Skip to content
This repository has been archived by the owner on Jul 14, 2023. It is now read-only.

chore(deps): bump passport from 0.5.2 to 0.6.0 #361

Merged
merged 1 commit into from
Jan 31, 2023
Merged

chore(deps): bump passport from 0.5.2 to 0.6.0 #361

merged 1 commit into from
Jan 31, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 9, 2022
edited
Loading

Bumps passport from 0.5.2 to 0.6.0.

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 9, 2022
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/passport-0.6.0 branch from b277d9b to cbaa602 Compare November 9, 2022 21:55
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/passport-0.6.0 branch from cbaa602 to 1455d74 Compare November 29, 2022 06:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/passport-0.6.0 branch from 1455d74 to ceb8985 Compare January 27, 2023 16:38
@dependabot
chore(deps): bump passport from 0.5.2 to 0.6.0
2621aef 
Bumps [passport](https://github.com/jaredhanson/passport) from 0.5.2 to 0.6.0.
- [Release notes](https://github.com/jaredhanson/passport/releases)
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.5.2...v0.6.0)

---
updated-dependencies:
- dependency-name: passport
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/passport-0.6.0 branch from ceb8985 to 2621aef Compare January 27, 2023 16:59
@rbhuva
Copy link
Contributor

rbhuva commented Jan 31, 2023

@vobu : can you review this PR and approve it.
It will fix vulnerability issue.
https://www.mend.io/vulnerability-database/CVE-2022-25896

Thanks,
Rajdeep

@gregorwolf gregorwolf merged commit 38a7370 into main Jan 31, 2023
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/passport-0.6.0 branch January 31, 2023 07:41
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@gregorwolf gregorwolf gregorwolf approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rbhuva @gregorwolf