search

flaviuse / mern-authentication

MERN stack authentication boilerplate: password reset, email verification, server sessions, redux, typescript, hooks and docker for dev and prod.
https://mern-auth-client.herokuapp.com/login
MIT License
439 stars 95 forks source link

[Snyk] Upgrade passport from 0.4.1 to 0.5.2 #122

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade passport from 0.4.1 to 0.5.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Directory Traversal
SNYK-JS-MOMENT-2440688		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Prototype Pollution
SNYK-JS-ASYNC-2441827		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: passport from passport GitHub release notes
Commit messages
Package name: passport
  • c872f74 0.5.2
  • 3c60d02 Update changelog.
  • a1804a1 Merge pull request #878 from jaredhanson/compat-mode
  • 77ec5b3 Document compat mode.
  • 3253056 Implement compat mode.
  • 5c29557 0.5.1
  • 96fc14f Update package metadata.
  • 0a8f4a3 Update changelog.
  • 1f97bd0 Merge branch 'no-init'
  • 3f6e6d1 Update changelog.
  • c83ae89 Update changelog.
  • 447238c Merge remote-tracking branch 'origin/master' into no-init
  • 932c1b8 Merge pull request #875 from jaredhanson/no-init
  • 2cfb19f Update changelog.
  • d530640 Remove commented out line.
  • 28aea8f Only establish session if session manager exists.
  • bb1c9a4 Set session manager as private variable.
  • 77ee3a6 Exted req in authenticate, rather than initialize.
  • 0f0aa0e Don't set _passport property on request in initialize middleware.
  • c2091b6 Improve error message when session support isn't available.
  • 444b71a Remove use of _passport from request methods.
  • 536a5a4 Expose sessionManager in authenticate, rather than initialize.
  • f411118 Expose sessionManager on req, and use it rather than _passport.instance.
  • 6099318 Update WorkOS logo.
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs