fix(deps): update dependency http-proxy-middleware to v3.0.5 [security] (#12059)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware)
| [`3.0.3` ->
`3.0.5`](https://renovatebot.com/diffs/npm/http-proxy-middleware/3.0.3/3.0.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/http-proxy-middleware/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/http-proxy-middleware/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/http-proxy-middleware/3.0.3/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/http-proxy-middleware/3.0.3/3.0.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

#### [CVE-2025-32996](https://nvd.nist.gov/vuln/detail/CVE-2025-32996)

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody
can be called twice because "else if" is not used.

#### [CVE-2025-32997](https://nvd.nist.gov/vuln/detail/CVE-2025-32997)

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5,
fixRequestBody proceeds even if bodyParser has failed.

---

### Release Notes

<details>
<summary>chimurai/http-proxy-middleware
(http-proxy-middleware)</summary>

###
[`v3.0.5`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v305)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.4...v3.0.5)

- fix(fixRequestBody): check readableLength
([#&#8203;1096](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1096))

###
[`v3.0.4`](https://redirect.github.com/chimurai/http-proxy-middleware/blob/HEAD/CHANGELOG.md#v304)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.3...v3.0.4)

- fix(fixRequestBody): handle invalid request
([#&#8203;1092](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1092))
- fix(fixRequestBody): prevent multiple .write() calls
([#&#8203;1089](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1089))
- fix(websocket): handle errors in handleUpgrade
([#&#8203;823](https://redirect.github.com/chimurai/http-proxy-middleware/pull/823))
- ci(package): patch http-proxy
([#&#8203;1084](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1084))
- fix(fixRequestBody): support multipart/form-data
([#&#8203;896](https://redirect.github.com/chimurai/http-proxy-middleware/pull/896))
- feat(types): export Plugin type
([#&#8203;1071](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1071))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/redwoodjs/graphql).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC42Mi4xIiwidXBkYXRlZEluVmVyIjoiNDAuNjIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Tobbe Lundberg <[email protected]>

Author: renovate[bot]

packages/vite/package.json

@@ -80,7 +80,7 @@
     "express": "4.21.2",
     "find-my-way": "8.2.2",
     "fs-extra": "11.2.0",
-    "http-proxy-middleware": "3.0.3",
+    "http-proxy-middleware": "3.0.5",
     "isbot": "5.1.21",
     "react": "19.0.0-rc-f2df5694-20240916",
     "react-server-dom-webpack": "19.0.0-rc-f2df5694-20240916",

yarn.lock

@@ -8890,7 +8890,7 @@ __metadata:
     find-my-way: "npm:8.2.2"
     fs-extra: "npm:11.2.0"
     glob: "npm:11.0.0"
-    http-proxy-middleware: "npm:3.0.3"
+    http-proxy-middleware: "npm:3.0.5"
     isbot: "npm:5.1.21"
     memfs: "npm:4.15.1"
     publint: "npm:0.2.12"
@@ -19298,17 +19298,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"http-proxy-middleware@npm:3.0.3":
-  version: 3.0.3
-  resolution: "http-proxy-middleware@npm:3.0.3"
+"http-proxy-middleware@npm:3.0.5":
+  version: 3.0.5
+  resolution: "http-proxy-middleware@npm:3.0.5"
   dependencies:
     "@types/http-proxy": "npm:^1.17.15"
     debug: "npm:^4.3.6"
     http-proxy: "npm:^1.18.1"
     is-glob: "npm:^4.0.3"
     is-plain-object: "npm:^5.0.0"
     micromatch: "npm:^4.0.8"
-  checksum: 10c0/c4d68a10d8d42f02e59f7dc8249c98d1ac03aecee177b42c2d8b6a0cb6b71c6688e759e5387f4cdb570150070ca1c6808b38010cbdf67f4500a2e75671a36e05
+  checksum: 10c0/89ff3c8fe65b22b8042a6173ae1b8f77c5171f7eecf3c8b5d6dcffe3c9d688acae7bcf498cc08d1525f566dc0781efaec4e2ddc49224b1f16f020de7987a446b
   languageName: node
   linkType: hard