Skip to content

[Snyk] Upgrade rate-limiter-flexible from 2.4.2 to 8.0.1 #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade rate-limiter-flexible from 2.4.2 to 8.0.1 #36

wants to merge 1 commit into from

Conversation

@RogueElectron
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade rate-limiter-flexible from 2.4.2 to 8.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 29 versions ahead of your current version.

  • The recommended version was released a month ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Release notes
Package name: rate-limiter-flexible
  • 8.0.1 - 2025-09-25

    • v8.0.0 [BREAKING CHANGES] RateLimiterQueueError import was changed in TypeScript projects.
      It should be imported from defaults now.

      import { RateLimiterQueueError } from "rate-limiter-flexible"

      TS definition for RateLimiterQueueError was moved to types.d.ts.

    • v8.0.1: index.d.ts file was moved outside of lib directory and renamed to types.d.ts.

    Thanks @ wildfluss and @ PaulAnnekov for help.

    💿

  • 8.0.0 - 2025-09-25

    V8 fix TS definition

  • 7.4.0 - 2025-09-24

    • In version 7.2.0 RateLimiterDrizzle limiter was added. Read about it on wiki
      Thanks @ Nayanchandrakar !

    • In version 7.3.0 disableIndexesCreation option added to RateLimiterMongo.

    • In version 7.3.1 conditional require of drizzle-orm was replaced with dynamic import to avoid issues with linters and tree-shakers.

    • In version 7.3.2 drizzle-orm lazy import is hidden behind function call and string concatenation to avoid unnecessary tree-shaking and statistical analysis in different bundlers.

    • In version 7.4.0 RateLimiterDrizzleNonAtomic was added. It doesn't guarantee precise events count under race conditions, but much faster than atomic limiter.

    💫

  • 7.3.2 - 2025-09-20

    325 fix Vite drizzle error

  • 7.3.1 - 2025-09-13

    • #323 drizzle dynamic import

    • 7.3.1

    • #323 do not depend on module type

    • #323 mocha include nested paths

  • 7.3.0 - 2025-09-05

    7.3.0

  • 7.2.0 - 2025-07-27

    7.2.0

  • 7.1.1 - 2025-05-18
    • RateLimiterRedis limiter checks if points value is an integer and throws a clear error otherwise. This helps to avoid mysterious errors provided by Lua script when consuming a floating-point number of points, e.g. 2.1.
      Thank you @ roggervalf

    🌞

  • 7.1.0 - 2025-04-28

    This is the first time we add atomic and non-atomic limiters for the same storage. Atomic increments are necessary to count sensitive things like incorrect password or PIN tries while non-atomic increments may be better (because they are faster) when exact count doesn't matter, e.g. to protect a service against DDoS attack.

    Thank you @ Tobias4872
    🍇

  • 7.0.0 - 2025-04-05

    What's Changed

    • feat: add RateLimiterValkeyGlide to support Valkey Glide @ avifenesh in #302 Thank you!
    • X-RateLimit-Reset header example was fixed. It should be Math.ceil((Date.now() + rateLimiterRes.msBeforeNext) / 1000). Thanks to @ Fdavidtr.
    • [BREAKING CHANGE] Node.js 18 support removed.

    New Contributors

    Full Changelog: v6.2.1...v7.0.0

    🐆

  • 6.2.1 - 2025-03-23
  • 6.2.0 - 2025-03-20
  • 6.1.0 - 2025-03-13
  • 6.0.0 - 2025-03-12
  • 5.0.5 - 2025-01-15
  • 5.0.4 - 2024-10-20
  • 5.0.3 - 2024-04-28
  • 5.0.2 - 2024-04-25
  • 5.0.1 - 2024-04-24
  • 5.0.0 - 2024-02-15
  • 4.0.1 - 2024-01-26
  • 4.0.0 - 2023-12-16
  • 3.0.6 - 2023-12-08
  • 3.0.5 - 2023-12-08
  • 3.0.4 - 2023-11-10
  • 3.0.3 - 2023-10-30
  • 3.0.2 - 2023-10-20
  • 3.0.1 - 2023-10-16
  • 3.0.0 - 2023-08-29
  • 2.4.2 - 2023-07-27
from rate-limiter-flexible GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade rate-limiter-flexible from 2.4.2 to 8.0.1
c065981 
Snyk has created this PR to upgrade rate-limiter-flexible from 2.4.2 to 8.0.1.

See this package in npm:
rate-limiter-flexible

See this project in Snyk:
https://app.snyk.io/org/anoosanoos12223/project/7e4a311e-5ce3-4610-844d-491876845074?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RogueElectron @snyk-bot