authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.
Changed
req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.
Security
Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).
[0.5.3] - 2022-05-16
Fixed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.
[0.5.2] - 2021-12-16
Fixed
Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in passport@0.5.1.
[0.5.1] - 2021-12-15
Added
Informative error message in session strategy if session support is not
available.
Changed
authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.
[0.5.0] - 2021-09-23
Changed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated()
functions.
Option code.esm to generate ESM exports for standalone validation functions (@rehanvdm, #1861)
Support discriminator keyword with $ref in oneOf subschemas (@dfeufel, #1815)
Fix browser bundles in cdnjs
regExp option allowing to specify alternative RegExp engine, e.g. re2 (@efebarlas)
v8.7.1
Publish Ajv bundle for JSON Schema 2020-12 to cdnjs.com
v8.7.0
Update JSON Schema Test Suite.
Change minContains: 0 now correctly allows empty array.
v8.6.3
Fix $ref resolution for schemas without $id (@rbuckton, #1725)
Support standalone module import from ESM modules without using .default property (@bhvngt, #1757)
properly configure headers for media resources and HTML page
18.0.0-next.3 (2024-04-17)
Breaking Changes
@angular/cli
The ng doc command has been removed without a replacement. To perform searches, please visit www.angular.dev
@angular-devkit/build-angular
By default, the index.html file is no longer emitted in the browser directory when using the application builder with SSR. Instead, an index.csr.html file is emitted. This change is implemented because in many cases server and cloud providers incorrectly treat the index.html file as a statically generated page. If you still require the old behavior, you can use the index option to specify the output file name.
Bumps the npm_and_yarn group with 19 updates in the / directory:
2.6.1
2.6.4
4.16.3
4.19.2
5.3.7
5.13.20
0.4.0
0.6.0
5.5.2
8.12.0
5.1.0
5.1.5
7.0.3
17.3.6
1.5.9
1.15.6
1.3.5
4.1.2
3.0.4
9.0.4
0.2.3
0.4.0
1.4.1
1.4.2
2.22.2
2.30.1
0.5.23
0.5.45
2.3.0
2.7.0
1.4.0
1.8.0
2.88.0
removed
1.3.0
7.6.1
3.2.1
3.2.2
Bumps the npm_and_yarn group with 23 updates in the /front-end directory:
4.16.3
4.19.2
5.5.2
8.12.0
0.7.5
17.3.6
6.1.5
17.3.6
5.1.0
5.1.5
6.5.2
6.5.3
1.18.2
1.20.2
0.2.0
0.2.2
1.5.8
1.15.6
1.2.4
1.2.13
1.3.5
1.3.8
3.0.4
3.1.2
5.5.1
5.7.2
1.7.1
6.4.3
0.2.3
0.4.0
1.4.1
1.4.2
4.17.11
4.17.21
2.0.0
2.0.1
1.0.0
1.0.1
6.1.8
10.2.5
7.1.0
7.24.5
4.0.12
4.7.8
3.1.5
3.10.1
Updates
async
from 2.6.1 to 2.6.4Changelog
Sourced from async's changelog.
Commits
c6bdaca
Version 2.6.48870da9
Update built files4df6754
update changelog8f7f903
Fix prototype pollution vulnerability (#1828)f1d8383
Version 2.6.32b674c1
update changelogeab740f
fix: udpate lodash. closes #1675eaf32be
Version 2.6.2684b42e
Update built filese1bd3da
update changelogMaintainer changes
This version was pushed to npm by hargasinski, a new releaser for async since your current version.
Updates
express
from 4.16.3 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
mongoose
from 5.3.7 to 5.13.20Changelog
Sourced from mongoose's changelog.
... (truncated)
Commits
0f3997a
chore: release 5.13.20f1efabf
fix: avoid prototype pollution on init98e0762
chore: release 5.13.197e36d21
chore: release 5.13.186759c60
undo accidental changes and actually pin@types/json-schema
4ed4a89
chore: pin version of@types/json-schema
because of install issues on node v4...9a9536d
Merge pull request #13535 from lorand-horvath/patch-1226424d5
5.x - bump mongodb driver to 3.7.44b8b0a9
add versionNumber to 5.x1bc07ec
chore: release 5.13.17Updates
passport
from 0.4.0 to 0.6.0Changelog
Sourced from passport's changelog.
... (truncated)
Commits
c33067b
0.6.03052bb4
Update changelog.42630cb
Merge pull request #900 from jaredhanson/fix-fixation8dd79fe
Use utils-merge rather than Object.assign for compatibility.4f6bd5b
Change keepSessionData to keepSessionData.46756e5
Silence verbose logging.987b191
Add tests.f8a175f
Add tests.29a90d6
No need to guard callback existence.bfba8a1
Add tests.Updates
ajv
from 5.5.2 to 8.12.0Release notes
Sourced from ajv's releases.
... (truncated)
Commits
bf1266a
8.12.0321fad6
update node versions (#2195)c5c195b
fix JTD discriminator with more than 8 properties, fixes #1971 (#2194)527d43a
build(deps-dev): bump@rollup/plugin-commonjs
from 23.0.7 to 24.0.0 (#2184)2e5884b
build(deps-dev): bump@rollup/plugin-typescript
from 9.0.2 to 10.0.1 (#2193)a697668
build(deps-dev): bump@rollup/plugin-json
from 5.0.2 to 6.0.0 (#2183)dab8504
special case empty object for jtd (#2158)d2c57d9
build(deps-dev): bump@rollup/plugin-typescript
from 8.5.0 to 9.0.2 (#2160)a489265
correctly narrow "number" type to "integer", fixes #1935 (#2192)a211e8d
JTD empty values schema, fixes #1949 (#2191)Updates
har-validator
from 5.1.0 to 5.1.5Release notes
Sourced from har-validator's releases.
Commits
b77cdcb
build(semantic-release): should release when docs are updated3a4d4f3
docs(readme): correct badge01c5f2a
style(lint): correct lint errorsab43db4
build(semantic-release): correct .releaserc file namebab9612
build(deps): update dependencies6742cb5
test(docker-compose): docker-compose for unified testingfd48174
ci(actions): replace old ci setup with new github actions workflows5c53c92
build(deps): [security] bump handlebars from 4.0.11 to 4.7.1 (#160)ea53334
chore(deps): lock file maintenance (#114)a38c067
5.1.3Updates
@angular/cli
from 7.0.3 to 17.3.6Release notes
Sourced from
@angular/cli
's releases.... (truncated)
Changelog
Sourced from
@angular/cli
's changelog.... (truncated)
Commits
c6b82f6
release: cut the v17.3.6 release6f1906f
docs: add explanation of how to set up a new NPM package in Wombatdcec597
fix(@angular-devkit/build-angular
): properly configure headers for media reso...c5f20a3
release: cut the v17.3.5 release6191d06
fix(@angular-devkit/build-angular
): address `Unable to deserialize cloned dat...0335d6a
fix(@angular-devkit/build-angular
): removetype="text/css"
fromstyle
tagd0bff79
release: cut the v17.3.4 release84ee482
docs: replace links links to aio with links to adev1128bdd
fix(@angular-devkit/build-angular
): ensure esbuild-based builders exclusively...1f47a10
build: updatevite
andundici
Maintainer changes
This version was pushed to npm by google-wombot, a new releaser for
@angular/cli
since your current version.Updates
qs
from 6.5.1 to 6.5.2Changelog
Sourced from qs's changelog.
Commits
298bfa5
v6.5.3ed0f5dc
[Fix]parse
: ignore__proto__
keys (#428)691e739
[Robustness]stringify
: avoid relying on a globalundefined
(#427)1072d57
[readme] remove travis badge; add github actions/codecov badges; update URLs12ac1c4
[meta] fix README.md (#399)0338716
[actions] backport actions from main5639c20
Clean up license text so it’s properly detected as BSD-3-Clause51b8a0b
add FUNDING.yml45f6759
[Fix] fix for an impossible situation: when the formatter is called with a no...f814a7f
[Dev Deps] backport from mainUpdates
follow-redirects
from 1.5.9 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
chownr
from 1.0.1 to 1.1.1Commits
7a5c3d5
1.1.103eb97e
Fix bug working on network-path files on windows76c21fa
1.1.0e8f0dc7
auto-publish scriptsb196e0e
add tests for old readdir supporte06dd8a
Avoid unnecessary stats on node v10.10 and above36a93e3
use lchown to address part 1 of TOCTOU issuea631d84
use lchown instead of chown, if availablecdd4ce7
use modern JavaScriptd548650
update tapUpdates
ini
from 1.3.5 to 4.1.2Release notes
Sourced from ini's releases.