Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade express-rate-limit from 5.4.1 to 6.2.1 #392

Closed

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Mar 3, 2022

Snyk has created this PR to upgrade express-rate-limit from 5.4.1 to 6.2.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2022-02-10.
Release notes
Package name: express-rate-limit
  • 6.2.1 - 2022-02-10

    Fixed

    • Use the default value for an option when undefined is passed to the rate
      limiter.
  • 6.2.0 - 2022-01-22

    Added

    • Export the MemoryStore, so it can now be imported as a named import
      (import { MemoryStore } from 'express-rate-limit').

    Fixed

    • Deprecate the onLimitReached option (this was supposed to be deprecated in
      v6.0.0 itself); developers should use a custom handler function that checks if
      the rate limit has been exceeded instead.
  • 6.1.0 - 2022-01-12

    Added

    • Added a named export rateLimit in case the default import does not work.

    Fixed

    • Added a named export default, so Typescript CommonJS developers can default-import the library (import rateLimit from 'express-rate-limit').
  • 6.0.5 - 2022-01-06

    Fixed

    • Use named imports for ExpressJS types so users do not need to enable the esModuleInterop flag in their Typescript compiler configuration.
  • 6.0.4 - 2022-01-02

    Fixed

    • Upload the built package as a .tgz to GitHub releases.

    Changed

    • Add main and module fields to package.json. This helps tools such as ESLint that do not yet support the exports field.
    • Bumped the minimum node.js version in package-lock.json to match package.json
  • 6.0.3 - 2021-12-30

    Changed

  • 6.0.2 - 2021-12-30

    Fixed

    • Ensure CommonJS projects can import the module.

    Added

    • Add additional tests that test:
      • importing the library in js-cjs, js-esm, ts-cjs, ts-esm environments.
      • usage of the library with external stores (redis, mongo, memcached, precise).

    Changed

    • Use esbuild to generate ESM and CJS output. This reduces the size of the built package from 138 kb to 13kb and build time to 4 ms! 🚀
    • Use dts-bundle-generator to generate a single Typescript declaration file.
  • 6.0.1 - 2021-12-25

    Fixed

    • Ensure CommonJS projects can import the module.
  • 6.0.0 - 2021-12-24

    Added

    • express 4.x as a peer dependency.
    • Better Typescript support (the library was rewritten in Typescript).
    • Export the package as both ESM and CJS.
    • Publish the built package (.tgz file) on GitHub releases as well as the npm registry.
    • Issue and PR templates.
    • A contributing guide.
    • A changelog.

    Changed

    • Rename the draft_polli_ratelimit_headers option to standardHeaders.
    • Rename the headers option to legacyHeaders.
    • Retry-After header is now sent if either legacyHeaders or standardHeaders is set.
    • Allow keyGenerator to be an async function/return a promise.
    • Change the way custom stores are defined.
      • Add the init method for stores to set themselves up using options passed to the middleware.
      • Rename the incr method to increment.
      • Allow the increment, decrement, resetKey and resetAll methods to return a promise.
      • Old stores will automatically be promisified and used.
    • The package can now only be used with NodeJS version 12.9.0 or greater.
    • The onLimitReached configuration option is now deprecated. Replace it with a custom handler that checks the number of hits.

    Removed

    • Remove the deprecated limiter.resetIp method (use the limiter.resetKey method instead).
    • Remove the deprecated options delayMs, delayAfter (the delay functionality was moved to the express-slow-down package) and global (use a key generator that returns a constant value).
  • 5.5.1 - 2021-11-06

    5.5.1

  • 5.5.0 - 2021-10-12
  • 5.4.1 - 2021-10-05
from express-rate-limit GitHub release notes
Commit messages
Package name: express-rate-limit

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@Overtorment Overtorment temporarily deployed to lndhub-pipel-snyk-upgra-epyrqw March 3, 2022 18:20 Inactive
@Overtorment Overtorment closed this Mar 6, 2022
@Overtorment Overtorment deleted the snyk-upgrade-7ae91bd0a4d7e83e6575649334679ff8 branch March 6, 2022 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants