feat: Add decorate package to set rate limit headers #247
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
😎 Merged successfully - details. |
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
davidmytton
reviewed
Feb 24, 2024
|
Due to our deny caching, the
Which links to the reset section saying:
That being said, we are planning to revisit the caching mechanisms as part of https://github.com/arcjet/arcjet/issues/532 and should make sure we account for this. |
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
|
davidmytton
approved these changes
Feb 28, 2024
|
@SocketSecurity ignore-all |
trunk-io bot
pushed a commit
that referenced
this pull request
Mar 4, 2024
🤖 I have created a release *beep* *boop* --- <details><summary>@arcjet/decorate: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/decorate-v1.0.0-alpha.9) (2024-03-04) ### 🚀 New Features * Add decorate package to set rate limit headers ([#247](#247)) ([232750d](232750d)) * **decorate:** Allow decorating Headers object directly ([#266](#266)) ([0bfdcc7](0bfdcc7)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/logger bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/protocol bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/duration: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/duration-v1.0.0-alpha.9) (2024-03-04) ### 🚀 New Features * Add decorate package to set rate limit headers ([#247](#247)) ([232750d](232750d)) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/next: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/next-v1.0.0-alpha.9) (2024-03-04) ### 🚀 New Features * Add `withRule` API for adding adhoc rules ([#245](#245)) ([f8ebbdc](f8ebbdc)), closes [#193](#193) ### 📦 Dependencies * Bump next from 14.1.0 to 14.1.1 ([#281](#281)) ([c568890](c568890)) * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 📝 Documentation * Add node SDK and move core to utility section ([#290](#290)) ([b6683a5](b6683a5)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/ip bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * arcjet bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/node: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/node-v1.0.0-alpha.9) (2024-03-04) ### 🚀 New Features * Implement initial nodejs SDK ([#268](#268)) ([6273296](6273296)) ### 📝 Documentation * Add node SDK and move core to utility section ([#290](#290)) ([b6683a5](b6683a5)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/ip bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * arcjet bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/analyze: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/analyze-v1.0.0-alpha.9) (2024-03-04) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/logger bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/eslint-config: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/eslint-config-v1.0.0-alpha.9) (2024-03-04) ### 📦 Dependencies * Bump eslint-config-next from 14.1.0 to 14.1.1 ([#279](#279)) ([0e0e1ab](0e0e1ab)) * Bump eslint-config-turbo from 1.12.3 to 1.12.4 ([#231](#231)) ([f495f1b](f495f1b)) * Bump eslint-plugin-react from 7.33.2 to 7.34.0 ([#280](#280)) ([97cf82b](97cf82b)) * Bump next from 14.1.0 to 14.1.1 ([#281](#281)) ([c568890](c568890)) * **dev:** Bump eslint from 8.56.0 to 8.57.0 ([#249](#249)) ([49972a9](49972a9)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) </details> <details><summary>@arcjet/ip: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/ip-v1.0.0-alpha.9) (2024-03-04) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/logger: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/logger-v1.0.0-alpha.9) (2024-03-04) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/protocol: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/protocol-v1.0.0-alpha.9) (2024-03-04) ### ⚠ BREAKING CHANGES * Remove logger from context and leverage singleton logger instead ([#260](#260)) * Separate ArcjetRequest and ArcjetRequestDetails types to accept record of headers ([#228](#228)) ### 🚀 New Features * Add decorate package to set rate limit headers ([#247](#247)) ([232750d](232750d)) * Separate ArcjetRequest and ArcjetRequestDetails types to accept record of headers ([#228](#228)) ([4950364](4950364)), closes [#33](#33) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) * Remove logger from context and leverage singleton logger instead ([#260](#260)) ([c93a2e1](c93a2e1)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/rollup-config: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/rollup-config-v1.0.0-alpha.9) (2024-03-04) ### 📦 Dependencies * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) ### Dependencies * The following workspace dependencies were updated * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>@arcjet/tsconfig: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](https://github.com/arcjet/arcjet-js/compare/v1.0.0-alpha.8...@arcjet/tsconfig-v1.0.0-alpha.9) (2024-03-04) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) </details> <details><summary>arcjet: 1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](v1.0.0-alpha.8...arcjet-v1.0.0-alpha.9) (2024-03-04) ### ⚠ BREAKING CHANGES * Remove logger from context and leverage singleton logger instead ([#260](#260)) * Separate ArcjetRequest and ArcjetRequestDetails types to accept record of headers ([#228](#228)) ### 🚀 New Features * Add `withRule` API for adding adhoc rules ([#245](#245)) ([f8ebbdc](f8ebbdc)), closes [#193](#193) * Add decorate package to set rate limit headers ([#247](#247)) ([232750d](232750d)) * Separate ArcjetRequest and ArcjetRequestDetails types to accept record of headers ([#228](#228)) ([4950364](4950364)), closes [#33](#33) ### 📦 Dependencies * **dev:** Bump @edge-runtime/jest-environment from 2.3.9 to 2.3.10 ([#229](#229)) ([6f3a070](6f3a070)) * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) ### 📝 Documentation * Update HTTP version ([#227](#227)) ([c102c64](c102c64)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) * Remove logger from context and leverage singleton logger instead ([#260](#260)) ([c93a2e1](c93a2e1)) ### Dependencies * The following workspace dependencies were updated * dependencies * @arcjet/analyze bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/duration bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/logger bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/protocol bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * devDependencies * @arcjet/eslint-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/rollup-config bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 * @arcjet/tsconfig bumped from 1.0.0-alpha.8 to 1.0.0-alpha.9 </details> <details><summary>1.0.0-alpha.9</summary> ## [1.0.0-alpha.9](v1.0.0-alpha.8...v1.0.0-alpha.9) (2024-03-04) ### ⚠ BREAKING CHANGES * Remove logger from context and leverage singleton logger instead ([#260](#260)) * Separate ArcjetRequest and ArcjetRequestDetails types to accept record of headers ([#228](#228)) ### 🚀 New Features * Add `withRule` API for adding adhoc rules ([#245](#245)) ([f8ebbdc](f8ebbdc)), closes [#193](#193) * Add decorate package to set rate limit headers ([#247](#247)) ([232750d](232750d)) * **decorate:** Allow decorating Headers object directly ([#266](#266)) ([0bfdcc7](0bfdcc7)) * Implement initial nodejs SDK ([#268](#268)) ([6273296](6273296)) * Separate ArcjetRequest and ArcjetRequestDetails types to accept record of headers ([#228](#228)) ([4950364](4950364)), closes [#33](#33) ### 📦 Dependencies * Bump eslint-config-next from 14.1.0 to 14.1.1 ([#279](#279)) ([0e0e1ab](0e0e1ab)) * Bump eslint-config-turbo from 1.12.3 to 1.12.4 ([#231](#231)) ([f495f1b](f495f1b)) * Bump eslint-plugin-react from 7.33.2 to 7.34.0 ([#280](#280)) ([97cf82b](97cf82b)) * Bump next from 14.1.0 to 14.1.1 ([#281](#281)) ([c568890](c568890)) * **dev:** Bump @edge-runtime/jest-environment from 2.3.9 to 2.3.10 ([#229](#229)) ([6f3a070](6f3a070)) * **dev:** Bump @rollup/wasm-node from 4.10.0 to 4.12.0 ([#235](#235)) ([cf7ffc2](cf7ffc2)) * **dev:** Bump @rollup/wasm-node from 4.9.6 to 4.10.0 ([#223](#223)) ([47c24b4](47c24b4)) * **dev:** Bump eslint from 8.56.0 to 8.57.0 ([#249](#249)) ([49972a9](49972a9)) * **example:** Bump the dependencies group in /examples/nextjs-13-pages-wrap with 1 update ([#243](#243)) ([7c5cb6f](7c5cb6f)) * **example:** Bump the dependencies group in /examples/nextjs-13-pages-wrap with 2 updates ([#259](#259)) ([7aa9316](7aa9316)) * **example:** Bump the dependencies group in /examples/nextjs-13-pages-wrap with 3 updates ([#291](#291)) ([02c9312](02c9312)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-rl with 1 update ([#241](#241)) ([17b57c5](17b57c5)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-rl with 2 updates ([#256](#256)) ([7a40bb7](7a40bb7)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-rl with 3 updates ([#286](#286)) ([6595327](6595327)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-validate-email with 1 update ([#239](#239)) ([dce121f](dce121f)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-validate-email with 2 updates ([#257](#257)) ([2d690a6](2d690a6)) * **example:** Bump the dependencies group in /examples/nextjs-14-app-dir-validate-email with 3 updates ([#288](#288)) ([94d4cd4](94d4cd4)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-rl with 5 updates ([#295](#295)) ([4dc786b](4dc786b)) * **example:** Bump the dependencies group in /examples/nextjs-14-clerk-shield with 5 updates ([#293](#293)) ([8d46255](8d46255)) * **example:** Bump the dependencies group in /examples/nextjs-14-decorate with 4 updates ([#292](#292)) ([b9bde97](b9bde97)) * **example:** Bump the dependencies group in /examples/nextjs-14-openai with 3 updates ([#240](#240)) ([b6c2257](b6c2257)) * **example:** Bump the dependencies group in /examples/nextjs-14-openai with 3 updates ([#255](#255)) ([08612b5](08612b5)) * **example:** Bump the dependencies group in /examples/nextjs-14-openai with 5 updates ([#289](#289)) ([aa68d70](aa68d70)) * **example:** Bump the dependencies group in /examples/nextjs-14-pages-wrap with 1 update ([#242](#242)) ([45e7999](45e7999)) * **example:** Bump the dependencies group in /examples/nextjs-14-pages-wrap with 2 updates ([#258](#258)) ([7dfdd1e](7dfdd1e)) * **example:** Bump the dependencies group in /examples/nextjs-14-pages-wrap with 3 updates ([#287](#287)) ([183bccf](183bccf)) * **example:** Bump the dependencies group in /examples/nextjs-example with 1 update ([#294](#294)) ([f3e857f](f3e857f)) ### 📝 Documentation * Add node SDK and move core to utility section ([#290](#290)) ([b6683a5](b6683a5)) * **examples:** Added example apps for Clerk integration ([#244](#244)) ([95c7abd](95c7abd)) * **examples:** Expanded AI example with rate limit by user ID ([#221](#221)) ([915d3fc](915d3fc)) * Update HTTP version ([#227](#227)) ([c102c64](c102c64)) ### 🧹 Miscellaneous Chores * Add bugs and author info & update readme ([#254](#254)) ([9b0d2fc](9b0d2fc)) * **ci:** Add newer examples to required checks ([#299](#299)) ([43e61d2](43e61d2)) * **ci:** Disable next.js 13 required check ([#298](#298)) ([9b46606](9b46606)) * **ci:** Update dependabot to check all examples ([#284](#284)) ([e681904](e681904)) * **ci:** Update harden-runner, set policy to block, restrict permissions ([#297](#297)) ([deaecaa](deaecaa)) * **examples:** Disable telemetry to tighten harden-runner ([#296](#296)) ([cf9fe38](cf9fe38)) * Remove logger from context and leverage singleton logger instead ([#260](#260)) ([c93a2e1](c93a2e1)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the first pass at adding a decorate package that allows users to add RateLimit and RateLimit-Policy headers given an ArcjetDecision.
This follows the draft spec at https://ietf-wg-httpapi.github.io/ratelimit-headers/draft-ietf-httpapi-ratelimit-headers.html which has gone through a few iterations and will probably receive more updates soon, as it expired in December 2023.
This implementation requires some service changes to add fields to the protobuf.
Closes #38
Closes #40 (we'll be able to add other decoration functions to this new package)