Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump passport from 0.4.0 to 0.6.0 #31

Merged
merged 2 commits into from Nov 22, 2022
Merged

chore(deps): bump passport from 0.4.0 to 0.6.0 #31

merged 2 commits into from Nov 22, 2022

Commits on Nov 14, 2022

  1. chore(deps): bump passport from 0.4.0 to 0.6.0 

    Bumps [passport](https://github.com/jaredhanson/passport) from 0.4.0 to 0.6.0.
- [Release notes](https://github.com/jaredhanson/passport/releases)
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.4.0...v0.6.0)

---
updated-dependencies:
- dependency-name: passport
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] committed Nov 14, 2022
    Configuration menu
    Copy the full SHA
    35f60c7 View commit details
    Browse the repository at this point in the history

Commits on Nov 22, 2022

  1. fix: use keepSessionInfo to maintain session 

    The passport.js changes in `0.6.0` have breaking changes related to protecting against "Session Fixation".
- jaredhanson/passport#900
- https://medium.com/passportjs/fixing-session-fixation-b2b68619c51d

The assumption for the fix in this commit is that our example project here only has the session storage as its storage mechanism, so we're not quite vulnerable to the same thing since the storage goes away when the local project is stopped.
    @DevWithTheHair
    DevWithTheHair committed Nov 22, 2022
    Configuration menu
    Copy the full SHA
    984eddb View commit details
    Browse the repository at this point in the history