Update dependency passport to ^0.6.0 [SECURITY] #190

renovate · 2022-07-07T05:04:49Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
passport (source)	`^0.4.1` -> `^0.6.0`

GitHub Vulnerability Alerts

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Release Notes

jaredhanson/passport (passport)

`v0.6.0`

Compare Source

Added

authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.

Changed

req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.

Security

Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).

`v0.5.3`

Compare Source

Fixed

initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.

`v0.5.2`

Compare Source

Fixed

Introduced a compatibility layer for strategies that depend directly on
[email protected] or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in [email protected].

`v0.5.1`

Compare Source

Added

Informative error message in session strategy if session support is not
available.

Changed

authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.

`v0.5.0`

Compare Source

Changed

initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated()
functions.

Removed

login(), logIn(), logout(), logOut(), isAuthenticated(), and
isUnauthenticated() functions no longer added to http.IncomingMessage.prototype.

Fixed

userProperty option to initialize() middleware only affects the current
request, rather than all requests processed via singleton Passport instance,
eliminating a race condition in situations where initialize() middleware is
used multiple times in an application with userProperty set to different
values.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Dec 3, 2023

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 3a8574e to 2340ace Compare December 3, 2023 11:43

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Dec 3, 2023

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 2340ace to f98193b Compare December 3, 2023 13:37

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Jan 4, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from f98193b to 3f5dab9 Compare January 4, 2024 13:58

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Jan 4, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 3f5dab9 to a19707f Compare January 4, 2024 15:37

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Jan 9, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 23778b6 to 6c9ef0f Compare January 9, 2024 14:12

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Jan 9, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 6c9ef0f to ddb8578 Compare January 16, 2024 13:20

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Jan 16, 2024

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Jan 16, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ddb8578 to 5fb8bb1 Compare January 16, 2024 19:55

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 5fb8bb1 to 40023ce Compare January 28, 2024 09:15

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Jan 28, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 40023ce to f7f5bb4 Compare January 28, 2024 16:01

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Jan 28, 2024

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Feb 4, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from f7f5bb4 to ffd10da Compare February 4, 2024 10:40

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Feb 4, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ffd10da to ea669f2 Compare February 4, 2024 12:01

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ea669f2 to 545d921 Compare March 2, 2024 14:28

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Mar 2, 2024

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Mar 2, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 545d921 to bf836a4 Compare March 2, 2024 16:14

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Mar 12, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from bf836a4 to ddd3e23 Compare March 12, 2024 09:52

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 74c448e to 51e8a6e Compare October 9, 2024 13:53

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 51e8a6e to 40f16bb Compare October 28, 2024 15:57

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Oct 28, 2024

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Oct 28, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 40f16bb to 7a956fa Compare October 28, 2024 19:29

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 7a956fa to be5c969 Compare November 17, 2024 16:11

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Nov 17, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from be5c969 to a4d1a29 Compare November 17, 2024 18:27

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Nov 17, 2024

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Dec 2, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from a4d1a29 to ad90af4 Compare December 2, 2024 12:42

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Dec 2, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ad90af4 to 638576d Compare December 2, 2024 15:44

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Dec 17, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 31e41b4 to adc145c Compare December 18, 2024 02:20

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Dec 18, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from adc145c to b98bcd6 Compare December 22, 2024 16:56

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Dec 22, 2024

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Dec 22, 2024

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from b98bcd6 to b486f4b Compare December 22, 2024 19:31

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from b486f4b to ec7d208 Compare January 14, 2025 22:35

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Jan 14, 2025

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ec7d208 to 32c75fe Compare January 15, 2025 02:59

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Jan 15, 2025

renovate bot changed the title ~~Update dependency passport to ^0.6.0 [SECURITY]~~ Update dependency passport to ^0.7.0 [SECURITY] Jan 23, 2025

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 32c75fe to 9500fae Compare January 23, 2025 19:03

Update dependency passport to ^0.6.0 [SECURITY]

5676405

renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 9500fae to 5676405 Compare January 23, 2025 23:37

renovate bot changed the title ~~Update dependency passport to ^0.7.0 [SECURITY]~~ Update dependency passport to ^0.6.0 [SECURITY] Jan 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency passport to ^0.6.0 [SECURITY] #190

Update dependency passport to ^0.6.0 [SECURITY] #190

renovate bot commented Jul 7, 2022 •

edited

Loading

Update dependency passport to ^0.6.0 [SECURITY] #190

Are you sure you want to change the base?

Update dependency passport to ^0.6.0 [SECURITY] #190

Conversation

renovate bot commented Jul 7, 2022 • edited Loading

GitHub Vulnerability Alerts

CVE-2022-25896

Release Notes

v0.6.0

Added

Changed

Security

v0.5.3

Fixed

v0.5.2

Fixed

v0.5.1

Added

Changed

v0.5.0

Changed

Removed

Fixed

Configuration

renovate bot commented Jul 7, 2022 •

edited

Loading

`v0.6.0`

`v0.5.3`

`v0.5.2`

`v0.5.1`

`v0.5.0`