Changed behavior of delayMs when set to a number
- Previous behavior multiplied delayMs value by the number of slowed requests to determine the delay amount
- New behavior treats a numeric value as a fixed delay that is applied to each slowed request without multiplication
- Set to function(used) { return (used - this.delayAfter) * 1000; } to restore old behavior. (Change 1000 to match old value if necessary.)
Changed arguments passed to delayMs when set to a function
- Previous signature was function(req, res): number
- New signature is function(used, req, res): number | Promise<number> where used is the number of hits from this user during the current window
Dropped support for onLimitReached method
Dropped support for headers option
Renamed req.slowDown.current to req.slowDown.used
- current is now a hidden getter that will return the used value, but will not be included when iteration over keys or running through JSON.stringify()

delayAfter, delayMs, and maxDelayMs may now be async functions that return a number or a promise that resolves to a number
The MemoryStore now uses precise, per-user reset times rather than a global window that resets all users at once.
Now using express-rate-limit's validator to detect and warn about common misconfigurations. See https://github.com/express-rate-limit/express-rate-limit/wiki/Error-Codes for more info.