxy-Authorization) to retry the request with
    • Added negotiate: true option that uses the kerberos package for automatic Negotiate/SPNEGO auth
    • Added kerberos as an optional peer dependency of proxy-agent-negotiate
    • Extended the proxy test package to support authenticate: 'negotiate' mode for mock testing

Patch Changes

  • 31d7ef1: Reject URLs longer than 4096 characters with HTTP 414 to prevent potential DoS via excessively long inputs
  • 0f40077: Replace basic-auth-parser dependency with built-in implementation
Changelog

Sourced from proxy's changelog.

4.1.0

Minor Changes

  • 84e85ed: Add onProxyAuth callback and negotiate option for Kerberos/SPNEGO proxy authentication

    • Extract shared Negotiate/SPNEGO auth logic into new proxy-agent-negotiate package
    • Added optional onProxyAuth async callback to HttpsProxyAgent and HttpProxyAgent options
    • When the proxy responds with 407 Proxy-Authentication Required, the callback is invoked with the response and auth scheme
    • The callback returns headers (e.g. Proxy-Authorization) to retry the request with
    • Added negotiate: true option that uses the kerberos package for automatic Negotiate/SPNEGO auth
    • Added kerberos as an optional peer dependency of proxy-agent-negotiate
    • Extended the proxy test package to support authenticate: 'negotiate' mode for mock testing

Patch Changes

  • 31d7ef1: Reject URLs longer than 4096 characters with HTTP 414 to prevent potential DoS via excessively long inputs
  • 0f40077: Replace basic-auth-parser dependency with built-in implementation
Commits
  • 065d1ff Version Packages (#416)
  • 84e85ed feat: add onProxyAuth callback and Negotiate/Kerberos proxy auth support (#420)
  • 0f40077 fix(proxy): replace basic-auth-parser with built-in implementation (#418)
  • 31d7ef1 fix(proxy): reject excessively long URLs to prevent DoS (#417)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [proxy](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/proxy) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/TooTallNate/proxy-agents/releases)
- [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/proxy/CHANGELOG.md)
- [Commits](https://github.com/TooTallNate/proxy-agents/commits/proxy@4.1.0/packages/proxy)

---
updated-dependencies:
- dependency-name: proxy
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 15, 2026
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.36%. Comparing base (a0806e1) to head (7481b57).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #5433   +/-   ##
=======================================
  Coverage   93.36%   93.36%           
=======================================
  Files         110      110           
  Lines       36993    36993           
=======================================
  Hits        34537    34537           
  Misses       2456     2456           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions github-actions Bot merged commit 7ad3876 into main Jun 15, 2026
46 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/proxy-4.1.0 branch June 15, 2026 22:36
@github-actions github-actions Bot mentioned this pull request Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant