chore(deps): update limits requirement from >=3.0.0 to >=5.8.0

[dependabot]

Updates the requirements on limits to permit the latest version.

Release notes

Sourced from limits's releases.

5.8.0

Bug Fix

• Allow explicit keyword arguments for storage options for username & password for storages that support it.
• Allow explicitly specifying startup_nodes through keyword arguments for all redis cluster storages.
• Support IPv6 addresses in cluster locators in storage uri

Changelog

Sourced from limits's changelog.

v5.8.0

Release Date: 2026-02-04

• Bug Fix

  • Allow explicit keyword arguments for storage options for username & password for storages that support it.
  • Allow explicitly specifying startup_nodes through keyword arguments for all redis cluster storages.
  • Support IPv6 addresses in cluster locators in storage uri

v5.7.0

Release Date: 2026-02-03

• Compatibility

  • Relax extras constraints for redis (<8)

v5.6.0

Release Date: 2025-09-29

• Development

  • Move all project metadata to pyproject
  • Use uv for development
  • Use hatch for package build
  • Remove versioneer for versioning

v5.5.0

Release Date: 2025-08-05

• Compatibility

  • Relax upper bound of packaging requirement
  • Increase upper bound of coredis requirement
  • Increase upper bound of redis requirement

v5.4.0

Release Date: 2025-06-16

• Feature

  • Relax regular expression used in limits.parse and limits.parse_many to capture any granularity instead of just the hardcoded ones so that custom rate limits can

... (truncated)

Commits

• cc5eafc Update changelog for 5.8.0
• d309f43 Add concurrency controls to CI to cancel previous runs
• 2b88260 Upgrade pytest
• 917ecf1 Raise url parse error from underlying ValueError
• a9a257a Update all documentation dependencies
• 6fe4d83 Support ipv6 in storage schema uri
• 183403a Centralize storage URI parsing and scheme registry
• 6fd9909 Update changelog for 5.7.0
• dd76b8c update tagging script
• 227c7f0 Update release notes script
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Summary

This is a Dependabot-generated bump of the limits lower-bound from >=3.0.0 to >=5.8.0, aligning it with the latest upstream release. The project uses slowapi for HTTP rate limiting in a default, in-memory configuration, and research confirms that the core API surface that slowapi 0.1.9 wraps is preserved in limits 5.x.

Confidence Score: 5/5

Safe to merge — single-line version constraint bump with no behavioral change in the application code.

The only changed line is the limits lower-bound in pyproject.toml. The app's rate-limiting setup uses the simplest possible slowapi/limits configuration (in-memory, default strategy, standard key func), and the core API that slowapi 0.1.9 wraps (RateLimitItem, parse) is confirmed present and backward-compatible in limits 5.x. No P0/P1 issues identified.

No files require special attention.

Important Files Changed

Filename	Overview
pyproject.toml	Bumps the limits minimum version from >=3.0.0 to >=5.8.0; the project's simple in-memory slowapi usage is compatible with limits 5.x.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[creditnexus pyproject.toml] -->|limits >=5.8.0| B[limits 5.8.0]
    A -->|slowapi >=0.1.9| C[slowapi 0.1.9]
    C -->|depends on limits >=2.3| B
    B --> D[In-memory Storage]
    C --> E[Limiter / get_remote_address]
    E --> F[FastAPI Rate-Limit Middleware]
    F -->|429 on breach| G[RateLimitExceeded handler]

Loading

_{Reviews (1): Last reviewed commit: "chore(deps): update limits requirement f..." | Re-trigger Greptile}

[dependabot]

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.