parse-server icon indicating copy to clipboard operation
parse-server copied to clipboard

Published 20 hours ago verified publisher icon parse-community

refactor: Upgrade express-rate-limit from 6.11.2 to 7.2.0

Open parseplatformorg opened this issue 1 year ago • 2 comments
trafficstars

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade express-rate-limit from 6.11.2 to 7.2.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2024-03-02.
Release notes
Package name: express-rate-limit
  • 7.2.0 - 2024-03-02

    You can view the changelog here.

  • 7.1.5 - 2023-11-27

    You can view the changelog here.

  • 7.1.4 - 2023-11-06

    You can view the changelog here.

  • 7.1.3 - 2023-10-26

    You can view the changelog here.

  • 7.1.2 - 2023-10-23

    You can view the changelog here.

  • 7.1.1 - 2023-10-09

    Misc

    You can view the full changelog here.

  • 7.1.0 - 2023-10-04

    You can view the changelog here.

  • 7.0.2 - 2023-09-26

    You can view the changelog here.

  • 7.0.1 - 2023-09-16

    You can view the changelog here.

  • 7.0.0 - 2023-09-12

    Breaking

    • Changed behavior when max is set to 0:
      • Previously, max: 0 was treated as a 'disable' flag and would allow all requests through.
      • Starting with v7, all requests will be blocked when max is set to 0.
      • To replicate the old behavior, use the skip function instead.
    • Renamed req.rateLimit.current to req.rateLimit.used.
      • current is now a hidden getter that will return the used value, but it will not appear when iterating over the keys or calling JSON.stringify().
    • Changed the minimum required Node version from v14 to v16.
      • express-rate-limit now targets es2022 in TypeScript/ESBuild.
    • Bumped TypeScript from v4 to v5 and dts-bundle-generator from v7 to v8.

    Deprecated

    • Removed the draft_polli_ratelimit_headers option (it was deprecated in v6).
      • Use standardHeaders: 'draft-6' instead.
    • Removed the onLimitReached option (it was deprecated in v6).
      • This is an example of how to replicate it's behavior with a custom handler option.

    Changed

    • The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
    • The limit configuration option is now prefered to max.
      • It still shows the same behavior, and max is still supported. The change was made to better align with terminology used in the IETF standard drafts.

    Added

    • The validate config option can now be an object with keys to enable or disable specific validation checks. For more information, see this.
  • 6.11.2 - 2023-09-12
from express-rate-limit GitHub release notes
Commit messages
Package name: express-rate-limit
  • f77addc 7.2.0
  • dc4f067 7.2.0 changelog
  • 5f6dc55 docs: add Configuration & Thank You sections to readme (#440)
  • be7fe9c Check for instance creation while handling a request (#438)
  • c252ae3 docs: improve store-related docs (#437)
  • 31fc799 docs: Create Data Stores documentation page (#433)
  • 2d4105e build(deps-dev): bump follow-redirects from 1.15.3 to 1.15.4 (#431)
  • d8a1cc2 Update overview.mdx sponsor link (#427)
  • 7df39f8 docs: resetKey example
  • 782773e 7.1.5
  • 3d7e112 7.1.5 changelog
  • eee94f1 fix: requestWasSuccessful async support (#426)
  • 7498834 docs: restore instance and request API docs
  • 1a7f986 fix: ci generation config of the url for changelog (#423)
  • c8ffbe4 chore: dependency bump
  • 3ea29e4 docs: current -> used & a note for express-slow-down users
  • 039b49d docs: fix broken anchor links for validate config option
  • cc25ef0 chore: add funding link to package.json
  • 8b68b5c chore: move changelog to docs folder/mintlify (#420)
  • c347de4 formatting
  • b818476 fix broken links in docs
  • 6f81e8e 7.1.4
  • 01ff7ca 7.1.4 changelog
  • 9d08a03 fix: Ratelimit headers empty while running on Bun v1.0.x #418 (#419)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

parseplatformorg avatar Mar 24 '24 17:03 parseplatformorg

I will reformat the title to use the proper commit message syntax.

parse-github-assistant[bot] avatar Mar 24 '24 17:03 parse-github-assistant[bot]

Thanks for opening this pull request!

  • ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

parse-github-assistant[bot] avatar Mar 24 '24 17:03 parse-github-assistant[bot]

already "express-rate-limit": "7.4.1" on alpha

Moumouls avatar Oct 23 '24 17:10 Moumouls