Skip to content

Update dependency passport to ^0.6.0 [SECURITY] - autoclosed#283

Closed
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-passport-vulnerability
Closed

Update dependency passport to ^0.6.0 [SECURITY] - autoclosed#283
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-passport-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Aug 10, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
passport (source) ^0.4.1^0.6.0 age confidence

GitHub Vulnerability Alerts

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Release Notes

jaredhanson/passport (passport)

v0.6.0

Compare Source

Added
  • authenticate(), req#login, and req#logout accept a
    keepSessionInfo: true option to keep session information after regenerating
    the session.
Changed
  • req#login() and req#logout() regenerate the the session and clear session
    information by default.
  • req#logout() is now an asynchronous function and requires a callback
    function as the last argument.
Security
  • Improved robustness against session fixation attacks in cases where there is
    physical access to the same system or the application is susceptible to
    cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed
  • initialize() middleware extends request with login(), logIn(),
    logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
    again, reverting change from 0.5.1.

v0.5.2

Compare Source

Fixed
  • Introduced a compatibility layer for strategies that depend directly on
    passport@0.4.x or earlier (such as passport-azure-ad), which were
    broken by the removal of private variables in passport@0.5.1.

v0.5.1

Compare Source

Fixed
  • Introduced a compatibility layer for strategies that depend directly on
    passport@0.4.x or earlier (such as passport-azure-ad), which were
    broken by the removal of private variables in passport@0.5.1.

v0.5.0

Compare Source

Changed
  • initialize() middleware extends request with login(), logIn(),
    logout(), logOut(), isAuthenticated(), and isUnauthenticated()
    functions.
Removed
  • login(), logIn(), logout(), logOut(), isAuthenticated(), and
    isUnauthenticated() functions no longer added to http.IncomingMessage.prototype.
Fixed
  • userProperty option to initialize() middleware only affects the current
    request, rather than all requests processed via singleton Passport instance,
    eliminating a race condition in situations where initialize() middleware is
    used multiple times in an application with userProperty set to different
    values.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from astrowq August 10, 2025 14:00
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Aug 10, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 7e1e737 to b8063cc Compare August 13, 2025 17:34
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Aug 13, 2025
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Aug 13, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from b8063cc to 621049e Compare August 13, 2025 21:40
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Aug 19, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from bcc20a5 to af8ea5c Compare August 19, 2025 23:02
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Aug 19, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from af8ea5c to d1402d7 Compare August 31, 2025 14:39
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Aug 31, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from d1402d7 to be474ae Compare August 31, 2025 16:33
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Aug 31, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from be474ae to 713b391 Compare September 25, 2025 20:54
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Sep 25, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 713b391 to 2a80688 Compare September 26, 2025 02:10
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Sep 26, 2025
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Oct 22, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch 2 times, most recently from 38f6cd8 to 3ab494e Compare October 22, 2025 10:47
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Oct 22, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 3ab494e to bae6b73 Compare November 10, 2025 19:11
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Nov 10, 2025
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Nov 11, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from bae6b73 to 241d17a Compare November 11, 2025 03:10
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Nov 18, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 241d17a to e68a9eb Compare November 18, 2025 10:01
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 4e14bb8 to 8091450 Compare December 3, 2025 21:10
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Dec 3, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 8091450 to 8f738be Compare December 31, 2025 17:50
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Dec 31, 2025
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Dec 31, 2025
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 8f738be to 2f7f734 Compare December 31, 2025 22:03
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 2f7f734 to ea54adc Compare January 8, 2026 16:48
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Jan 8, 2026
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Jan 8, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from ea54adc to 4075a8e Compare January 8, 2026 23:37
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 4075a8e to 4010ab9 Compare January 19, 2026 15:39
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Jan 19, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 4010ab9 to a2e5697 Compare January 19, 2026 18:43
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Jan 19, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from a2e5697 to 06a7b6e Compare February 2, 2026 18:29
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Feb 2, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 06a7b6e to 8559a16 Compare February 2, 2026 22:51
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Feb 2, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 8559a16 to c521e3f Compare February 12, 2026 13:37
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Feb 12, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from c521e3f to 92a9502 Compare February 12, 2026 19:57
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Feb 12, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 92a9502 to 849b5f9 Compare February 17, 2026 16:59
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.7.0 [SECURITY] Feb 17, 2026
@renovate renovate bot changed the title Update dependency passport to ^0.7.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] Feb 18, 2026
@renovate renovate bot force-pushed the renovate/npm-passport-vulnerability branch from 849b5f9 to 3d72f34 Compare February 18, 2026 00:02
@renovate renovate bot changed the title Update dependency passport to ^0.6.0 [SECURITY] Update dependency passport to ^0.6.0 [SECURITY] - autoclosed Feb 23, 2026
@renovate renovate bot closed this Feb 23, 2026
@renovate renovate bot deleted the renovate/npm-passport-vulnerability branch February 23, 2026 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@astrowq astrowq Awaiting requested review from astrowq

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants