Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
Set req.authInfo by default when using the assignProperty option to
authenticate() middleware. This makes the behavior the same as when not using
the option, and can be disabled by setting authInfo option to false.
[0.6.0] - 2022-05-20
Added
authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.
Changed
req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.
Security
Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).
[0.5.3] - 2022-05-16
Fixed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.
[0.5.2] - 2021-12-16
Fixed
Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in passport@0.5.1.
[0.5.1] - 2021-12-15
Added
Informative error message in session strategy if session support is not
available.
Changed
authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.
This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LouisLalonde/LOG8100-TP2-MOCK/network/alerts).
Bumps the npm_and_yarn group in /dvna with 7 updates:
1.0.3
5.1.1
2.7.4
3.1.10
0.4.0
1.5.1
0.18.8
1.0.11
1.7.0
3.11.3
0.4.1
0.7.0
4.44.4
6.37.3
Updates
bcrypt
from 1.0.3 to 5.1.1Release notes
Sourced from bcrypt's releases.
... (truncated)
Changelog
Sourced from bcrypt's changelog.
... (truncated)
Commits
33043f5
v5.1.1571d7ab
Merge pull request #993 from kelektiv/deps-update24aa2a2
Update dependencies11d2ddd
Merge pull request #968 from laijonathan/zos_fix0884c5b
Merge pull request #894 from lpizzinidev/patch-1fc225b1
Merge pull request #960 from kelektiv/release-v5-1-0809ad03
Prepare for v5.1.09eec9e8
Merge pull request #959 from kelektiv/release-v5-1-0b309eaf
Pin NAPI to v39d6516a
Merge pull request #958 from kelektiv/jestMaintainer changes
This version was pushed to npm by amitosh, a new releaser for bcrypt since your current version.
Updates
ejs
from 2.7.4 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807d
Version 3.1.109ee26dd
Mocha TDDe469741
Basic pollution protection715e950
Merge pull request #756 from Jeffrey-mu/maincabe314
Include advanced usage examples29b076c
Added header11503c7
Merge branch 'main' of github.com:mde/ejs into main7690404
Added security banner to READMEf47d7ae
Update SECURITY.md828cea1
Update SECURITY.mdUpdates
express-fileupload
from 0.4.0 to 1.5.1Release notes
Sourced from express-fileupload's releases.
... (truncated)
Commits
2bc6274
Merge pull request #375 from Kpovoc/master7349650
PR 375: Suggested changesa230423
Issue 374: Allow an option to choose the hashing algorithm3325e62
Merge pull request #372 from RomanBurunkov/master4cdd94a
Upd. deps & bump version to 1.5.03c715bf
Use refresh for upload timer, instead of creating new timer each data chunk4313856
Merge pull request #371 from RobinTail/feat-custom-loggercb317f7
Readme: minor, adjusting the actual type of the log method consumed (single a...586d2fc
Readme: reducing diff.d660b60
CR: making logger option to be console by default.Maintainer changes
This version was pushed to npm by romon2002, a new releaser for express-fileupload since your current version.
Updates
libxmljs
from 0.18.8 to 1.0.11Release notes
Sourced from libxmljs's releases.
Commits
3121013
Fix ci darwin arm64 (#639)18c3030
v1.0.10b24dbde
Bump semver from 5.7.1 to 5.7.2 (#629)dda151f
chore: add build steps for node 20 (#635)6507332
Update package-lock.jsoncc1606c
v1.0.936f0c8b
Fix resolving flags in parseHtmlAsync and parseXmlAsync (#625)2f1ec9f
Save old linux test merge config9734364
v1.0.81a2acd2
Fix deployUpdates
mysql2
from 1.7.0 to 3.11.3Release notes
Sourced from mysql2's releases.
... (truncated)
Changelog
Sourced from mysql2's changelog.
... (truncated)
Commits
Updates
passport
from 0.4.1 to 0.7.0Changelog
Sourced from passport's changelog.
... (truncated)
Commits
33b92f9
0.7.08dd8ec5
Update changelog.2815dc9
Merge pull request #1012 from jaredhanson/authinfo-assignprop0f2f81c
Fix test to allow setting of authInfo with assignProperty.b4e4cff
Fix test to allow setting of authInfo from authorize call.da379a0
Merge branch 'master' into authinfo-assignpropcfdbd4a
Update sponsors.6cc8a7c
Update sponsors.b6ab747
Update sponsors.c521bc8
Add FusionAuth as sponsor.Updates
sequelize
from 4.44.4 to 6.37.3Release notes
Sourced from sequelize's releases.
... (truncated)
Commits
6aba382
fix(postgres): use schema for foreign key constrains of a table (#17099)7c8972f
fix: addreadOnly
to the transaction options types and docs (#17226)505467b
fix(types): Add definition ofreturning
inSaveOptions
. (#16954)e81200e
feat(postgres): support connectionTimeoutMillis dialectOption (#14119)a250058
feat(postgres): backport stream dialectOption to v6 (#16868)cb8ea88
fix: sort keys by depth in groupJoinData (#16823)47cba67
fix(mssql): allow calling describeTable a table with a dot in its name (#16769)5bfbb99
feat: backportfindModel
to v6 (#16705)6c03176
fix(oracle): clean constraints (#16694)b204b5f
fix(oracle): add missing default and not null condition to addColumn (#16619)Maintainer changes
This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show