Update dependency express-rate-limit to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express-rate-limit	^5.4.1 -> ^7.0.0

---

Release Notes

express-rate-limit/express-rate-limit (express-rate-limit)

v7.2.0

Compare Source

You can view the changelog here.

v7.1.5

Compare Source

You can view the changelog here.

v7.1.4

Compare Source

You can view the changelog here.

v7.1.3

Compare Source

You can view the changelog here.

v7.1.2

Compare Source

Changed

• Re-organized documentation from readme into docs/ folder and added
  documentation website.

v7.1.1

Compare Source

Misc

• Enabled provenance statement generation, see https://github.com/express-rate-limit/express-rate-limit#406.

---

You can view the full changelog here.

v7.1.0

Compare Source

Changed

• The getKey method is now always defined. If the store does not have the
  required get method, getKey will throw an error explaining this.

v7.0.2

Compare Source

Added

• Added cluster-memory-store to the readme and made a couple of other minor
  clarifications.

v7.0.1

Compare Source

You can view the changelog here.

v7.0.0

Compare Source

Breaking

• Changed behavior when max is set to 0:
  • Previously, max: 0 was treated as a 'disable' flag and would allow all
    requests through.
  • Starting with v7, all requests will be blocked when max is set to 0.
  • To replicate the old behavior, use the
    skip
    function instead.
• Renamed req.rateLimit.current to req.rateLimit.used.
  • current is now a hidden getter that will return the used value, but it
    will not appear when iterating over the keys or calling JSON.stringify().
• Changed the minimum required Node version from v14 to v16.
  • express-rate-limit now targets es2022 in TypeScript/ESBuild.
• Bumped TypeScript from v4 to v5 and dts-bundle-generator from v7 to v8.

Deprecated

• Removed the draft_polli_ratelimit_headers option (it was deprecated in v6).
  • Use standardHeaders: 'draft-6' instead.
• Removed the onLimitReached option (it was deprecated in v6).
  • This
    is an example of how to replicate it's behavior with a custom handler
    option.

Changed

• The MemoryStore now uses precise, per-user reset times rather than a global
  window that resets all users at once.
• The limit configuration option is now prefered to max.
  • It still shows the same behavior, and max is still supported. The change
    was made to better align with terminology used in the IETF standard drafts.

Added

• The validate config option can now be an object with keys to enable or
  disable specific validation checks. For more information, see
  this.

v6.11.2

Compare Source

Fixed

• Restored IncrementResponse TypeScript type (See
  #​397)

v6.11.1

Compare Source

Fixed

• Check for prefixed keys when validating that the stores have single counted
  keys (See
  #​395).

v6.11.0

Compare Source

Added

• Support for retrieving the current hit count and reset time for a given key
  from a store (See
  #​390).

v6.10.0

Compare Source

Added

• Support for combined RateLimit header from the
  RateLimit header fields for HTTP standardization draft
  adopted by the IETF. Enable by setting standardHeaders: 'draft-7'.
• New standardHeaders: 'draft-6' option, treated equivalent to
  standardHeaders: true from previous releases. Note that true and false
  are still supported.
• New RateLimit-Policy header added when standardHeaders is set to
  'draft-6', 'draft-7', or true.
• Warning when using deprecated draft_polli_ratelimit_headers option.
• Warning when using deprecated onLimitReached option.
• Warning when totalHits value returned from Store is invalid.

v6.9.0

Compare Source

Added

• New validaion check for double-counted requests.
• Added help link to each validation error, directing users to the appropriate
  wiki page for more info.

Changed

• Miscellaneous documenation improvements.

v6.8.1

Compare Source

Changed

• Revert 6.7.1 change that bumped typescript from 5.x to 4.x and
  dts-bundle-generator from 8.x to 7.x (See
  #​360).

v6.8.0

Compare Source

Added

• Added a set of validation checks that will log an error if failed. See
  https://github.com/express-rate-limit/express-rate-limit/wiki/Error-Codes for
  a list of potential errors. Can be disabled by setting validate: false in
  the configuration. Automatically disables after the first request. (See
  #​358).

v6.7.2

Compare Source

Changed

• Revert 6.7.1 change that bumped typescript from 5.x to 4.x and
  dts-bundle-generator from 8.x to 7.x (See
  #​360).

v6.7.1

Compare Source

Fixed

• Fixed compatibility with TypeScript's TypeScript new node16 module
  resolution strategy (See
  #​355).

Changed

• Bumped development dependencies
  • This initially include bumping typescript from 4.x to 5.x and
    dts-bundle-generator from 7.x to 8.x
• Added node 20 to list of versions the CI jobs run on.

No functional changes.

v6.7.0

Compare Source

Changed

• Updated links to point to the new express-rate-limit organization on GitHub.
• Added advertisement to readme.md for project sponsor
  Zuplo.
• Updated to typescript version 5 and bumped other dependencies.
• Dropped node 12, and added node 19 to the list of versions the CI jobs run
  on.

No functional changes.

v6.6.0

Compare Source

Added

• Added shutdown method to the Store interface and the MemoryStore.

v6.5.2

Compare Source

Fixed

• Fixed an issue with missing types in ESM monorepos. (#​321)

You can view the changelog here.

v6.5.1

Compare Source

Changed

• The message option can now be a (sync/asynx) function that returns a value (#​311)
• Updated all dependencies

v6.4.0

Compare Source

Added

• Adds Express 5 (5.0.0-beta.1) as a supported peer dependency (#​304)

Changed

• Tests are now run on Node 12, 14, 16 and 18 on CI (#​305)
• Updated all development dependencies (#​306)

v6.3.0

Compare Source

Changed

• Changes the build target to es2019 so that ESBuild outputs code that can run with Node 12.
• Changes the minimum required Node version to 12.9.0.

v6.2.1

Compare Source

Fixed

• Use the default value for an option when undefined is passed to the rate
  limiter.

v6.2.0

Compare Source

Added

• Export the MemoryStore, so it can now be imported as a named import
  (import { MemoryStore } from 'express-rate-limit').

Fixed

• Deprecate the onLimitReached option (this was supposed to be deprecated in
  v6.0.0 itself); developers should use a custom handler function that checks if
  the rate limit has been exceeded instead.

v6.1.0

Compare Source

Added

• Added a named export rateLimit in case the default import does not work.

Fixed

• Added a named export default, so Typescript CommonJS developers can default-import the library (import rateLimit from 'express-rate-limit').

v6.0.5

Compare Source

Fixed

• Use named imports for ExpressJS types so users do not need to enable the esModuleInterop flag in their Typescript compiler configuration.

v6.0.4

Compare Source

Fixed

• Upload the built package as a .tgz to GitHub releases.

Changed

• Add main and module fields to package.json. This helps tools such as ESLint that do not yet support the exports field.
• Bumped the minimum node.js version in package-lock.json to match package.json

v6.0.3

Compare Source

Changed

• Bumped minimum Node version from 12.9 to 14.5 because the transpiled output uses the nullish coalescing operator (??), which isn't supported in Node prior to 14.x.

v6.0.2

Compare Source

Fixed

• Ensure CommonJS projects can import the module.

Added

• Add additional tests that test:
  • importing the library in js-cjs, js-esm, ts-cjs, ts-esm environments.
  • usage of the library with external stores (redis, mongo, memcached, precise).

Changed

• Use esbuild to generate ESM and CJS output. This reduces the size of the built package from 138 kb to 13kb and build time to 4 ms! 🚀
• Use dts-bundle-generator to generate a single Typescript declaration file.

v6.0.1

Compare Source

Fixed

• Ensure CommonJS projects can import the module.

v6.0.0

Compare Source

Added

• express 4.x as a peer dependency.
• Better Typescript support (the library was rewritten in Typescript).
• Export the package as both ESM and CJS.
• Publish the built package (.tgz file) on GitHub releases as well as the npm registry.
• Issue and PR templates.
• A contributing guide.
• A changelog.

Changed

• Rename the draft_polli_ratelimit_headers option to standardHeaders.
• Rename the headers option to legacyHeaders.
• Retry-After header is now sent if either legacyHeaders or standardHeaders is set.
• Allow keyGenerator to be an async function/return a promise.
• Change the way custom stores are defined.
  • Add the init method for stores to set themselves up using options passed to the middleware.
  • Rename the incr method to increment.
  • Allow the increment, decrement, resetKey and resetAll methods to return a promise.
  • Old stores will automatically be promisified and used.
• The package can now only be used with NodeJS version 12.9.0 or greater.
• The onLimitReached configuration option is now deprecated. Replace it with a custom handler that checks the number of hits.

Removed

• Remove the deprecated limiter.resetIp method (use the limiter.resetKey method instead).
• Remove the deprecated options delayMs, delayAfter (the delay functionality was moved to the express-slow-down package) and global (use a key generator that returns a constant value).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.