Update dependency passport to ^0.6.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
passport (source)	^0.5.2 -> ^0.6.0

GitHub Vulnerability Alerts

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

---

Release Notes

jaredhanson/passport

v0.6.0

Compare Source

Added

• authenticate(), req#login, and req#logout accept a
  keepSessionInfo: true option to keep session information after regenerating
  the session.

Changed

• req#login() and req#logout() regenerate the the session and clear session
  information by default.
• req#logout() is now an asynchronous function and requires a callback
  function as the last argument.

Security

• Improved robustness against session fixation attacks in cases where there is
  physical access to the same system or the application is susceptible to
  cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed

• initialize() middleware extends request with login(), logIn(),
  logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
  again, reverting change from 0.5.1.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

Merging #800 (081e865) into main (3512d6e) will decrease coverage by 16.76%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             main     #800       +/-   ##
===========================================
- Coverage   62.56%   45.80%   -16.77%     
===========================================
  Files         271      271               
  Lines        4266     4266               
  Branches     1004     1004               
===========================================
- Hits         2669     1954      -715     
- Misses       1257     2078      +821     
+ Partials      340      234      -106     

Flag	Coverage Δ
site-integration-chrome	44.37% <ø> (-17.09%)	⬇️
site-integration-firefox	44.88% <ø> (-16.65%)	⬇️
site-integration-iphone	38.81% <ø> (-18.41%)	⬇️
site-integration-pixel	42.00% <ø> (-17.42%)	⬇️
site-integration-safari	39.56% <ø> (-18.17%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
apps/site/src/lib/s3.ts	0.00% <0.00%> (-100.00%)	⬇️
apps/site/src/pages/api/logout.api.ts	0.00% <0.00%> (-100.00%)	⬇️
apps/site/src/pages/api/me/api-keys.api.ts	0.00% <0.00%> (-100.00%)	⬇️
apps/site/src/pages/api/blocks/shared/naming.ts	0.00% <0.00%> (-100.00%)	⬇️
...pps/site/src/pages/api/blocks/shared/revalidate.ts	0.00% <0.00%> (-100.00%)	⬇️
.../site/src/lib/api/handler/authenticated-handler.ts	0.00% <0.00%> (-100.00%)	⬇️
...te/src/lib/api/handler/api-key-required-handler.ts	0.00% <0.00%> (-100.00%)	⬇️
.../src/components/pages/dashboard/page-container.tsx	0.00% <0.00%> (-100.00%)	⬇️
.../src/lib/api/middleware/is-logged-in.middleware.ts	0.00% <0.00%> (-100.00%)	⬇️
apps/site/src/pages/blocks/publish/npm.page.tsx	6.66% <0.00%> (-93.34%)	⬇️
... and 88 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[kachkaev]

Closing as duplicate of #594 and #502

[renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (^0.6.0). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.