refactor: Upgrade express-rate-limit from 6.11.2 to 7.2.0

[parseplatformorg]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express-rate-limit from 6.11.2 to 7.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2024-03-02.

Release notes

Package name: express-rate-limit

• 7.2.0 - 2024-03-02
  

  You can view the changelog here.

• 7.1.5 - 2023-11-27
  

  You can view the changelog here.

• 7.1.4 - 2023-11-06
  

  You can view the changelog here.

• 7.1.3 - 2023-10-26
  

  You can view the changelog here.

• 7.1.2 - 2023-10-23
  

  You can view the changelog here.

• 7.1.1 - 2023-10-09
  

  Misc

  • Enabled provenance statement generation, see https://github.com/express-rate-limit/express-rate-limit#406.

  ---

  You can view the full changelog here.

• 7.1.0 - 2023-10-04
  

  You can view the changelog here.

• 7.0.2 - 2023-09-26
  

  You can view the changelog here.

• 7.0.1 - 2023-09-16
  

  You can view the changelog here.

• 7.0.0 - 2023-09-12
  

  Breaking

  • Changed behavior when max is set to 0:
    • Previously, max: 0 was treated as a 'disable' flag and would allow all requests through.
    • Starting with v7, all requests will be blocked when max is set to 0.
    • To replicate the old behavior, use the skip function instead.
  • Renamed req.rateLimit.current to req.rateLimit.used.
    • current is now a hidden getter that will return the used value, but it will not appear when iterating over the keys or calling JSON.stringify().
  • Changed the minimum required Node version from v14 to v16.
    • express-rate-limit now targets es2022 in TypeScript/ESBuild.
  • Bumped TypeScript from v4 to v5 and dts-bundle-generator from v7 to v8.

  Deprecated

  • Removed the draft_polli_ratelimit_headers option (it was deprecated in v6).
    • Use standardHeaders: 'draft-6' instead.
  • Removed the onLimitReached option (it was deprecated in v6).
    • This is an example of how to replicate it's behavior with a custom handler option.

  Changed

  • The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
  • The limit configuration option is now prefered to max.
    • It still shows the same behavior, and max is still supported. The change was made to better align with terminology used in the IETF standard drafts.

  Added

  • The validate config option can now be an object with keys to enable or disable specific validation checks. For more information, see this.
• 6.11.2 - 2023-09-12

from express-rate-limit GitHub release notes

Commit messages

Package name: express-rate-limit

• f77addc 7.2.0
• dc4f067 7.2.0 changelog
• 5f6dc55 docs: add Configuration & Thank You sections to readme (Adds ability to disable anonymous users #440)
• be7fe9c Check for instance creation while handling a request (Adds locked down ACL on _User #438)
• c252ae3 docs: improve store-related docs (Deployment Script Chef / Ansible #437)
• 31fc799 docs: Create Data Stores documentation page (Can't stop migration #433)
• 2d4105e build(deps-dev): bump follow-redirects from 1.15.3 to 1.15.4 (Android SDK connection error #431)
• d8a1cc2 Update overview.mdx sponsor link (FB session becomes invalid when fetching user #427)
• 7df39f8 docs: resetKey example
• 782773e 7.1.5
• 3d7e112 7.1.5 changelog
• eee94f1 fix: requestWasSuccessful async support (fix multiple include #426)
• 7498834 docs: restore instance and request API docs
• 1a7f986 fix: ci generation config of the url for changelog (Uncaught internal server error. bad key in untransform: _lock_row undefined  #423)
• c8ffbe4 chore: dependency bump
• 3ea29e4 docs: current -> used & a note for express-slow-down users
• 039b49d docs: fix broken anchor links for validate config option
• cc25ef0 chore: add funding link to package.json
• 8b68b5c chore: move changelog to docs folder/mintlify (Parse migration to heroku/aws regarding the images #420)
• c347de4 formatting
• b818476 fix broken links in docs
• 6f81e8e 7.1.4
• 01ff7ca 7.1.4 changelog
• 9d08a03 fix: Ratelimit headers empty while running on Bun v1.0.x Heroku and Parse Server using cached Cloud code - issue #418 (object.dirtyKeys in Parse.Cloud.beforeSave does not return dirty keys #419)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.