chore(deps): update dependency eslint to v8.49.0 (c7a1983)
chore(deps): update dependency @types/node to v18.17.15 (310fddc)
chore(deps): update dependency pactum to v3.5.1 (39cf46f)
chore(deps): update typescript-eslint monorepo to v6.6.0 (c69b1e7)
chore(deps): update dependency @types/node to v18.17.14 (871acb1)
chore(deps): update dependency @types/node to v18.17.13 (17850e5)
chore(deps): update dependency @nestjs/jwt to v10.1.1 (83190d3)
chore(deps): update nest monorepo to v10.2.4 (0769c40)
chore(deps): update nest monorepo to v10.2.3 (ea0f37a)
chore(deps): update dependency prettier to v3.0.3 (2a95142)
chore(deps): update typescript-eslint monorepo to v6.5.0 (99298d0)
chore(deps): update nest monorepo to v10.2.2 (074d334)
chore(deps): update dependency @types/node to v18.17.12 (4065f5a)
chore(deps): update dependency eslint to v8.48.0 (56222c3)
chore(deps): update dependency typescript to v5.2.2 (8fe1a0f)
chore(deps): update dependency @types/node to v18.17.11 (465652d)
chore(deps): update dependency jest to v29.6.4 (2c786fe)
chore(deps): update dependency @types/node to v18.17.9 (da3ae1b)
chore(deps): update dependency @types/node to v18.17.8 (292e3dd)
chore(deps): update dependency @types/jest to v29.5.4 (0230e75)
chore(deps): update nest monorepo to v10.2.1 (75f76ba)
chore(deps): update dependency @types/node to v18.17.7 (19a6834)
Release 10.0.1
Merge pull request #1386 from gaiuaurelian/fix/1385 (0f17e39)
chore(deps): update typescript-eslint monorepo to v6.4.1 (322857a)
chore(deps): update dependency jest to v29.6.3 (0511129)
chore(deps): update nest monorepo to v10.2.0 (8fc1e7b)
chore(deps): update dependency lint-staged to v14.0.1 (e747dc1)
chore(deps): update dependency eslint-plugin-import to v2.28.1 (eea965f)
chore(deps): update dependency @types/node to v18.17.6 (7ca9132)
fix(@nestjs/passport): pass options to request.logIn in order to pass keepSessionInfo property or other properties to passport sessionManager (7c9de11)
chore(deps): update dependency prettier to v3.0.2 (eb43a86)
chore(deps): update typescript-eslint monorepo to v6.4.0 (cf49e3c)
chore(deps): update dependency lint-staged to v14 (a6a1ae5)
chore(deps): update dependency pactum to v3.5.0 (2ef5d4c)
chore(deps): update dependency lint-staged to v13.3.0 (82f9c09)
chore(deps): update dependency release-it to v16.1.5 (865b1b7)
chore(deps): update dependency @types/node to v18.17.5 (44bd7f4)
chore(deps): update dependency eslint to v8.47.0 (212d67e)
chore(deps): update dependency @commitlint/cli to v17.7.1 (d87e567)
chore(deps): update dependency release-it to v16.1.4 (a99b777)
chore(deps): update commitlint monorepo to v17.7.0 (6a749a6)
chore(deps): update dependency @types/node to v18.17.4 (867aa0c)
chore(deps): update typescript-eslint monorepo to v6.3.0 (cd12345)
chore(deps): update dependency eslint-config-prettier to v9 (8c2c4de)
chore(deps): update dependency @types/node to v18.17.3 (dd29b82)
Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
Use Node's atob when running on node.
Drop support for Node 14 and 16, add support for Node 20.
Add support for package.json's exports field, for better CJS/ESM support
Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
Infer JwtPayload and JwtHeader default types from the header argument by using overloads.
Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.
Migration to v4.0.0
The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:
-import jwtDecodefrom "jwt-decode";
+import { jwtDecode } from "jwt-decode";
v4.0.0-beta.4
Breaking changes
Raise minimum Node.js version to 18 #209 (jonkoops)
Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
Use Node's atob when running on node.
Drop support for Node 14 and 16, add support for Node 20.
Add support for package.json's exports field, for better CJS/ESM support
Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
Infer JwtPayload and JwtHeader default types from the header argument by using overloads.
Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.
Migration to v4.0.0
The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:
-import jwtDecode from "jwt-decode";
+import { jwtDecode } from "jwt-decode";
Set req.authInfo by default when using the assignProperty option to
authenticate() middleware. This makes the behavior the same as when not using
the option, and can be disabled by setting authInfo option to false.
[0.6.0] - 2022-05-20
Added
authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.
Changed
req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.
Security
Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).
[0.5.3] - 2022-05-16
Fixed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.
[0.5.2] - 2021-12-16
Fixed
Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in passport@0.5.1.
[0.5.1] - 2021-12-15
Added
Informative error message in session strategy if session support is not
available.
Changed
authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the passport group in /generators/node-server/resources with 5 updates:
7.1.0
10.0.2
3.1.1
4.0.0
0.4.1
0.7.0
4.0.0
4.0.1
3.0.3
3.0.13
Updates
@nestjs/passport
from 7.1.0 to 10.0.2Release notes
Sourced from
@nestjs/passport
's releases.... (truncated)
Commits
c929fd6
chore(): release v10.0.285383fa
Merge branch 'master' of https://github.com/nestjs/passporteabad6a
fix: replace generic with anyc7a1983
chore(deps): update dependency eslint to v8.49.0310fddc
chore(deps): update dependency@types/node
to v18.17.1539cf46f
chore(deps): update dependency pactum to v3.5.1c69b1e7
chore(deps): update typescript-eslint monorepo to v6.6.0871acb1
chore(deps): update dependency@types/node
to v18.17.1417850e5
chore(deps): update dependency@types/node
to v18.17.1383190d3
chore(deps): update dependency@nestjs/jwt
to v10.1.1Updates
jwt-decode
from 3.1.1 to 4.0.0Release notes
Sourced from jwt-decode's releases.
... (truncated)
Changelog
Sourced from jwt-decode's changelog.
... (truncated)
Commits
3b2d105
Update CHANGELOG.mdbd50db0
Release v4.0.0 (#232)bcfd7da
Bump actions/checkout from 3 to 4 (#228)6ec1cba
Bump concurrently from 8.2.0 to 8.2.2 (#226)807d123
Bump@typescript-eslint/eslint-plugin
from 6.4.1 to 6.9.0 (#229)f68e292
Bump eslint-plugin-import from 2.28.1 to 2.29.0 (#230)b2e7489
Bump eslint-import-resolver-typescript from 3.6.0 to 3.6.1 (#225)ccb6488
Bump lint-staged from 14.0.1 to 15.0.2 (#231)cf3cd4f
Bump actions/setup-node from 3 to 4 (#227)0ce8017
pin babel/core to recent version and bump jestMaintainer changes
This version was pushed to npm by auth0-oss, a new releaser for jwt-decode since your current version.
Updates
passport
from 0.4.1 to 0.7.0Changelog
Sourced from passport's changelog.
... (truncated)
Commits
33b92f9
0.7.08dd8ec5
Update changelog.2815dc9
Merge pull request #1012 from jaredhanson/authinfo-assignprop0f2f81c
Fix test to allow setting of authInfo with assignProperty.b4e4cff
Fix test to allow setting of authInfo from authorize call.da379a0
Merge branch 'master' into authinfo-assignpropcfdbd4a
Update sponsors.6cc8a7c
Update sponsors.b6ab747
Update sponsors.c521bc8
Add FusionAuth as sponsor.Updates
passport-jwt
from 4.0.0 to 4.0.1Commits
fed94fa
4.0.1 releasecfb5566
Merge pull request #248 from mikenicholson/update-minmatch8e4ad5b
Address minmatch vulnerabilitye9cf2ce
Merge pull request #247 from mikenicholson/jsonwebtoken-9bfbc6cc
Update jsonwebtoken to 9.0.0a49b43e
Update minimist due to prototype pollution vulnerability in previous versiona5137c6
Merge pull request #192 from markhoney/patch-1ea824cd
Update jsonwebtoken and run npm audit fix8e57eec
Remove older node versions shiping npm without support for "ci"3ab9305
Add CI workflow in GitHub ActionsUpdates
@types/passport-jwt
from 3.0.3 to 3.0.13Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show