Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency passport to ^0.6.0 #269

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency passport to ^0.6.0 #269

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link
Contributor

@mend-for-github-com mend-for-github-com bot commented Jul 3, 2022
edited

This PR contains the following updates:

Package Type Update Change
passport (source) dependencies minor ^0.4.0 -> ^0.6.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 4.8 CVE-2022-25896 #268

Release Notes

jaredhanson/passport (passport)

v0.6.0

Compare Source

Added
  • authenticate(), req#login, and req#logout accept a
    keepSessionInfo: true option to keep session information after regenerating
    the session.
Changed
  • req#login() and req#logout() regenerate the the session and clear session
    information by default.
  • req#logout() is now an asynchronous function and requires a callback
    function as the last argument.
Security
  • Improved robustness against session fixation attacks in cases where there is
    physical access to the same system or the application is susceptible to
    cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed
  • initialize() middleware extends request with login(), logIn(),
    logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
    again, reverting change from 0.5.1.

v0.5.2

Compare Source

Fixed
  • Introduced a compatibility layer for strategies that depend directly on
    passport@0.4.x or earlier (such as passport-azure-ad), which were
    broken by the removal of private variables in passport@0.5.1.

v0.5.1

Compare Source

Added
  • Informative error message in session strategy if session support is not
    available.
Changed
  • authenticate() middleware, rather than initialize() middleware, extends
    request with login(), logIn(), logout(), logOut(), isAuthenticated(),
    and isUnauthenticated() functions.

v0.5.0

Compare Source

Changed
  • initialize() middleware extends request with login(), logIn(),
    logout(), logOut(), isAuthenticated(), and isUnauthenticated()
    functions.
Removed
  • login(), logIn(), logout(), logOut(), isAuthenticated(), and
    isUnauthenticated() functions no longer added to http.IncomingMessage.prototype.
Fixed
  • userProperty option to initialize() middleware only affects the current
    request, rather than all requests processed via singleton Passport instance,
    eliminating a race condition in situations where initialize() middleware is
    used multiple times in an application with userProperty set to different
    values.

v0.4.1

Compare Source

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jul 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants