chore: upgrade express-rate-limit 7.5.1 → 8.3.1 (IPv6 security fix)
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 18m10s
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 18m10s
- Fixes IPv6 rate limit bypass vulnerability (GHSA-46wh-pxpv-q5gq) - IPv6 addresses now masked to /56 subnet by default - Updated custom keyGenerators to use ipKeyGenerator() helper - 5 new TDD tests for v8 features (ipKeyGenerator, IPv6 masking) - 672 tests passing, 0 TS errors, 0 npm audit vulnerabilities
This commit is contained in:
parent
603cbd7061
commit
7fffd404e9
6 changed files with 55 additions and 11 deletions
11
package-lock.json
generated
11
package-lock.json
generated
|
|
@ -10,7 +10,7 @@
|
|||
"dependencies": {
|
||||
"compression": "^1.8.1",
|
||||
"express": "^5.1.0",
|
||||
"express-rate-limit": "^7.5.1",
|
||||
"express-rate-limit": "^8.3.1",
|
||||
"helmet": "^8.1.0",
|
||||
"marked": "^17.0.4",
|
||||
"nanoid": "^5.1.6",
|
||||
|
|
@ -2339,10 +2339,13 @@
|
|||
}
|
||||
},
|
||||
"node_modules/express-rate-limit": {
|
||||
"version": "7.5.1",
|
||||
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.1.tgz",
|
||||
"integrity": "sha512-7iN8iPMDzOMHPUYllBEsQdWVB6fPDMPqwjBaFrgr4Jgr/+okjvzAy+UHlYYL/Vs0OsOrMkwS6PJDkFlJwoxUnw==",
|
||||
"version": "8.3.1",
|
||||
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.3.1.tgz",
|
||||
"integrity": "sha512-D1dKN+cmyPWuvB+G2SREQDzPY1agpBIcTa9sJxOPMCNeH3gwzhqJRDWCXW3gg0y//+LQ/8j52JbMROWyrKdMdw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"ip-address": "10.1.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 16"
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue