fix(deps): update dependency rate-limiter-flexible to v10 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
rate-limiter-flexible	2.3.6 → 10.0.1

---

Release Notes

animir/node-rate-limiter-flexible (rate-limiter-flexible)

v10.0.1: AI docs fix

Compare Source

Full Changelog: animir/node-rate-limiter-flexible@v10.0.0...v10.0.1

v10.0.0: Require points and duration opts

Compare Source

What's Changed

[BREAKING CHANGES]

• Require points and duration options by @​animir in #​354

  No default values are set for points and duration options starting from v10. Negative points will not be replaced by default points value 4.
  Validation rules apply.

  Error is thrown during limiter creation if points or duration is invalid:

  1. points must be number.

     Any limiter accepts negative points as valid option starting from v10. If you migrate from older version, be careful: If in your code points option is set to negative value and that works for your project now then you should review the logic in your project. After update to version 10, negative points value will not be replaced by 4 by default as it was prior to version 10.

     When your limiter has negative or zero points consume method call is always rejected since there is always not enough points to consume. You can set points to negative and play with reward and consume calls, that could be useful sometimes.

  2. duration must be non-negative number >= 0. Error is thrown during limiter creation if duration option has invalid value.

  Requiring points and duration seems logical for security package. We don't want our apps working not as we expect even if there is no security threat. This update removes uncertaincy about negative duration and zero points.

[OTHER UPDATES]

• Faster memory limiter and block mechanism by @​animir in #​355

  Internal memory storage implementation refactored for Map with timestamps instead of Date objects.

  Memory limiter is faster on 10-15% now on high traffic with diverse keys. Tests show performance improvement from 2569948 ops/sec to 2885688 ops/sec on my laptop.

Full Changelog: animir/node-rate-limiter-flexible@v9.1.1...v10.0.0

🐚

v9.1.1: Sequelize v7 support

Compare Source

What's Changed

• support Sequelize 7 by @​animir in #​347

🔔

v9.1.0: Non atomic Redis limiter

Compare Source

What's Changed

• Implement non atomic RateLimiterRedisNonAtomic by @​animir in #​345

💬

v9.0.1: Fixes: Queue and DynamoDB

Compare Source

What's Changed

• RateLimiterQueue: maxQueueSize default param when opts is set to {} by @​sevauni in #​340
• RateLimiterDynamo: return null for expired keys in get() method by @​anasdevv in #​341

New Contributors

• @​sevauni made their first contribution in #​340
• @​anasdevv made their first contribution in #​341

Full Changelog: animir/node-rate-limiter-flexible@v9.0.0...v9.0.1

📶

v9.0.0: Mongoose 9 support

Compare Source

What's Changed

• Mongoose 9 support by @​animir in #​339

BREAKING CHANGES

• Dropped support for MongoDB Native Driver version prior 4.0.0
• Dropped support for Mongoose package version prior to 5.2.0

😋

v8.3.0: Timeouts wrapper fixed

Compare Source

RLWrapperTimeouts can be imported from defaults:

import { RLWrapperTimeouts } from "rate-limiter-flexible";

Use it with or without insuranceLimiter to handle long requests to a storage.
Read more in docs.

Thank you @​florian-schunk

💧

v8.2.1: Fix Insurance Strategy

Compare Source

This patch reverts v8.2.0 changes. Timeouts Wrapper changed how Insurance Strategy treats rejected promises from working stores.

If you're on the version 8.2.0, please update to v8.2.1.
The impact of 8.2.0 changes is that when main limiter rejected consume or any other method call because there were not enough points on store, insurance limiter consume method was mistakenly called. This logic is incorrect as Insurance Strategy should handle only store errors.

v8.2.0: Timeouts wrapper

Compare Source

Added a new RLWrapperTimeouts.
It can be used with or without insuranceLimiter to handle long requests to a storage.

Thanks to @​florian-schunk .

✌️

v8.1.0: fix node-redis v4+ client is ready checks

Compare Source

• Improved node-redis package client is ready checks. All versions and cluster mode is supported now.

Thanks to @​Neumann-Nils

☺️

v8.0.1: Fix TS definitions

Compare Source

• v8.0.0 [BREAKING CHANGES] RateLimiterQueueError import was changed in TypeScript projects.
  It should be imported from defaults now.

  import { RateLimiterQueueError } from "rate-limiter-flexible"

  TS definition for RateLimiterQueueError was moved to types.d.ts.

• v8.0.1: index.d.ts file was moved outside of lib directory and renamed to types.d.ts.

Thanks @​wildfluss and @​PaulAnnekov for help.

💿

v8.0.0

Compare Source

v7.4.0: Drizzle ORM support

Compare Source

• In version 7.2.0 RateLimiterDrizzle limiter was added. Read about it on wiki
  Thanks @​Nayanchandrakar !

• In version 7.3.0 disableIndexesCreation option added to RateLimiterMongo.

• In version 7.3.1 conditional require of drizzle-orm was replaced with dynamic import to avoid issues with linters and tree-shakers.

• In version 7.3.2 drizzle-orm lazy import is hidden behind function call and string concatenation to avoid unnecessary tree-shaking and statistical analysis in different bundlers.

• In version 7.4.0 RateLimiterDrizzleNonAtomic was added. It doesn't guarantee precise events count under race conditions, but much faster than atomic limiter.

💫

v7.3.2

Compare Source

v7.3.1

Compare Source

v7.3.0

Compare Source

v7.2.0

Compare Source

v7.1.1: Check points before upserting with Redis

Compare Source

• RateLimiterRedis limiter checks if points value is an integer and throws a clear error otherwise. This helps to avoid mysterious errors provided by Lua script when consuming a floating-point number of points, e.g. 2.1.
  Thank you @​roggervalf

🌞

v7.1.0: Etcd support

Compare Source

• RateLimiterEtcd and RateLimiterEtcdNonAtomic were added. Read more on Wiki https://github.com/animir/node-rate-limiter-flexible/wiki/Etcd.

This is the first time we add atomic and non-atomic limiters for the same storage. Atomic increments are necessary to count sensitive things like incorrect password or PIN tries while non-atomic increments may be better (because they are faster) when exact count doesn't matter, e.g. to protect a service against DDoS attack.

Thank you @​Tobias4872
🍇

v7.0.0

Compare Source

What's Changed

• feat: add RateLimiterValkeyGlide to support Valkey Glide @​avifenesh in #​302 Thank you!
• X-RateLimit-Reset header example was fixed. It should be Math.ceil((Date.now() + rateLimiterRes.msBeforeNext) / 1000). Thanks to @​Fdavidtr.
• [BREAKING CHANGE] Node.js 18 support removed.

New Contributors

• @​avifenesh made their first contribution. Congrats!

Full Changelog: animir/node-rate-limiter-flexible@v6.2.1...v7.0.0

🐆

v6.2.1: SQLite: fix Knex connection issue

Compare Source

• RateLimiterSQLite: This fixes an issue where an unused Knex connection remained open, causing pool connection problems. Additionally, this adds functions to run tests against Knex.
  Thanks to @​muco-rolle
  📌

v6.2.0: Multiple SQLite clients support

Compare Source

• RateLimiterSQLite supports sqlite3, better-sqlite3 and knex clients now.
  Set storeType option to one of sqlite3, better-sqlite3 or knex, defaults to sqlite3 if not set.
  Thank you @​muco-rolle
  🎁

v6.1.0: SQLite support

Compare Source

• RateLimiterSQLite added. Thanks to @​no-on3 and @​muco-rolle rate-limiter-flexible supports SQLite now! 🐬
  Check SQLite example.

Just a day after Valkey limiter release we are releasing SQLite support. One new database and one old (but still good) added to the list of the big family. Congrats!

v6.0.0: Valkey support [zap]

Compare Source

• RateLimiterValkey added. Thanks to @​gurgunday rate-limiter-flexible supports Valkey now! ⚡
  It can be used with iovalkey package.

• [breaking] Node.js support for version 16 was dropped.

v5.0.5: Prisma unref timeout and DynamoDB ttlSet flag

Compare Source

• RateLimiterDynamo got ttlSet flag https://github.com/animir/node-rate-limiter-flexible/wiki/Options#ttlset that could be useful in serverless envirnoment to avoid extra requests. Thanks to @​ollyfg.
• RateLimiterPrisma unref timeout causing apps hanging. Thank you @​0xturner.
  🌕

v5.0.4

Compare Source

v5.0.3: Redis custom Lua script support

Compare Source

• RateLimiterRedis supports for customIncrTtlLuaScript option now. You can set custom Lua script as a string. It will be executed instead of built-in Lua script that is called on every upsert. See this rejected when consume more than maximum points and multiply delay test for example. Thanks to @​roggervalf
• Readme language fixes. Thanks to @​DePasqualeOrg

