Update verdaccio/verdaccio Docker tag to v5.4.0
This MR contains the following updates:
Package | Update | Change |
---|---|---|
verdaccio/verdaccio | minor |
5.3.2 -> 5.4.0
|
Release Notes
verdaccio/verdaccio
v5.4.0
Features
#2791) (fd3ad1e
)
add cache-control header to endpoints (Some npm
commands has a response the token
as the body, to void cache those responses we add Cache-Control
as response header.
#2800) (#2799) (f64e403
)
add rate limit to user api endpoints (Add default rate limit to user endpoints, npm token
, npm profile
, npm loding/adduser
to 100 request peer 15 min, customizable via
userRateLimit:
windowMs: 50000
max: 1000
Also X-RateLimit
is part of the response headers.
curl -v http://localhost:4873/-/user/test
...
>
< HTTP/1.1 200 OK
< X-Powered-By: foooo
< Access-Control-Allow-Origin: *
< X-RateLimit-Limit: 1000
< X-RateLimit-Remaining: 999
< Date: Fri, 24 Dec 2021 18:27:20 GMT
< X-RateLimit-Reset: 1640371089
< Content-Type: application/json; charset=utf-8
< ETag: "9bc0d4158c3e2ac5822d39f55e5ceb05"
< Content-Length: 51
< Vary: Accept-Encoding
< Connection: keep-alive
< Keep-Alive: timeout=60
#2799) (c91d6be
) (#2803) (5b1264c
)
add rate limit to web endpoints (The web endpoints that retrieve data from the cache are limited by default 5k request peer 15 min and customizable if your need exceeds the defautls.
web:
title: Verdaccio
rateLimit:
windowMs: 50000
max: 1000
#2787) (1c17d09
)
JWT web signature default time reduced to 1 hour (The JWT token for web has been reduced from 7 days to 1 hour for security reasons. To restore the previous time, use configuration.
#2793) (e5d79ce
)
User agent is the client by default (The user_agent
property has been part of the config file, but undocumented, previous versions send the header User-Agent
was something like Verdaccio/5.x.x
. After this version is disabled and forward the one that comes from the client, also disable 'X-Powered-By
by default. The new user_agent
allows re-enable this feature by using true
or craft your own user agent.
user_agent: true
user_agent: false
user_agent: 'custom user agent'
Bug Fixes
- deps: update dependency @verdaccio/commons-api to v10.1.0 (#2789) (c5c0ef8)
- deps: update dependency body-parser to v1.19.1 (#2788) (46e583f)
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.