Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
Use Node's atob when running on node.
Drop support for Node 14 and 16, add support for Node 20.
Add support for package.json's exports field, for better CJS/ESM support
Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
Infer JwtPayload and JwtHeader default types from the header argument by using overloads.
Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.
Migration to v4.0.0
The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:
-import jwtDecodefrom "jwt-decode";
+import { jwtDecode } from "jwt-decode";
v4.0.0-beta.4
Breaking changes
Raise minimum Node.js version to 18 #209 (jonkoops)
Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
Use Node's atob when running on node.
Drop support for Node 14 and 16, add support for Node 20.
Add support for package.json's exports field, for better CJS/ESM support
Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
Infer JwtPayload and JwtHeader default types from the header argument by using overloads.
Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.
Migration to v4.0.0
The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:
-import jwtDecode from "jwt-decode";
+import { jwtDecode } from "jwt-decode";
Set req.authInfo by default when using the assignProperty option to
authenticate() middleware. This makes the behavior the same as when not using
the option, and can be disabled by setting authInfo option to false.
[0.6.0] - 2022-05-20
Added
authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.
Changed
req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.
Security
Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).
[0.5.3] - 2022-05-16
Fixed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.
[0.5.2] - 2021-12-16
Fixed
Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in passport@0.5.1.
[0.5.1] - 2021-12-15
Added
Informative error message in session strategy if session support is not
available.
Changed
authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the passport group in /generators/node-server/resources with 5 updates:
7.1.0
10.0.3
3.1.1
4.0.0
0.4.1
0.7.0
4.0.0
4.0.1
3.0.3
3.0.13
Updates
@nestjs/passport
from 7.1.0 to 10.0.3Release notes
Sourced from
@nestjs/passport
's releases.... (truncated)
Commits
653ff8e
chore(): release v10.0.3fe6ad2e
Merge pull request #1455 from nestjs/renovate/cimg-node-21.xf46ffb9
Merge pull request #1502 from nestjs/renovate/passport-0.x46b4f69
chore(deps): update dependency lint-staged to v15.2.0d213a85
chore(deps): update dependency@types/node
to v20.10.369bb1f6
chore(deps): update dependency eslint-config-prettier to v9.1.0f5fa401
chore(deps): update dependency eslint to v8.55.01e9cad1
chore(deps): update dependency@types/node
to v20.10.2145ecda
chore(deps): update dependency@types/node
to v20.10.170a908f
chore(deps): update typescript-eslint monorepo to v6.13.1Updates
jwt-decode
from 3.1.1 to 4.0.0Release notes
Sourced from jwt-decode's releases.
... (truncated)
Changelog
Sourced from jwt-decode's changelog.
... (truncated)
Commits
3b2d105
Update CHANGELOG.mdbd50db0
Release v4.0.0 (#232)bcfd7da
Bump actions/checkout from 3 to 4 (#228)6ec1cba
Bump concurrently from 8.2.0 to 8.2.2 (#226)807d123
Bump@typescript-eslint/eslint-plugin
from 6.4.1 to 6.9.0 (#229)f68e292
Bump eslint-plugin-import from 2.28.1 to 2.29.0 (#230)b2e7489
Bump eslint-import-resolver-typescript from 3.6.0 to 3.6.1 (#225)ccb6488
Bump lint-staged from 14.0.1 to 15.0.2 (#231)cf3cd4f
Bump actions/setup-node from 3 to 4 (#227)0ce8017
pin babel/core to recent version and bump jestMaintainer changes
This version was pushed to npm by auth0-oss, a new releaser for jwt-decode since your current version.
Updates
passport
from 0.4.1 to 0.7.0Changelog
Sourced from passport's changelog.
... (truncated)
Commits
33b92f9
0.7.08dd8ec5
Update changelog.2815dc9
Merge pull request #1012 from jaredhanson/authinfo-assignprop0f2f81c
Fix test to allow setting of authInfo with assignProperty.b4e4cff
Fix test to allow setting of authInfo from authorize call.da379a0
Merge branch 'master' into authinfo-assignpropcfdbd4a
Update sponsors.6cc8a7c
Update sponsors.b6ab747
Update sponsors.c521bc8
Add FusionAuth as sponsor.Updates
passport-jwt
from 4.0.0 to 4.0.1Commits
fed94fa
4.0.1 releasecfb5566
Merge pull request #248 from mikenicholson/update-minmatch8e4ad5b
Address minmatch vulnerabilitye9cf2ce
Merge pull request #247 from mikenicholson/jsonwebtoken-9bfbc6cc
Update jsonwebtoken to 9.0.0a49b43e
Update minimist due to prototype pollution vulnerability in previous versiona5137c6
Merge pull request #192 from markhoney/patch-1ea824cd
Update jsonwebtoken and run npm audit fix8e57eec
Remove older node versions shiping npm without support for "ci"3ab9305
Add CI workflow in GitHub ActionsUpdates
@types/passport-jwt
from 3.0.3 to 3.0.13Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show