Skip to content

Bump passport from 0.5.0 to 0.7.0#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/passport-0.7.0
Open

Bump passport from 0.5.0 to 0.7.0#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/passport-0.7.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 25, 2026

Copy link
Copy Markdown
Contributor

Bumps passport from 0.5.0 to 0.7.0.

Changelog

Sourced from passport's changelog.

[0.7.0] - 2023-11-27

Changed

  • Set req.authInfo by default when using the assignProperty option to authenticate() middleware. This makes the behavior the same as when not using the option, and can be disabled by setting authInfo option to false.

[0.6.0] - 2022-05-20

Added

  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

  • Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

[0.5.1] - 2021-12-15

Added

  • Informative error message in session strategy if session support is not available.

Changed

  • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.
Commits
  • 33b92f9 0.7.0
  • 8dd8ec5 Update changelog.
  • 2815dc9 Merge pull request #1012 from jaredhanson/authinfo-assignprop
  • 0f2f81c Fix test to allow setting of authInfo with assignProperty.
  • b4e4cff Fix test to allow setting of authInfo from authorize call.
  • da379a0 Merge branch 'master' into authinfo-assignprop
  • cfdbd4a Update sponsors.
  • 6cc8a7c Update sponsors.
  • b6ab747 Update sponsors.
  • c521bc8 Add FusionAuth as sponsor.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [passport](https://github.com/jaredhanson/passport) from 0.5.0 to 0.7.0.
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.5.0...v0.7.0)

---
updated-dependencies:
- dependency-name: passport
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants