build(deps): bump the dependencies group with 17 updates

[dependabot]

Bumps the dependencies group with 17 updates:

Package	From	To
@apollo/server	4.13.0	5.5.0
@sentry/node	10.50.0	10.51.0
archiver	6.0.2	7.0.1
bullmq	5.76.3	5.76.4
date-fns	3.6.0	4.1.0
dotenv	16.6.1	17.4.2
express-rate-limit	7.5.1	8.4.1
node-vault	0.10.10	0.12.0
rate-limiter-flexible	4.0.1	11.0.1
redis	4.7.1	5.12.1
stripe	17.7.0	22.1.0
@opentelemetry/sdk-node	0.215.0	0.216.0
@opentelemetry/auto-instrumentations-node	0.73.0	0.74.0
@opentelemetry/exporter-trace-otlp-http	0.215.0	0.216.0
@opentelemetry/sdk-trace-base	2.7.0	2.7.1
@types/jest	29.5.14	30.0.0
commander	13.1.0	14.0.3

Updates @apollo/server from 4.13.0 to 5.5.0

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​5.5.0

Minor Changes

• #8191 ada1200 - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

Patch Changes

• Updated dependencies [ada1200]:
  • @​apollo/server@​5.5.0

@​apollo/server@​5.5.0

Minor Changes

• #8191 ada1200 Thanks @​glasser! - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

@​apollo/server-integration-testsuite@​5.4.0

Patch Changes

• Updated dependencies [d25a5bd]:
  • @​apollo/server@​5.4.0

@​apollo/server@​5.4.0

Minor Changes

• d25a5bd Thanks @​phryneas! - ⚠️ SECURITY @apollo/server/standalone:

... (truncated)

Changelog

Sourced from @​apollo/server's changelog.

5.5.0

Minor Changes

• #8191 ada1200 Thanks @​glasser! - ⚠️ SECURITY @apollo/server/standalone:

  Apollo Server now rejects GraphQL GET requests which contain a Content-Type header other than application/json (with optional parameters such as ; charset=utf-8). Any other value is now rejected with a 415 status code.

  (GraphQL GET requests without a Content-Type header are still allowed, though they do still need to contain a non-empty X-Apollo-Operation-Name or Apollo-Require-Preflight header to be processed if the default CSRF prevention feature is enabled.)

  This improvement makes Apollo Server's CSRF more resistant to browsers which implement CORS in non-spec-compliant ways. Apollo is aware of one browser which as of March 2026 has a bug which allows an attacker to circumvent Apollo Server's CSRF prevention feature to carry out read-only XS-Search-style CSRF attacks. The browser vendor is in the process of patching this vulnerability; upgrading Apollo Server to v5.5.0 mitigates this vulnerability.

  If your server uses cookies (or HTTP Basic Auth) for authentication, Apollo encourages you to upgrade to v5.5.0.

  This is technically a backwards-incompatible change. Apollo is not aware of any GraphQL clients which provide non-empty Content-Type headers with GET requests with types other than application/json. If your use case requires such requests, please file an issue and we may add more configurability in a follow-up release.

  See advisory GHSA-9q82-xgwf-vj6h for more details.

5.4.0

Minor Changes

• d25a5bd Thanks @​phryneas! - ⚠️ SECURITY @apollo/server/standalone:

  The default configuration of startStandaloneServer was vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.

  In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE). Any other character set will be rejected with a 415 Unsupported Media Type error. Note that the more recent JSON RFC, RFC 8259, is more strict and will only allow UTF-8. Since this is a minor release, we have chosen to remain compatible with the more permissive RFC 7159 for now. In a future major release, we may tighten this restriction further to only allow UTF-8.

  If you were not using startStandaloneServer, you were not affected by this vulnerability.

  Generally, please note that we provide startStandaloneServer as a convenience tool for quickly getting started with Apollo Server. For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.

5.3.0

Minor Changes

• #8062 8e54e58 Thanks @​cristunaranjo! - Allow configuration of graphql execution options (maxCoercionErrors)

  const server = new ApolloServer({
    typeDefs,
    resolvers,
    executionOptions: {
      maxCoercionErrors: 50,
    },

... (truncated)

Commits

• 64c0e1b Version Packages (#8192)
• ada1200 Reject GET requests with a Content-Type other than application/json (#8191)
• ad45d15 Version Packages (#8179)
• d25a5bd Merge commit from fork
• 443e547 fix repository urls
• 28d6d47 Version Packages (#8172)
• 26320bc feat: Allow configuration of graphql validation options #8014
• f2c16a7 bump dependency
• 8e54e58 feat: Allow configuration of graphql execution options(maxCoercionErrors)
• 7be3686 Version Packages (#8163)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​apollo/server since your current version.

Updates @sentry/node from 10.50.0 to 10.51.0

Release notes

Sourced from @​sentry/node's releases.

10.51.0

Important Changes

• feat(cloudflare): Add trace propagation for RPC method calls (#20343)

  Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects. This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:

  // Worker
  export default Sentry.withSentry(
    env => ({
      dsn: env.SENTRY_DSN,
      enableRpcTracePropagation: true,
    }),
    handler,
  );
  // Durable Object
  export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
  env => ({
  dsn: env.SENTRY_DSN,
  enableRpcTracePropagation: true,
  }),
  MyDurableObjectBase,
  );

• feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#20497)

  To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options. Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:

  // instrument.mjs (or instrument.ts)
  import * as Sentry from '@sentry/hono/node';
  Sentry.init({
  dsn: 'DSN',
  tracesSampleRate: 1.0,
  });

• feat(nitro): Add @sentry/nitro SDK (#19224)

  A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig. Read more in the Nitro SDK docs and the Nitro SDK readme.

Other Changes

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.51.0

Important Changes

• feat(cloudflare): Add trace propagation for RPC method calls (#20343)

  Trace context is now propagated across Cloudflare Workers RPC calls, connecting traces between Workers and Durable Objects. This feature is opt-in and requires setting enableRpcTracePropagation: true in your SDK configuration:

  // Worker
  export default Sentry.withSentry(
    env => ({
      dsn: env.SENTRY_DSN,
      enableRpcTracePropagation: true,
    }),
    handler,
  );
  // Durable Object
  export const MyDurableObject = Sentry.instrumentDurableObjectWithSentry(
  env => ({
  dsn: env.SENTRY_DSN,
  enableRpcTracePropagation: true,
  }),
  MyDurableObjectBase,
  );

• feat(hono)!: Change setup for @sentry/hono/node (init in external file) (#20497)

  To improve Node.js instrumentation, the sentry() middleware exported from @sentry/hono/node no longer accepts configuration options. Instead, you must configure the SDK by calling Sentry.init() in a dedicated instrumentation file that runs before your application code (read more in the Hono SDK readme:

  // instrument.mjs (or instrument.ts)
  import * as Sentry from '@sentry/hono/node';
  Sentry.init({
  dsn: 'DSN',
  tracesSampleRate: 1.0,
  });

• feat(nitro): Add @sentry/nitro SDK (#19224)

  A new @sentry/nitro package provides first-class Sentry support for Nitro applications, with HTTP handler and error instrumentation, middleware tracing, request isolation, and build-time source map uploading via withSentryConfig. Read more in the Nitro SDK docs and the Nitro SDK readme.

Other Changes

... (truncated)

Commits

• dc0b839 release: 10.51.0
• b3cabee Merge pull request #20599 from getsentry/prepare-release/10.51.0
• 3be99a9 meta(changelog): Update changelog for 10.51.0
• bea1aad test(browser): Unflake some more tests (#20591)
• 50aa085 test(node): Unflake postgres tests (#20593)
• 1166839 fix(hono): Distinguish .use() middleware in sub-apps from .all() handlers...
• 217ad4a test(node): Fix flaky ANR test (#20592)
• 91ffb3f test(node): Fix flaky worker thread integration test (#20588)
• c4e3902 chore(ci): Do not report flaky test issues if we cannot find a test name (#20...
• c0005cd test(node): Update timeout for cron integration tests (#20586)
• Additional commits viewable in compare view

Updates archiver from 6.0.2 to 7.0.1

Release notes

Sourced from archiver's releases.

7.0.1

What’s changed

Maintenance

• Add test for stream-like sources @​ctalkington (#745)

Dependency updates

• Update dependency clsx to v2 @​renovate (#694)
• Update react monorepo to v17 (major) @​renovate (#703)
• Update docusaurus monorepo to v3 (major) @​renovate (#739)
• Update dependency @​mdx-js/react to v3 @​renovate (#737)
• Update react monorepo to v18 (major) @​renovate (#704)
• Update dependency yauzl to v3.1.2 @​renovate (#741)
• Lock file maintenance @​renovate (#740)
• Update dependency zip-stream to v6.0.1 @​renovate (#747)
• Update dependency archiver-utils to v5.0.2 @​renovate (#746)
• Lock file maintenance @​renovate (#748)

7.0.0

What’s changed

Breaking changes

• Drop support for node v12 @​ctalkington (#735)

