Skip to content

chore: update dependency passport to ^0.6.0 [security] #11127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: update dependency passport to ^0.6.0 [security] #11127

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 10, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
passport (source) ^0.5.3 -> ^0.6.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Release Notes

jaredhanson/passport (passport)

v0.6.0

Compare Source

Added
  • authenticate(), req#login, and req#logout accept a
    keepSessionInfo: true option to keep session information after regenerating
    the session.
Changed
  • req#login() and req#logout() regenerate the the session and clear session
    information by default.
  • req#logout() is now an asynchronous function and requires a callback
    function as the last argument.
Security
  • Improved robustness against session fixation attacks in cases where there is
    physical access to the same system or the application is susceptible to
    cross-site scripting (XSS).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file SECURITY labels Aug 10, 2025
@renovate renovate bot requested a review from raymondfeng as a code owner August 10, 2025 21:11
@dhmlau dhmlau self-requested a review August 10, 2025 23:38
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 11, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 9 times, most recently from cd5bcef to b3486b1 Compare August 11, 2025 19:18
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 11, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from ba6c8cd to 50dab28 Compare August 12, 2025 13:55
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 12, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from fb5ae76 to 727aabf Compare August 12, 2025 18:52
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 12, 2025
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 13, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 58299d1 to 65c10ec Compare August 13, 2025 16:45
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 13, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from d61770f to 16019a5 Compare August 15, 2025 16:14
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 15, 2025
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 15, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 3785e99 to a947d6d Compare August 15, 2025 17:17
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 15, 2025
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 15, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from f691699 to b4fa726 Compare August 19, 2025 13:59
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 19, 2025
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 19, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from b4fa726 to c1797b7 Compare August 19, 2025 14:12
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 19, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from c1797b7 to c007400 Compare August 19, 2025 15:57
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 19, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 37d27a4 to 8981bba Compare August 23, 2025 23:58
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 23, 2025
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 24, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 8981bba to ea7860c Compare August 24, 2025 00:04
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ea7860c to 1f4596b Compare August 31, 2025 01:41
@renovate renovate bot changed the title chore: update dependency passport to ^0.6.0 [security] chore: update dependency passport to ^0.7.0 [security] Aug 31, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 1f4596b to 00d340a Compare August 31, 2025 01:46
@renovate
chore: update dependency passport to ^0.6.0 [security]
7ad255e 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot changed the title chore: update dependency passport to ^0.7.0 [security] chore: update dependency passport to ^0.6.0 [security] Aug 31, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 00d340a to 7ad255e Compare August 31, 2025 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raymondfeng raymondfeng Awaiting requested review from raymondfeng raymondfeng is a code owner

@dhmlau dhmlau Awaiting requested review from dhmlau

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file SECURITY
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dhmlau