Skip to content

fix(deps): update dependency passport to ^0.6.0 (cookieAuth-staging)

Renovaterequested to merge
renovate/cookieAuth-staging-passport-0.x into cookieAuth-staging

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
passport (source) ^0.4.1 -> ^0.6.0 age adoption passing confidence

Release Notes

jaredhanson/passport

v0.6.0

Compare Source

Added
  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.
Changed
  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.
Security
  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed
  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

v0.5.2

Compare Source

Fixed
  • Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

v0.5.1

Compare Source

Added
  • Informative error message in session strategy if session support is not available.
Changed
  • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

v0.5.0

Compare Source

Changed
  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.
Removed
  • login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions no longer added to http.IncomingMessage.prototype.
Fixed
  • userProperty option to initialize() middleware only affects the current request, rather than all requests processed via singleton Passport instance, eliminating a race condition in situations where initialize() middleware is used multiple times in an application with userProperty set to different values.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports