[Snyk] Upgrade express-rate-limit from 5.5.1 to 7.1.4

[suculent]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express-rate-limit from 5.5.1 to 7.1.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 32 versions ahead of your current version.
• The recommended version was released 2 days ago, on 2023-11-06.

Release notes

Package name: express-rate-limit

• 7.1.4 - 2023-11-06
  

  You can view the changelog here.

• 7.1.3 - 2023-10-26
  

  You can view the changelog here.

• 7.1.2 - 2023-10-23
  

  You can view the changelog here.

• 7.1.1 - 2023-10-09
  

  Misc

  • Enabled provenance statement generation, see https://github.com/express-rate-limit/express-rate-limit#406.

  ---

  You can view the full changelog here.

• 7.1.0 - 2023-10-04
  

  You can view the changelog here.

• 7.0.2 - 2023-09-26
  

  You can view the changelog here.

• 7.0.1 - 2023-09-16
  

  You can view the changelog here.

• 7.0.0 - 2023-09-12
  

  Breaking

  • Changed behavior when max is set to 0:
    • Previously, max: 0 was treated as a 'disable' flag and would allow all requests through.
    • Starting with v7, all requests will be blocked when max is set to 0.
    • To replicate the old behavior, use the skip function instead.
  • Renamed req.rateLimit.current to req.rateLimit.used.
    • current is now a hidden getter that will return the used value, but it will not appear when iterating over the keys or calling JSON.stringify().
  • Changed the minimum required Node version from v14 to v16.
    • express-rate-limit now targets es2022 in TypeScript/ESBuild.
  • Bumped TypeScript from v4 to v5 and dts-bundle-generator from v7 to v8.

  Deprecated

  • Removed the draft_polli_ratelimit_headers option (it was deprecated in v6).
    • Use standardHeaders: 'draft-6' instead.
  • Removed the onLimitReached option (it was deprecated in v6).
    • This is an example of how to replicate it's behavior with a custom handler option.

  Changed

  • The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
  • The limit configuration option is now prefered to max.
    • It still shows the same behavior, and max is still supported. The change was made to better align with terminology used in the IETF standard drafts.

  Added

  • The validate config option can now be an object with keys to enable or disable specific validation checks. For more information, see this.
• 6.11.2 - 2023-09-12
  

  Fixed

  • Restored IncrementResponse TypeScript type (See #397)
• 6.11.1 - 2023-09-10
  

  Fixed

  • Check for prefixed keys when validating that the stores have single counted keys (See #395).
• 6.11.0 - 2023-09-06
• 6.10.0 - 2023-08-30
• 6.9.0 - 2023-08-06
• 6.8.1 - 2023-07-27
• 6.8.0 - 2023-07-21
• 6.7.2 - 2023-07-27
• 6.7.1 - 2023-07-06
• 6.7.0 - 2022-11-15
• 6.6.0 - 2022-09-04
• 6.5.2 - 2022-08-24
• 6.5.1 - 2022-07-23
• 6.4.0 - 2022-04-24
• 6.3.0 - 2022-02-19
• 6.2.1 - 2022-02-10
• 6.2.0 - 2022-01-22
• 6.1.0 - 2022-01-12
• 6.0.5 - 2022-01-06
• 6.0.4 - 2022-01-02
• 6.0.3 - 2021-12-30
• 6.0.2 - 2021-12-30
• 6.0.1 - 2021-12-25
• 6.0.0 - 2021-12-24
• 5.5.1 - 2021-11-06

from express-rate-limit GitHub release notes

Commit messages

Package name: express-rate-limit

• 6f81e8e 7.1.4
• 01ff7ca 7.1.4 changelog
• 9d08a03 fix: Ratelimit headers empty while running on Bun v1.0.x Suport Docker Secrets in Swarm mode #418 (Bump ua-parser-js from 0.7.32 to 0.7.33 #419)
• 888e139 chore: npm pkg fix
• a5c66a6 7.1.3
• c4ca76c v7.1.3 changelog
• 2e88f24 chore: loosen peer dependencies (cleanup, testing new broker base image #416)
• 04a6f18 7.1.2
• 8a66816 7.1.2 changelog
• 5ce5b71 docs: minor tweaks ([Snyk] Fix for 4 vulnerabilities #413)
• 05f46ca Documentation edits made through Mintlify web editor
• 5354b0f chore: add npm run docs command, remove docs/ prefix from urls (Bump json5 from 2.2.1 to 2.2.3 #414)
• 13235ed docs: write more detailed docs in mdx (Bump decode-uri-component from 0.2.0 to 0.2.2 #411)
• a6c399a chore: upgrade external tests
• a33e45c fix: make sure `req.ip` is not undefined, at least for typescript
• f24a2aa chore: add `.npmrc` to external tests too
• d9e3327 chore: make dependencies exact
• b59337b chore: bump dependencies
• 0cb1e27 Merge branch 'devmarkai-arne/add_logo' (staging PR #409)
• 9186cc3 fix lint & rearrange
• 798edea add mintlify to readme
• 8e2a93e 7.1.1
• 5ad21b5 docs: changelog for v7.1.1
• db4e956 ci: enable provenance statement generation

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[ghost]

👇 Click on the image for a new way to code review

Legend