Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade express-rate-limit from 5.4.1 to 6.3.0 #400

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade express-rate-limit from 5.4.1 to 6.3.0 #400

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade express-rate-limit from 5.4.1 to 6.3.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2022-02-19.
Release notes
Package name: express-rate-limit
  • 6.3.0 - 2022-02-19

    Changed

    • Changes the build target to es2019 so that ESBuild outputs code that can run with Node 12.
    • Changes the minimum required Node version to 12.9.0.
  • 6.2.1 - 2022-02-10

    Fixed

    • Use the default value for an option when undefined is passed to the rate
      limiter.
  • 6.2.0 - 2022-01-22

    Added

    • Export the MemoryStore, so it can now be imported as a named import
      (import { MemoryStore } from 'express-rate-limit').

    Fixed

    • Deprecate the onLimitReached option (this was supposed to be deprecated in
      v6.0.0 itself); developers should use a custom handler function that checks if
      the rate limit has been exceeded instead.
  • 6.1.0 - 2022-01-12

    Added

    • Added a named export rateLimit in case the default import does not work.

    Fixed

    • Added a named export default, so Typescript CommonJS developers can default-import the library (import rateLimit from 'express-rate-limit').
  • 6.0.5 - 2022-01-06

    Fixed

    • Use named imports for ExpressJS types so users do not need to enable the esModuleInterop flag in their Typescript compiler configuration.
  • 6.0.4 - 2022-01-02

    Fixed

    • Upload the built package as a .tgz to GitHub releases.

    Changed

    • Add main and module fields to package.json. This helps tools such as ESLint that do not yet support the exports field.
    • Bumped the minimum node.js version in package-lock.json to match package.json
  • 6.0.3 - 2021-12-30

    Changed

  • 6.0.2 - 2021-12-30

    Fixed

    • Ensure CommonJS projects can import the module.

    Added

    • Add additional tests that test:
      • importing the library in js-cjs, js-esm, ts-cjs, ts-esm environments.
      • usage of the library with external stores (redis, mongo, memcached, precise).

    Changed

    • Use esbuild to generate ESM and CJS output. This reduces the size of the built package from 138 kb to 13kb and build time to 4 ms! 🚀
    • Use dts-bundle-generator to generate a single Typescript declaration file.
  • 6.0.1 - 2021-12-25

    Fixed

    • Ensure CommonJS projects can import the module.
  • 6.0.0 - 2021-12-24

    Added

    • express 4.x as a peer dependency.
    • Better Typescript support (the library was rewritten in Typescript).
    • Export the package as both ESM and CJS.
    • Publish the built package (.tgz file) on GitHub releases as well as the npm registry.
    • Issue and PR templates.
    • A contributing guide.
    • A changelog.

    Changed

    • Rename the draft_polli_ratelimit_headers option to standardHeaders.
    • Rename the headers option to legacyHeaders.
    • Retry-After header is now sent if either legacyHeaders or standardHeaders is set.
    • Allow keyGenerator to be an async function/return a promise.
    • Change the way custom stores are defined.
      • Add the init method for stores to set themselves up using options passed to the middleware.
      • Rename the incr method to increment.
      • Allow the increment, decrement, resetKey and resetAll methods to return a promise.
      • Old stores will automatically be promisified and used.
    • The package can now only be used with NodeJS version 12.9.0 or greater.
    • The onLimitReached configuration option is now deprecated. Replace it with a custom handler that checks the number of hits.

    Removed

    • Remove the deprecated limiter.resetIp method (use the limiter.resetKey method instead).
    • Remove the deprecated options delayMs, delayAfter (the delay functionality was moved to the express-slow-down package) and global (use a key generator that returns a constant value).
  • 5.5.1 - 2021-11-06
  • 5.5.0 - 2021-10-12
  • 5.4.1 - 2021-10-05
from express-rate-limit GitHub release notes
Commit messages
Package name: express-rate-limit

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@Overtorment Overtorment temporarily deployed to lndhub-pipel-snyk-upgra-gu56yi March 12, 2022 16:59 Inactive
@Overtorment Overtorment deleted the snyk-upgrade-a83132bcf19f0e38279f922b90934637 branch March 13, 2022 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @Overtorment