Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump express-slow-down from 1.4.0 to 2.0.3 #1119

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 2, 2024

Bumps express-slow-down from 1.4.0 to 2.0.3.

Changelog

Sourced from express-slow-down's changelog.

v2.0.3

Fixed

  • Fixed peerDependencies compatibility with express 5 beta.

v2.0.2

Fixed

  • Allowed express-slow-down to be used with express v5.

v2.0.1

Fixed

  • Fixed an incorrect WRN_ERL_MAX_ZERO warning when supplying a custom validation object in the config.

v2.0.0

express-slow-down v2 is built on top of express-rate-limit v7.

Breaking

  • Changed behavior of delayMs when set to a number
    • Previous behavior multiplied delayMs value by the number of slowed requests to determine the delay amount
    • New behavior treats a numeric value as a fixed delay that is applied to each slowed request without multiplication
    • Set to function(used) { return (used - this.delayAfter) * 1000; } to restore old behavior. (Change 1000 to match old value if necessary.)
  • Changed arguments passed to delayMs when set to a function
    • Previous signature was function(req, res): number
    • New signature is function(used, req, res): number | Promise<number> where used is the number of hits from this user during the current window
  • Dropped support for onLimitReached method
  • Dropped support for headers option
  • Renamed req.slowDown.current to req.slowDown.used
    • current is now a hidden getter that will return the used value, but will not be included when iteration over keys or running through JSON.stringify()

Added

  • delayAfter, delayMs, and maxDelayMs may now be async functions that return a number or a promise that resolves to a number
  • The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
  • Now using express-rate-limit's validator to detect and warn about common

... (truncated)

Commits
  • dd0363d 2.0.3
  • 925c37b chore: v2.0.3 changelog
  • 8b48c77 Merge pull request #52 from dderevjanik/chore/express-5-beta
  • 54ecb0c chore: express 5 beta
  • 5f7e281 docs: update changelog for v2.0.2
  • 13b5bc9 2.0.2
  • 9277ffb chore(deps): support express 5 (#51)
  • fb41c4a Merge pull request #49 from express-rate-limit/dependabot/npm_and_yarn/expres...
  • a7a3249 build(deps-dev): bump express from 4.18.2 to 4.19.2
  • 6e72d1a Merge pull request #48 from WovenCoast/master
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 2, 2024
Bumps [express-slow-down](https://github.com/express-rate-limit/express-slow-down) from 1.4.0 to 2.0.3.
- [Changelog](https://github.com/express-rate-limit/express-slow-down/blob/main/changelog.md)
- [Commits](express-rate-limit/express-slow-down@v1.4.0...v2.0.3)

---
updated-dependencies:
- dependency-name: express-slow-down
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/express-slow-down-2.0.3 branch from e45ffb2 to 544b916 Compare September 19, 2024 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants