Skip to content

fix(deps): update dependency express-rate-limit to v7 #286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency express-rate-limit to v7 #286

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 17, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express-rate-limit 6.7.0 -> 7.5.1 age adoption passing confidence

Release Notes

express-rate-limit/express-rate-limit (express-rate-limit)

v7.5.1

Compare Source

You can view the changelog here.

v7.5.0

Compare Source

Added
  • Implemented the combined RateLimit header according to the eighth draft of the IETF RateLimit header specificiation. Enable by setting standardHeaders: 'draft-8'.
  • Added a new identifier option, used as the name for the quota policy in the draft-8 headers.
  • Added a new headersDraftVersion validation check to identifies cases where an unsupported version string is passed to the standardHeaders option.

You can view the full changelog here.

v7.4.1

Compare Source

Fixed
  • Made the passOnStoreError return after calling next() rather than continuing execution.

You can view the full changelog here.

v7.4.0

Compare Source

Added
  • Added passOnStoreError option to allow a way to "fail open" in the event of a backend error.

You can view the full changelog here.

v7.3.1

Compare Source

Fixed
  • Changed error displayed for the creationStack validation check when a store
    with localKeys set to false is used.
  • Improved documentation for the creationStack check.

You can view the full changelog here.

v7.3.0

Compare Source

Added
  • Added a new unsharedStore validation check that identifies cases where a
    single store instance is shared across multiple limiters.

You can view the full changelog here.

v7.2.0

Compare Source

Added
  • Added a new creationStack validation check that looks for instances created
    in a request handler.

You can view the full changelog here.

v7.1.5

Compare Source

Fixed
  • Enable async requestWasSuccessful methods to work as documented.

You can view the full changelog here.

v7.1.4

Compare Source

Fixed
  • Ensure header values are strings rather than numbers, for compatibility with
    Bun.

You can view the full changelog here.

v7.1.3

Compare Source

Changed
  • Loosened peer dependencies to explicitly allow the Express 5 beta. (See
    #​415)

You can view the full changelog here.

v7.1.2

Compare Source

Changed
  • Re-organized documentation from readme into docs/ folder and added
    documentation website.

You can view the full changelog here.

v7.1.1

Compare Source

Misc

You can view the full changelog here.

v7.1.0

Compare Source

Changed
  • The getKey method is now always defined. If the store does not have the
    required get method, getKey will throw an error explaining this.

You can view the full changelog here.

v7.0.2

Compare Source

Added
  • Added cluster-memory-store to the readme and made a couple of other minor
    clarifications.

You can view the full changelog here.

v7.0.1

Compare Source

Added
  • Added rate-limit-postgresql to the stores list in the readme.

You can view the full changelog here.

v7.0.0

Compare Source

Breaking
  • Changed behavior when max is set to 0:
    • Previously, max: 0 was treated as a 'disable' flag and would allow all requests through.
    • Starting with v7, all requests will be blocked when max is set to 0.
    • To replicate the old behavior, use the skip function instead.
  • Renamed req.rateLimit.current to req.rateLimit.used.
    • current is now a hidden getter that will return the used value, but it will not appear when iterating over the keys or calling JSON.stringify().
  • Changed the minimum required Node version from v14 to v16.
    • express-rate-limit now targets es2022 in TypeScript/ESBuild.
  • Bumped TypeScript from v4 to v5 and dts-bundle-generator from v7 to v8.
Deprecated
  • Removed the draft_polli_ratelimit_headers option (it was deprecated in v6).
    • Use standardHeaders: 'draft-6' instead.
  • Removed the onLimitReached option (it was deprecated in v6).
    • This is an example of how to replicate it's behavior with a custom handler option.
Changed
  • The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
  • The limit configuration option is now prefered to max.
    • It still shows the same behavior, and max is still supported. The change was made to better align with terminology used in the IETF standard drafts.
Added
  • The validate config option can now be an object with keys to enable or disable specific validation checks. For more information, see this.

v6.11.2

Compare Source

Fixed
  • Restored IncrementResponse TypeScript type (See #​397)

v6.11.1

Compare Source

Fixed
  • Check for prefixed keys when validating that the stores have single counted keys (See #​395).

v6.11.0

Compare Source

Added
  • Support for retrieving the current hit count and reset time for a given key from a store (See #​390).

v6.10.0

Compare Source

Added
  • Support for combined RateLimit header from the RateLimit header fields for HTTP standardization draft adopted by the IETF. Enable by setting standardHeaders: 'draft-7'
  • New standardHeaders: 'draft-6' option, treated equivalent to standardHeaders: true from previous releases. (true and false are still supported.)
  • New RateLimit-Policy header added when standardHeaders is set to 'draft-6', 'draft-7', or true
  • Warning when using deprecated draft_polli_ratelimit_headers option
  • Warning when using deprecated onLimitReached option
  • Warning when totalHits value returned from Store is invalid

v6.9.0

Compare Source

Added
  • New validaion check for double-counted requests
  • Added help link to each ValidationError, directing users to the appropriate wiki page for more info
Changed
  • Miscaleanous documenation improvements

You can view the full changelog here.

v6.8.1

Compare Source

Changed
  • Revert 6.7.1 change that bumped typescript from 5.x to 4.x and dts-bundle-generator from 8.x to 7.x (See #​360)

You can view the full changelog here.

v6.8.0

Compare Source

Added

You can view the changelog here.

v6.7.2

Compare Source

(Backport of v6.8.1)

You can view the full changelog here.

v6.7.1

Compare Source

Fixed
  • Fixed compatibility with TypeScript's TypeScript new node16 module
    resolution strategy (See
    #​355)
Changed
  • Bumped development dependencies.
  • Added node 20 to list of versions the CI jobs run on.

No functional changes.

You can view the changelog here.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Oct 17, 2023
@socket-security
Copy link

socket-security bot commented Oct 17, 2023
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedexpress-rate-limit@​6.7.0 ⏵ 7.5.1100 +110010088 +7100

View full report

@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch 2 times, most recently from fb532c9 to eb1f779 Compare October 27, 2023 16:31
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from eb1f779 to c1269a2 Compare November 7, 2023 17:16
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from c1269a2 to ad54c1f Compare November 28, 2023 20:47
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from ad54c1f to 131ef33 Compare March 4, 2024 00:59
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch 2 times, most recently from d4e765d to afb02fc Compare June 8, 2024 19:08
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from afb02fc to 87678a8 Compare July 24, 2024 18:51
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from 87678a8 to 2e829b8 Compare October 5, 2024 15:56
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from 2e829b8 to 14d1404 Compare December 16, 2024 06:55
@renovate renovate bot force-pushed the renovate_express-rate-limit-7.x branch from 14d1404 to 15b7a73 Compare June 22, 2025 06:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants