authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.
Changed
req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.
Security
Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).
[0.5.3] - 2022-05-16
Fixed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.
[0.5.2] - 2021-12-16
Fixed
Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in passport@0.5.1.
[0.5.1] - 2021-12-15
Added
Informative error message in session strategy if session support is not
available.
Changed
authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.
[0.5.0] - 2021-09-23
Changed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated()
functions.
Option code.esm to generate ESM exports for standalone validation functions (@rehanvdm, #1861)
Support discriminator keyword with $ref in oneOf subschemas (@dfeufel, #1815)
Bumps the npm_and_yarn group with 19 updates in the / directory:
2.6.1
2.6.4
4.16.3
4.19.2
5.3.7
5.13.20
0.4.0
0.6.0
5.5.2
8.13.0
5.1.0
5.1.5
7.0.3
18.0.2
1.5.9
1.15.6
1.3.5
4.1.2
3.0.4
9.0.4
0.2.3
0.4.0
1.4.1
1.4.2
2.22.2
2.30.1
0.5.23
0.5.45
2.3.0
2.7.0
1.4.0
1.8.0
2.88.0
removed
1.3.0
7.7.1
3.2.1
3.2.2
Bumps the npm_and_yarn group with 23 updates in the /front-end directory:
4.16.3
4.19.2
5.5.2
8.13.0
0.7.5
18.0.2
6.1.5
18.0.2
5.1.0
5.1.5
6.5.2
6.5.3
1.18.2
1.20.2
0.2.0
0.2.2
1.5.8
1.15.6
1.2.4
1.2.13
1.3.5
1.3.8
3.0.4
3.1.2
5.5.1
5.7.2
1.7.1
6.4.3
0.2.3
0.4.0
1.4.1
1.4.2
4.17.11
4.17.21
2.0.0
2.0.1
1.0.0
1.0.1
6.1.8
10.2.5
7.1.0
7.24.6
4.0.12
4.7.8
3.1.5
3.10.1
Updates
async
from 2.6.1 to 2.6.4Changelog
Sourced from async's changelog.
Commits
c6bdaca
Version 2.6.48870da9
Update built files4df6754
update changelog8f7f903
Fix prototype pollution vulnerability (#1828)f1d8383
Version 2.6.32b674c1
update changelogeab740f
fix: udpate lodash. closes #1675eaf32be
Version 2.6.2684b42e
Update built filese1bd3da
update changelogMaintainer changes
This version was pushed to npm by hargasinski, a new releaser for async since your current version.
Updates
express
from 4.16.3 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
mongoose
from 5.3.7 to 5.13.20Changelog
Sourced from mongoose's changelog.
... (truncated)
Commits
0f3997a
chore: release 5.13.20f1efabf
fix: avoid prototype pollution on init98e0762
chore: release 5.13.197e36d21
chore: release 5.13.186759c60
undo accidental changes and actually pin@types/json-schema
4ed4a89
chore: pin version of@types/json-schema
because of install issues on node v4...9a9536d
Merge pull request #13535 from lorand-horvath/patch-1226424d5
5.x - bump mongodb driver to 3.7.44b8b0a9
add versionNumber to 5.x1bc07ec
chore: release 5.13.17Updates
passport
from 0.4.0 to 0.6.0Changelog
Sourced from passport's changelog.
... (truncated)
Commits
c33067b
0.6.03052bb4
Update changelog.42630cb
Merge pull request #900 from jaredhanson/fix-fixation8dd79fe
Use utils-merge rather than Object.assign for compatibility.4f6bd5b
Change keepSessionData to keepSessionData.46756e5
Silence verbose logging.987b191
Add tests.f8a175f
Add tests.29a90d6
No need to guard callback existence.bfba8a1
Add tests.Updates
ajv
from 5.5.2 to 8.13.0Release notes
Sourced from ajv's releases.
... (truncated)
Commits
857ecac
fix: bump node version in publish job (#2423)f74ecdb
bump version to 8.13.0 (#2421)c64f528
chore: update typescript to 5.3.3 (#2406)5370b84
chore: bump ajv-formats to 3.0.1 (#2402)32dc833
chore: update remaining deps except typescript (#2396)f4a4c8e
Add named exports for main classes (#2389) fixes #2381 #21325c7f3b6
chore: update prettier to 3.0.3 (#2393)27a88ea
Fixing broken links in the docs/packages readme file (#2221)45685de
docs: fix broken link to error logging (#2362)27178f5
Merge pull request #2366 from laurens/patch-2Updates
har-validator
from 5.1.0 to 5.1.5Release notes
Sourced from har-validator's releases.
Commits
b77cdcb
build(semantic-release): should release when docs are updated3a4d4f3
docs(readme): correct badge01c5f2a
style(lint): correct lint errorsab43db4
build(semantic-release): correct .releaserc file namebab9612
build(deps): update dependencies6742cb5
test(docker-compose): docker-compose for unified testingfd48174
ci(actions): replace old ci setup with new github actions workflows5c53c92
build(deps): [security] bump handlebars from 4.0.11 to 4.7.1 (#160)ea53334
chore(deps): lock file maintenance (#114)a38c067
5.1.3Updates
@angular/cli
from 7.0.3 to 18.0.2Release notes
Sourced from
@angular/cli
's releases.... (truncated)
Changelog
Sourced from
@angular/cli
's changelog.... (truncated)
Commits
a6a3c6e
release: cut the v18.0.2 releasec4cf359
fix(@angular/build
): print Sass@warn
locationacbffd2
fix(@angular/pwa
): set manifesticons
location to matchassets
builder op...92b48ab
fix(@schematics/angular
): set buildersassets
option correctly for new appl...3bb06c3
fix(@angular/build
): disable Worker wait loop for Sass compilations in web co...de8d703
docs: update blog, analytics, hydration links aio->adeve506a75
docs: update build guide links aio->adevfcdb75c
docs: update i18n, deploy links aio->dev422f032
docs: update browser support links aio->adevf006a80
docs: update workspace config links aio->adevMaintainer changes
This version was pushed to npm by google-wombot, a new releaser for
@angular/cli
since your current version.Updates
qs
from 6.5.1 to 6.5.2Changelog
Sourced from qs's changelog.
Commits
298bfa5
v6.5.3ed0f5dc
[Fix]parse
: ignore__proto__
keys (#428)691e739
[Robustness]stringify
: avoid relying on a globalundefined
(#427)1072d57
[readme] remove travis badge; add github actions/codecov badges; update URLs12ac1c4
[meta] fix README.md (#399)0338716
[actions] backport actions from main5639c20
Clean up license text so it’s properly detected as BSD-3-Clause51b8a0b
add FUNDING.yml45f6759
[Fix] fix for an impossible situation: when the formatter is called with a no...f814a7f
[Dev Deps] backport from mainUpdates
follow-redirects
from 1.5.9 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
chownr
from 1.0.1 to 1.1.1Commits
7a5c3d5
1.1.103eb97e
Fix bug working on network-path files on windows76c21fa
1.1.0e8f0dc7
auto-publish scriptsb196e0e
add tests for old readdir supporte06dd8a
Avoid unnecessary stats on node v10.10 and above36a93e3
use lchown to address part 1 of TOCTOU issuea631d84
use lchown instead of chown, if availablecdd4ce7
use modern JavaScriptd548650
update tapUpdates
ini
from 1.3.5 to 4.1.2Release notes
Sourced from ini's releases.