Bump rate-limiter-flexible from 9.1.1 to 11.0.0

[dependabot]

Bumps rate-limiter-flexible from 9.1.1 to 11.0.0.

Release notes

Sourced from rate-limiter-flexible's releases.

Wrappers don't require points and duration options

What's Changed

• #356 fix do not require points and duration options in wrappers by @​animir in animir/node-rate-limiter-flexible#357
• RateLimiterCompatibleAbstract lightweight base class for custom wrappers Added a minimal abstract class that defines the core interface (consume, get, set, delete, penalty, reward, block, getKey) without requiring the full RateLimiterAbstract implementation. This makes it easy to build custom wrappers that work seamlessly with RateLimiterUnion, RLWrapperTimeouts, and insurance limiters.
• Fixed RateLimiterStoreAbstract.set() incorrectly calling _block instead of _set
• Fixed key parsing when keyPrefix is empty

[BREAKING CHANGES] RLWrapperBlackAndWhite now extends RateLimiterCompatibleAbstract, and all union/wrapper/insurance classes accept both abstract types via a new isRateLimiterCompatible helper.

⏲️

Full Changelog: animir/node-rate-limiter-flexible@v10.0.1...v11.0.0

AI docs fix

Full Changelog: animir/node-rate-limiter-flexible@v10.0.0...v10.0.1

Require points and duration opts

What's Changed

[BREAKING CHANGES]

• Require points and duration options by @​animir in animir/node-rate-limiter-flexible#354

  No default values are set for points and duration options starting from v10. Negative points will not be replaced by default points value 4. Validation rules apply.

  Error is thrown during limiter creation if points or duration is invalid:

  1. points must be number.

     Any limiter accepts negative points as valid option starting from v10. If you migrate from older version, be careful: If in your code points option is set to negative value and that works for your project now then you should review the logic in your project. After update to version 10, negative points value will not be replaced by 4 by default as it was prior to version 10.

     When your limiter has negative or zero points consume method call is always rejected since there is always not enough points to consume. You can set points to negative and play with reward and consume calls, that could be useful sometimes.

  2. duration must be non-negative number >= 0. Error is thrown during limiter creation if duration option has invalid value.

  Requiring points and duration seems logical for security package. We don't want our apps working not as we expect even if there is no security threat. This update removes uncertaincy about negative duration and zero points.

[OTHER UPDATES]

• Faster memory limiter and block mechanism by @​animir in animir/node-rate-limiter-flexible#355

  Internal memory storage implementation refactored for Map with timestamps instead of Date objects.

  Memory limiter is faster on 10-15% now on high traffic with diverse keys. Tests show performance improvement from 2569948 ops/sec to 2885688 ops/sec on my laptop.

Full Changelog: animir/node-rate-limiter-flexible@v9.1.1...v10.0.0

🐚

Commits

• 7a24183 11.0.0
• 16bd23a Merge pull request #357 from animir/Countly performance issues [solved] #356-fix-wrappers-require-opts
• a5e3ce7 #356 fix options forwarding to inner limiter, tests
• 8ade78c #356 fix flaky tests
• ac8c5c5 #356 fix tests
• 8bfe960 #356 update docs
• 44d11b9 #356 add missing set method
• a258a19 #356 fix parseKey method
• bd8e4ea #356 set method, require keyPrefix, types, tests
• 501bc77 #356 update error messages
• Additional commits viewable in compare view