Dependency updates

• Update dependency tar-stream to v3.1.7 @​renovate (#731)
• Update dependency buffer-crc32 to v1 @​renovate (#732)
• Update dependency zip-stream to v6 @​renovate (#734)
• Update dependency archiver-utils to v5 @​renovate (#730)
• Update docusaurus monorepo to v2.4.3 @​renovate (#713)
• Update dependency rimraf to v5 @​renovate (#693)
• Update dependency mocha to v10 @​renovate (#692)
• Update dependency readable-stream to v4 @​renovate (#695)
• Update dependency yauzl to v3 @​renovate (#733)
• Lock file maintenance @​renovate (#736)

Changelog

Sourced from archiver's changelog.

Changelog

8.0.0 - October 17, 2024 — Diff

7.0.1 - March 9, 2024 — Diff

7.0.0 - February 28, 2024 — Diff

6.0.2 - February 27, 2024 — Diff

6.0.1 - September 3, 2023 — Diff

6.0.0 - August 17, 2023 — Diff

Release Archive

Commits

• 0e0e9ce bump version for release
• b4d6479 Update CHANGELOG.md
• 6a5dccb Lock file maintenance (#748)
• fdac04c Add test for stream-like sources (#745)
• f48db1a Update dependency archiver-utils to v5.0.2 (#746)
• 47ac201 Update dependency zip-stream to v6.0.1 (#747)
• 3377539 Lock file maintenance (#740)
• be09d12 Update dependency yauzl to v3.1.2 (#741)
• 2050cfa Update react monorepo to v18 (#704)
• 8b60a10 Update dependency @​mdx-js/react to v3 (#737)
• Additional commits viewable in compare view

Updates bullmq from 5.76.3 to 5.76.4

Release notes

Sourced from bullmq's releases.

v5.76.4

5.76.4 (2026-04-29)

Bug Fixes

• flow-producer: surface ParentJobNotExist errors from add() (#3264) (#4058) (7ed0eec)

Commits

• 7ed0eec fix(flow-producer): surface ParentJobNotExist errors from add() (#3264) (#4058)
• 9ce87eb chore(release): vpy2.24.0 (#4126)
• 029aea3 chore(release): 5.76.3 (#4125)
• 4ca9c27 feat(connection): add return type hints to RedisConnection methods [python] (...
• See full diff in compare view

Updates date-fns from 3.6.0 to 4.1.0

Release notes

Sourced from date-fns's releases.

v4.1.0

This release adds time zone support to format functions (that I somehow missed when working on the feature) and fixes a few bugs.

Make sure also upgrade TZDate to v1.0.2 as it includes a bunch of critical bug fixes.

Fixed

• Fixed internal constructFrom throwing an exception on null arguments. While null isn't allowed, the functions should rather return Invalid Date or NaN in such cases. See #3885.

Added

• Added missing time zone support to format, formatISO, formatISO9075, formatRelative and formatRFC3339. See #3886.

v4.0.0

I have great news! First, ten years after its release, date-fns finally gets first-class time zone support.

Another great news is that there aren't many breaking changes in this release. All of them are type-related and will affect only those explicitly using internal date-fns types. Finally, it has been less than a year since the last major release, which is an improvement over the previous four years between v2 and v3. I plan on keeping the pace and minimizing breaking changes moving forward.

Read more about the release in the announcement blog post.

- Sasha @​kossnocorp

Added

• Added time zones support via @date-fns/tz's TZDate class and tz helper function. See its README for the details about the API.

• All relevant functions now accept the context in option, which allows to specify the time zone to make the calculations in. If the function also returns a date, it will be in the specified time zone:

  import { addDays, startOfDay } from "date-fns";
  import { tz } from "@date-fns/tz";
  startOfDay(addDays(Date.now(), 5, { in: tz("Asia/Singapore") }));
  //=> "2024-09-16T00:00:00.000+08:00"

  In the example, addDays will get the current date and time in Singapore and add 5 days to it. startOfDay will inherit the date type and return the start of the day in Singapore.

Changed

• The function arguments, as well as Interval's start and end, now can be of different types, allowing you to mix UTCDate, TZDate, Date, and other extensions, as well as primitives (strings and numbers).

  The functions will normalize these values, make calculations, and return the result in the same type, preventing any bugs caused by the discrepancy. If passed, the type will be inferred from the context in option or the first encountered argument object type. The Interval's start and end will be considered separately, starting from start.

  In the given example, the result will be in the TZDate as the first argument is a number, and the start takes precedence over the end.

  clamp(Date.now(), {
    start: new TZDate(start, "Asia/Singapore"),
    end: new UTCDate(),

... (truncated)

Changelog

Sourced from date-fns's changelog.

v4.1.0 - 2024-09-17

This release adds time zone support to format functions (that I somehow missed when working on the feature) and fixes a few bugs.

Make sure also upgrade TZDate to v1.0.2 as it includes a bunch of critical bug fixes.

Fixed

• Fixed internal constructFrom throwing an exception on null arguments. While null isn't allowed, the functions should rather return Invalid Date or NaN in such cases. See #3885.

Added

• Added missing time zone support to format, formatISO, formatISO9075, formatRelative and formatRFC3339. See #3886.

v4.0.0 - 2024-09-16

I have great news! First, ten years after its release, date-fns finally gets first-class time zone support.

Another great news is that there aren't many breaking changes in this release. All of them are type-related and will affect only those explicitly using internal date-fns types. Finally, it has been less than a year since the last major release, which is an improvement over the previous four years between v2 and v3. I plan on keeping the pace and minimizing breaking changes moving forward.

Read more about the release in the announcement blog post.

- Sasha @​kossnocorp

Added

• Added time zones support via @date-fns/tz's TZDate class and tz helper function. See its README for the details about the API.

• All relevant functions now accept the context in option, which allows to specify the time zone to make the calculations in. If the function also returns a date, it will be in the specified time zone:

  import { addDays, startOfDay } from "date-fns";
  import { tz } from "@date-fns/tz";
  startOfDay(addDays(Date.now(), 5, { in: tz("Asia/Singapore") }));
  //=> "2024-09-16T00:00:00.000+08:00"

  In the example, addDays will get the current date and time in Singapore and add 5 days to it. startOfDay will inherit the date type and return the start of the day in Singapore.

Changed

• The function arguments, as well as Interval's start and end, now can be of different types, allowing you to mix UTCDate, TZDate, Date, and other extensions, as well as primitives (strings and numbers).

  The functions will normalize these values, make calculations, and return the result in the same type, preventing any bugs caused by the discrepancy. If passed, the type will be inferred from the context in option or the first encountered argument object type. The Interval's start and end will be considered separately, starting from start.

  In the given example, the result will be in the TZDate as the first argument is a number, and the start takes precedence over the end.

  clamp(Date.now(), {

... (truncated)

Commits

• 313b902 Fix v4.1.0 change log entry
• 26cd336 Promote to v4.1.0
• 97b53b9 Cover time zone edge cases
• 59b7563 Add missing time zone support to format, formatISO, formatISO9075, formatRela...
• 0121164 Prevent constructFrom from throwing an error on null
• bd87ef5 Update @​date-fns/docs
• 99b4e67 Prepare v4.0
• 8df1706 Rewrite the time zones doc
• e351977 Promote to v4.0.0-beta.1
• 8523656 Fix scripts/test/types.sh
• Additional commits viewable in compare view

Updates dotenv from 16.6.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

... (truncated)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates express-rate-limit from 7.5.1 to 8.4.1

Release notes

Sourced from express-rate-limit's releases.

v8.4.1

You can view the changelog here.

v8.4.0

You can view the changelog here.

v8.3.2

You can view the changelog here.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

Commits

• 69568d4 8.4.1
• c686acd v8.4.1 changelog
• ba71353 test: bump timeout in flakey skipFailedRequests test (#618)
• dd4c894 feat: allow usage of custom logger (#616)
• 2bb343c resolve Jest timeout for server-based tests (#617)
• c4dbb42 8.3.2
• 8f1cc66 v8.3.2 changelog
• 601b87f Fix skipFailedRequests for for connections that close very early (#611)
• 014c2f3 chore(deps-dev): bump the development-dependencies group with 6 updates (#612)
• 4e8b18b Remove Zuplo sponsorship details from README (#613)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-rate-limit since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates node-vault from 0.10.10 to 0.12.0

Commits

• c62849a Merge pull request #294 from nodevault/aviadhahami-patch-1
• c6d577b Bump version from 0.11.1 to 0.12.0
• 8952580 Merge pull request #293 from nodevault/copilot/add-support-for-kv-v2-destroy-...
• a5b1efc Merge branch 'master' into copilot/add-support-for-kv-v2-destroy-command
• 7ad67a9 Merge pull request #292 from nodevault/copilot/add-dynamic-credentials-support
• c392917 Address code review: add empty string leaseId test, improve test comments
• b4b44b6 Add dynamic credential management: token and lease auto-renewal with EventEmi...
• 9a0d56b Add KV v2 destroySecretVersions command
• bc6a973 Initial plan
• 8120dc4 Initial plan
• Additional commits viewable in compare view

Updates rate-limiter-flexible from 4.0.1 to 11.0.1

Release notes

Sourced from rate-limiter-flexible's releases.