👍

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0: Prisma support

Compare Source

What's Changed

1. Add RateLimiterPrisma. Read about it on Wiki. Prisma supports PostgreSQL, MySQL, SQLite, MongoDB and many other databases. Thank you @​animir

2. Test environment and github actions got a number of improvements. Thank you @​mroderick

3. BREAKING CHANGES: we dropped support for Node.js 14 and all previous versions.

Full Changelog: animir/node-rate-limiter-flexible@v4.0.1...v5.0.0

v4.0.1: Fix RateLimiterMongo TypeError

Compare Source

RateLimiterMongo TypeError: Cannot read properties of null (reading 'value') error was fixed. See #​251 for reference.

Thanks to @​o-ali

v4.0.0: DynamoDB support

Compare Source

Thanks to @​Daniel-97 rate-limiter-flexible supports DynamoDB now!
Usage example can be found here.

BREAKING CHANGES: we dropped support for Node.js 12 and previous versions.

🐯

v3.0.6: Fix RateLimiterUnion.consume return type

Compare Source

• RateLimiterUnion.consume return type fixed. Thanks to @​Omers-Frontegg

v3.0.5: Fix memory storage being not accurate with expired keys

Compare Source

• fix memory storage consuming points when msBeforeNext is negative (key is expired). Thank you @​animir

v3.0.4

Compare Source

v3.0.3

Compare Source

v3.0.2: PostgreSQL quote table name and support for schema name option

Compare Source

• use quotation for table name in RateLimiterPostgres queries. Thanks to @​komachi
• add optional schemaName to RateLimiterPostgres limiter. Thanks to @​paulsc54
• special thanks to @​roggervalf who configured Github Actions for tests

🍯

v3.0.1

Compare Source

v3.0.0: Support of ioredis v4+ and redis v4+

Compare Source

I have really great news!
rate-limiter-flexible supports ioredis v4+ and redis v4+ now.
We have been waiting for this moment for years.

Thanks to @​roggervalf. And one big thank you from me personally

Since this is major release, there are

BREAKING CHANGES:

1. rate-limiter-flexible works with ioredis package of any version (tested versions 2, 3, 4 and 5) by default now.

• If you want it to work with the redis package version 4 or later, you should set useRedisPackage flag.
• If you created redis client with legacyMode: true, you should remove it.
• If you use redis of version 3 or lower, you should stick to rate-limiter-flexible version 2. Or try the experimental useRedis3AndLowerPackage option.

2. deprecated options started with lowercased inmemory prefix are removed. You can use inMemoryBlockOnConsumed and
   inMemoryBlockDuration instead.
3. deprecated redis option for RateLimiterRedis was removed. (Most likely you never heard about it, since it was deprecated years ago). You should use storeClient option instead.

v2.4.2

Compare Source

v2.4.1: TS type for the new option rejectIfRedisNotReady

Compare Source

Thank you @​dmozgovoi for the quick improvement.

v2.4.0: Redis limiter new option rejectIfRedisNotReady

Compare Source

In some cases especially with insuranceLimiter set it is important to reject requests quickly based on Redis client status being not ready. Thanks @​dmozgovoi

v2.3.12: RateLimiterUnion works with one limiter

Compare Source

Thank you @​svsool

v2.3.11: Fixes and improvements made since v2.3.4 release

Compare Source

• RateLimiterQueue getTokensRemaining with RateLimiterPostgres fixed. #​125
• clear timeout on key delete from memory storage. #​146 Thank you @​jiddmeye
• clearExpiredByTimeout is added to TS types for MySQL and Postgres limiters. #​156
• fix negative remaining points in memory limiter. #​172 Thank you @​MiniKraken-Team
• added browser package.json settings to allow bundling. 6ce34b3 Thank you @​achingbrain
• use nodejs.util.inspect.custom for Symbol flexibility. 2c8bedb Thank you @​shlavik
• inmemoryBlockOnConsumed and inmemoryBlockDuration options are renamed to inMemoryBlockOnConsumed and inMemoryBlockDuration. Old options are still supported, but deprecated and will be removed in v3 major release. #​106

v2.3.10

Compare Source

v2.3.9

Compare Source

v2.3.8

Compare Source

v2.3.7

Compare Source

---

Configuration

📅 Schedule: Branch creation - "on the first day of the week" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.