Skip to content

chore(deps): bump express-rate-limit from 7.5.1 to 8.5.2#8004

Merged
Miodec merged 1 commit into
masterfrom
dependabot/npm_and_yarn/express-rate-limit-8.5.2
Jun 2, 2026
Merged

chore(deps): bump express-rate-limit from 7.5.1 to 8.5.2#8004
Miodec merged 1 commit into
masterfrom
dependabot/npm_and_yarn/express-rate-limit-8.5.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps express-rate-limit from 7.5.1 to 8.5.2.

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

v8.4.1

You can view the changelog here.

v8.4.0

You can view the changelog here.

v8.3.2

You can view the changelog here.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

Commits
  • 9774693 8.5.2
  • 0e94cc0 v8.5.2 changelog
  • 9a583c5 feat: simplify IPv6 key generation (#633)
  • 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
  • 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
  • 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
  • dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
  • 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
  • 50cc3f6 8.5.1
  • 92c8e3e chore: bump ip-address library to latest (#626)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-rate-limit since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 22, 2026
@monkeytypegeorge monkeytypegeorge added the backend Server stuff label May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/express-rate-limit-8.5.2 branch 6 times, most recently from 3976600 to 0f13d42 Compare June 2, 2026 09:26
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 2, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​mjml@​4.7.41001005783100
Added@​types/​damerau-levenshtein@​1.0.2951006679100
Added@​types/​subset-font@​1.4.3671007382100
Added@​types/​uuid@​10.0.01001007081100
Added@​types/​readline-sync@​1.4.81001007080100
Added@​tanstack/​solid-hotkeys-devtools@​0.6.6701009999100
Added@​tanstack/​solid-query-devtools@​5.100.38310070100100
Added@​types/​throttle-debounce@​5.0.21001007080100
Added@​tanstack/​solid-db@​0.2.21771007199100
Added@​types/​express@​5.0.31001007184100
Added@​types/​object-hash@​3.0.61001007180100
Added@​types/​cron@​1.7.31001007180100
Added@​types/​supertest@​6.0.31001007181100
Added@​types/​ua-parser-js@​0.7.361001007180100
Added@​types/​bcrypt@​5.0.21001007281100
Added@​sentry/​browser@​10.44.0721009196100
Added@​types/​swagger-stats@​0.95.11871007380100
Added@​tanstack/​solid-table@​8.21.3921007398100
Added@​types/​howler@​2.2.71001007380100
Added@​tanstack/​query-db-collection@​1.0.381001007399100
Added@​types/​mustache@​4.2.21001007480100
Added@​types/​chartjs-plugin-trendline@​1.0.1881007476100
Added@​tanstack/​eslint-plugin-query@​5.100.310010075100100
Addedballoon-css@​1.2.09710010075100
Added@​storybook/​addon-vitest@​10.2.169910076100100
Added@​types/​ioredis@​4.28.101001007680100
Added@​types/​nodemailer@​6.4.151001007689100
Added@​redocly/​cli@​2.24.177100100100100
Added@​tanstack/​solid-devtools@​0.8.2771008597100
Added@​tanstack/​solid-hotkeys@​0.10.07710010099100
Added@​storybook/​addon-a11y@​10.2.1610010078100100
Added@​oxlint/​plugins@​1.43.0781009986100
Added@​vitest/​browser@​4.1.6961007999100
See 27 more rows in the dashboard

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 2, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Vitest browser mode serves unsanitized otelCarrier query parameter as inline script in npm @vitest/browser

CVE: GHSA-2h32-95rg-cppp Vitest browser mode serves unsanitized otelCarrier query parameter as inline script (CRITICAL)

Affected versions: >= 4.0.17 < 4.1.6; >= 5.0.0-beta.0 < 5.0.0-beta.3

Patched version: 4.1.6

From: pnpm-lock.yamlnpm/@vitest/browser-playwright@4.0.18npm/@vitest/browser@4.0.18

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@vitest/browser@4.0.18. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/express-rate-limit-8.5.2 branch 2 times, most recently from c376297 to 0887f8f Compare June 2, 2026 17:52
@dependabot
chore(deps): bump express-rate-limit from 7.5.1 to 8.5.2
1a1cb35 
Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 7.5.1 to 8.5.2.
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](express-rate-limit/express-rate-limit@v7.5.1...v8.5.2)

---
updated-dependencies:
- dependency-name: express-rate-limit
  dependency-version: 8.5.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/express-rate-limit-8.5.2 branch from 0887f8f to 1a1cb35 Compare June 2, 2026 18:10
@Miodec Miodec merged commit e0019c3 into master Jun 2, 2026
15 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/express-rate-limit-8.5.2 branch June 2, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend Server stuff dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Miodec @monkeytypegeorge