Fix msBeforeNext delayed response

What's Changed

• #113 fix RateLimiterQueue delay for limiters with execEvenly flag set to true by @​animir in animir/node-rate-limiter-flexible#359
• Update dev deps to latest minor versions by @​animir in animir/node-rate-limiter-flexible#358

Full Changelog: animir/node-rate-limiter-flexible@v11.0.0...v11.0.1

👀

Wrappers don't require points and duration options

What's Changed

• #356 fix do not require points and duration options in wrappers by @​animir in animir/node-rate-limiter-flexible#357
• RateLimiterCompatibleAbstract lightweight base class for custom wrappers Added a minimal abstract class that defines the core interface (consume, get, set, delete, penalty, reward, block, getKey) without requiring the full RateLimiterAbstract implementation. This makes it easy to build custom wrappers that work seamlessly with RateLimiterUnion, RLWrapperTimeouts, and insurance limiters.
• Fixed RateLimiterStoreAbstract.set() incorrectly calling _block instead of _set
• Fixed key parsing when keyPrefix is empty

[BREAKING CHANGES] RLWrapperBlackAndWhite now extends RateLimiterCompatibleAbstract, and all union/wrapper/insurance classes accept both abstract types via a new isRateLimiterCompatible helper.

⏲️

Full Changelog: animir/node-rate-limiter-flexible@v10.0.1...v11.0.0

AI docs fix

Full Changelog: animir/node-rate-limiter-flexible@v10.0.0...v10.0.1

Require points and duration opts

What's Changed

[BREAKING CHANGES]

• Require points and duration options by @​animir in animir/node-rate-limiter-flexible#354

  No default values are set for points and duration options starting from v10. Negative points will not be replaced by default points value 4. Validation rules apply.

  Error is thrown during limiter creation if points or duration is invalid:

  1. points must be number.

     Any limiter accepts negative points as valid option starting from v10. If you migrate from older version, be careful: If in your code points option is set to negative value and that works for your project now then you should review the logic in your project. After update to version 10, negative points value will not be replaced by 4 by default as it was prior to version 10.

     When your limiter has negative or zero points consume method call is always rejected since there is always not enough points to consume. You can set points to negative and play with reward and consume calls, that could be useful sometimes.

  2. duration must be non-negative number >= 0. Error is thrown during limiter creation if duration option has invalid value.

  Requiring points and duration seems logical for security package. We don't want our apps working not as we expect even if there is no security threat. This update removes uncertaincy about negative duration and zero points.

[OTHER UPDATES]

• Faster memory limiter and block mechanism by @​animir in animir/node-rate-limiter-flexible#355

  Internal memory storage implementation refactored for Map with timestamps instead of Date objects.

... (truncated)

Commits

• a98a3ff 11.0.1
• 3b6b656 #113 fix queue delay with exec evenly flag (#359)
• 0df6f6c Merge pull request #358 from animir/update-to-minor
• 21a763c update dev deps to latest minor versions
• fa74290 add link to Wiki
• 7a24183 11.0.0
• 16bd23a Merge pull request #357 from animir/#356-fix-wrappers-require-opts
• a5e3ce7 #356 fix options forwarding to inner limiter, tests
• 8ade78c #356 fix flaky tests
• ac8c5c5 #356 fix tests
• Additional commits viewable in compare view

Updates redis from 4.7.1 to 5.12.1

Release notes

Sourced from redis's releases.

redis@5.12.0

✨ What's Changed

🚀 Features

• feat: expose sendCommand on multi for all clients by @​nkaradzhov in redis/node-redis#3181
• feat(sentinel): add sSubscribe/sUnsubscribe methods to Sentinel client by @​nkaradzhov in redis/node-redis#3178

🐛 Fixes

• fix(search): correct INDEXMISSING placement by @​nkaradzhov in redis/node-redis#3179
• Pool fixes by @​nkaradzhov in redis/node-redis#3182
• fix(search): use @redis/client dist imports in CREATE command by @​PavelPashov in redis/node-redis#3187
• fix(sentinel): preserve root seeds for outage recovery by @​nkaradzhov in redis/node-redis#3188
• fix: fallthrough bug in transformDoubleReply by @​rhymincymon in