Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency passport to v0.6.0 [SECURITY] #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency passport to v0.6.0 [SECURITY] #19

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Sep 25, 2022
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
passport (source) 0.2.x -> 0.6.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Release Notes

jaredhanson/passport (passport)

v0.6.0

Compare Source

Added
  • authenticate(), req#login, and req#logout accept a
    keepSessionInfo: true option to keep session information after regenerating
    the session.
Changed
  • req#login() and req#logout() regenerate the the session and clear session
    information by default.
  • req#logout() is now an asynchronous function and requires a callback
    function as the last argument.
Security
  • Improved robustness against session fixation attacks in cases where there is
    physical access to the same system or the application is susceptible to
    cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed
  • initialize() middleware extends request with login(), logIn(),
    logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
    again, reverting change from 0.5.1.

v0.5.2

Compare Source

Fixed
  • Introduced a compatibility layer for strategies that depend directly on
    passport@0.4.x or earlier (such as passport-azure-ad), which were
    broken by the removal of private variables in passport@0.5.1.

v0.5.1

Compare Source

Added
  • Informative error message in session strategy if session support is not
    available.
Changed
  • authenticate() middleware, rather than initialize() middleware, extends
    request with login(), logIn(), logout(), logOut(), isAuthenticated(),
    and isUnauthenticated() functions.

v0.5.0

Compare Source

Changed
  • initialize() middleware extends request with login(), logIn(),
    logout(), logOut(), isAuthenticated(), and isUnauthenticated()
    functions.
Removed
  • login(), logIn(), logout(), logOut(), isAuthenticated(), and
    isUnauthenticated() functions no longer added to http.IncomingMessage.prototype.
Fixed
  • userProperty option to initialize() middleware only affects the current
    request, rather than all requests processed via singleton Passport instance,
    eliminating a race condition in situations where initialize() middleware is
    used multiple times in an application with userProperty set to different
    values.

v0.4.1

Compare Source

v0.4.0

Compare Source

v0.3.2

Compare Source

v0.3.1

Compare Source

v0.3.0

Compare Source

v0.2.2

Compare Source

v0.2.1

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from a171855 to 073887e Compare November 20, 2022 15:13
@renovate renovate bot changed the title Pin dependency passport to v0.2.2 [SECURITY] Update dependency passport to 0.6.x [SECURITY] Nov 20, 2022
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Dec 4, 2023
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 073887e to 84bc500 Compare December 4, 2023 23:49
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Dec 5, 2023
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 84bc500 to df4afcb Compare December 5, 2023 14:54
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jan 5, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from df4afcb to 1779484 Compare January 5, 2024 05:39
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Jan 6, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 1779484 to 91b59a9 Compare January 6, 2024 20:44
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jan 9, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 1ead309 to 214c90f Compare January 10, 2024 05:38
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Jan 10, 2024
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jan 16, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 794f092 to 7152385 Compare January 18, 2024 02:57
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Jan 18, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 7152385 to fd37c5c Compare January 31, 2024 02:30
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jan 31, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from fd37c5c to 9719229 Compare February 1, 2024 05:18
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Feb 1, 2024
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Feb 5, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 7657106 to 3a39f7e Compare February 6, 2024 05:10
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Feb 6, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 3a39f7e to 88f7913 Compare February 26, 2024 04:46
@renovate renovate bot changed the title Update dependency passport to 0.6.x [SECURITY] Update dependency passport to 0.7.x [SECURITY] Feb 26, 2024
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to 0.6.x [SECURITY] Feb 27, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 88f7913 to 712c199 Compare February 27, 2024 02:42
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] Apr 24, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 46ada44 to 9b79ec8 Compare April 26, 2024 02:40
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] Apr 26, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 9b79ec8 to 1e4e155 Compare April 27, 2024 17:44
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] Apr 27, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 1e4e155 to c633181 Compare May 1, 2024 11:49
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] May 1, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from c633181 to 62f9ad9 Compare May 2, 2024 08:58
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] May 2, 2024
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] May 10, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from c10b0c2 to bf17bcf Compare May 12, 2024 02:44
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] May 12, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from bf17bcf to ca562e6 Compare May 23, 2024 02:31
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] May 23, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ca562e6 to 3d44036 Compare May 24, 2024 14:52
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] May 24, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 3d44036 to 7f83940 Compare June 5, 2024 17:55
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jun 5, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 7f83940 to 7b45826 Compare June 8, 2024 02:08
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] Jun 8, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 7b45826 to 4a9f00a Compare June 28, 2024 02:10
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jun 28, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 4a9f00a to d8ebffb Compare June 29, 2024 11:45
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] Jun 29, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from d8ebffb to 69bf0aa Compare July 14, 2024 23:40
@renovate renovate bot changed the title Update dependency passport to v0.6.0 [SECURITY] Update dependency passport to 0.7.x [SECURITY] Jul 14, 2024
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 69bf0aa to 829f31c Compare July 15, 2024 05:38
@renovate renovate bot changed the title Update dependency passport to 0.7.x [SECURITY] Update dependency passport to v0.6.0 [SECURITY] Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants