Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the passport group in /generators/node-server/resources with 6 updates #435

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the passport group in /generators/node-server/resources with 6 updates #435

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2024
edited
Loading

Bumps the passport group in /generators/node-server/resources with 6 updates:

Package From To
@nestjs/passport 7.1.0 10.0.3
jwt-decode 3.1.1 4.0.0
passport 0.4.1 0.7.0
passport-jwt 4.0.0 4.0.1
@types/passport-jwt 3.0.3 4.0.1
passport-oauth2 1.7.0 1.8.0

Updates @nestjs/passport from 7.1.0 to 10.0.3

Release notes

Sourced from @​nestjs/passport's releases.

Release 10.0.3

  • Merge pull request #1455 from nestjs/renovate/cimg-node-21.x (fe6ad2e)
  • Merge pull request #1502 from nestjs/renovate/passport-0.x (f46ffb9)
  • chore(deps): update dependency lint-staged to v15.2.0 (46b4f69)
  • chore(deps): update dependency @​types/node to v20.10.3 (d213a85)
  • chore(deps): update dependency eslint-config-prettier to v9.1.0 (69bb1f6)
  • chore(deps): update dependency eslint to v8.55.0 (f5fa401)
  • chore(deps): update dependency @​types/node to v20.10.2 (1e9cad1)
  • chore(deps): update dependency @​types/node to v20.10.1 (145ecda)
  • chore(deps): update typescript-eslint monorepo to v6.13.1 (70a908f)
  • chore(deps): update typescript-eslint monorepo to v6.13.0 (c73d48e)
  • chore(deps): update dependency passport to v0.7.0 (d0b9a60)
  • chore(deps): update dependency @​types/node to v20.10.0 (4f3245d)
  • chore(deps): update dependency @​types/node to v20.9.5 (114a3b6)
  • chore(deps): update dependency @​types/node to v20.9.4 (4002acc)
  • chore(deps): update dependency @​types/jest to v29.5.10 (6dc6c09)
  • chore(deps): update dependency @​types/passport to v1.0.16 (502554c)
  • chore(deps): update dependency @​types/node to v20.9.3 (82c77c4)
  • chore(deps): update commitlint monorepo to v18.4.3 (1dae894)
  • chore(deps): update dependency @​types/jest to v29.5.9 (b1e0fa8)
  • chore(deps): update typescript-eslint monorepo to v6.12.0 (7d4dc10)
  • chore(deps): update dependency typescript to v5.3.2 (96cb3ea)
  • chore(deps): update nest monorepo to v10.2.10 (d8313ed)
  • chore(deps): update dependency @​types/node to v20.9.2 (dd750ce)
  • chore(deps): update dependency eslint to v8.54.0 (b7c9666)
  • chore(deps): update nest monorepo to v10.2.9 (3b9472f)
  • chore(deps): update dependency @​types/node to v20.9.1 (b80e559)
  • chore(deps): update commitlint monorepo to v18.4.2 (6678d6a)
  • chore(deps): update node.js to v21 (68cebed)
  • chore(deps): update typescript-eslint monorepo to v6.11.0 (c98e1e4)
  • chore(deps): update dependency prettier to v3.1.0 (6fbd769)
  • chore(deps): update dependency @​commitlint/cli to v18.4.1 (d13e432)
  • chore(deps): update dependency lint-staged to v15.1.0 (156f7fc)
  • chore(deps): update dependency release-it to v17 (7ae90f1)
  • chore(deps): update commitlint monorepo to v18.4.0 (9aff968)
  • chore(deps): update dependency @​nestjs/jwt to v10.2.0 (e32dc20)
  • chore(deps): update dependency @​types/node to v20.9.0 (3348f7b)
  • chore(deps): update dependency @​types/jest to v29.5.8 (1a097ac)
  • chore(deps): update dependency @​types/passport-local to v1.0.38 (2ba1dff)
  • chore(deps): update dependency @​types/passport-jwt to v3.0.13 (68e04ca)
  • chore(deps): update dependency @​types/passport to v1.0.15 (d01a44c)
  • chore(deps): update typescript-eslint monorepo to v6.10.0 (4d90057)
  • chore(deps): update dependency eslint to v8.53.0 (15a3ce9)
  • chore(deps): update nest monorepo to v10.2.8 (a318101)
  • chore(deps): update dependency @​types/node to v20.8.10 (87a27a1)
  • chore(deps): update dependency @​types/jest to v29.5.7 (791cefb)
  • chore(deps): update typescript-eslint monorepo to v6.9.1 (087cdaa)
  • chore(deps): update dependency @​types/passport-jwt to v3.0.12 (0fdec75)
  • chore(deps): update dependency @​commitlint/cli to v18.2.0 (a4e907f)
  • chore(deps): update dependency @​types/node to v20.8.9 (1a53236)

... (truncated)

Commits
  • 653ff8e chore(): release v10.0.3
  • fe6ad2e Merge pull request #1455 from nestjs/renovate/cimg-node-21.x
  • f46ffb9 Merge pull request #1502 from nestjs/renovate/passport-0.x
  • 46b4f69 chore(deps): update dependency lint-staged to v15.2.0
  • d213a85 chore(deps): update dependency @​types/node to v20.10.3
  • 69bb1f6 chore(deps): update dependency eslint-config-prettier to v9.1.0
  • f5fa401 chore(deps): update dependency eslint to v8.55.0
  • 1e9cad1 chore(deps): update dependency @​types/node to v20.10.2
  • 145ecda chore(deps): update dependency @​types/node to v20.10.1
  • 70a908f chore(deps): update typescript-eslint monorepo to v6.13.1
  • Additional commits viewable in compare view

Updates jwt-decode from 3.1.1 to 4.0.0

Release notes

Sourced from jwt-decode's releases.

v4.0.0

A new version of the library, including a couple of improvements:

  • No longer include a polyfill for atob, as this is supported in all major browsers (and node environments > 14).
  • Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
  • Use Node's atob when running on node.
  • Drop support for Node 14 and 16, add support for Node 20.
  • Add support for package.json's exports field, for better CJS/ESM support
  • Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
  • Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
  • Infer JwtPayload and JwtHeader default types from the header argument by using overloads.

Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.

Migration to v4.0.0

The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:

-import jwtDecodefrom "jwt-decode";
+import { jwtDecode } from "jwt-decode";

v4.0.0-beta.4

Breaking changes

Fixed

v4.0.0-beta.3

Breaking changes

Changed

v4.0.0-beta.2

Changed

Fixed

  • Ensure types are bundled and correctly linked #174 (jonkoops)

v4.0.0-beta.1

Fixed

... (truncated)

Changelog

Sourced from jwt-decode's changelog.

Version 4.0.0

Full Changelog

A new version of the library, including a couple of improvements:

  • No longer include a polyfill for atob, as this is supported in all major browsers (and node environments > 14).
  • Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
  • Use Node's atob when running on node.
  • Drop support for Node 14 and 16, add support for Node 20.
  • Add support for package.json's exports field, for better CJS/ESM support
  • Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
  • Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
  • Infer JwtPayload and JwtHeader default types from the header argument by using overloads.

Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.

Migration to v4.0.0

The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:

-import jwtDecode from "jwt-decode";
+import { jwtDecode } from "jwt-decode";

Version 4.0.0-beta.4

Full Changelog

Breaking changes

Fixed

Version 4.0.0-beta.3

Full Changelog

Breaking changes

Changed

Version 4.0.0-beta.2

... (truncated)

Commits
  • 3b2d105 Update CHANGELOG.md
  • bd50db0 Release v4.0.0 (#232)
  • bcfd7da Bump actions/checkout from 3 to 4 (#228)
  • 6ec1cba Bump concurrently from 8.2.0 to 8.2.2 (#226)
  • 807d123 Bump @​typescript-eslint/eslint-plugin from 6.4.1 to 6.9.0 (#229)
  • f68e292 Bump eslint-plugin-import from 2.28.1 to 2.29.0 (#230)
  • b2e7489 Bump eslint-import-resolver-typescript from 3.6.0 to 3.6.1 (#225)
  • ccb6488 Bump lint-staged from 14.0.1 to 15.0.2 (#231)
  • cf3cd4f Bump actions/setup-node from 3 to 4 (#227)
  • 0ce8017 pin babel/core to recent version and bump jest
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by auth0-oss, a new releaser for jwt-decode since your current version.


Updates passport from 0.4.1 to 0.7.0

Changelog

Sourced from passport's changelog.

[0.7.0] - 2023-11-27

Changed

  • Set req.authInfo by default when using the assignProperty option to authenticate() middleware. This makes the behavior the same as when not using the option, and can be disabled by setting authInfo option to false.

[0.6.0] - 2022-05-20

Added

  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

  • Introduced a compatibility layer for strategies that depend directly on [email protected] or earlier (such as passport-azure-ad), which were broken by the removal of private variables in [email protected].

[0.5.1] - 2021-12-15

Added

  • Informative error message in session strategy if session support is not available.

Changed

  • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

... (truncated)

Commits
  • 33b92f9 0.7.0
  • 8dd8ec5 Update changelog.
  • 2815dc9 Merge pull request #1012 from jaredhanson/authinfo-assignprop
  • 0f2f81c Fix test to allow setting of authInfo with assignProperty.
  • b4e4cff Fix test to allow setting of authInfo from authorize call.
  • da379a0 Merge branch 'master' into authinfo-assignprop
  • cfdbd4a Update sponsors.
  • 6cc8a7c Update sponsors.
  • b6ab747 Update sponsors.
  • c521bc8 Add FusionAuth as sponsor.
  • Additional commits viewable in compare view

Updates passport-jwt from 4.0.0 to 4.0.1

Commits
  • fed94fa 4.0.1 release
  • cfb5566 Merge pull request #248 from mikenicholson/update-minmatch
  • 8e4ad5b Address minmatch vulnerability
  • e9cf2ce Merge pull request #247 from mikenicholson/jsonwebtoken-9
  • bfbc6cc Update jsonwebtoken to 9.0.0
  • a49b43e Update minimist due to prototype pollution vulnerability in previous version
  • a5137c6 Merge pull request #192 from markhoney/patch-1
  • ea824cd Update jsonwebtoken and run npm audit fix
  • 8e57eec Remove older node versions shiping npm without support for "ci"
  • 3ab9305 Add CI workflow in GitHub Actions
  • Additional commits viewable in compare view

Updates @types/passport-jwt from 3.0.3 to 4.0.1

Commits

Updates passport-oauth2 from 1.7.0 to 1.8.0

Changelog

Sourced from passport-oauth2's changelog.

[1.8.0] - 2024-02-02

Fixed

  • Fixed intermittent "Failed to obtain access token" error by updating oauth dependency from 0.9.x to 0.10.x. This error seems to occur more frequently on fast connections which get reset after receiving an access token response.
Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 5, 2024
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 2cd442b to eb92122 Compare February 9, 2024 06:47
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from eb92122 to 96994b0 Compare February 21, 2024 06:59
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 96994b0 to 7fdfc20 Compare March 18, 2024 06:36
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 7fdfc20 to 203d5b6 Compare March 26, 2024 06:13
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 203d5b6 to c7bf5aa Compare April 4, 2024 07:11
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from c7bf5aa to 986e561 Compare April 12, 2024 07:04
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch 2 times, most recently from 39d1f30 to 3633a16 Compare April 29, 2024 07:04
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 3633a16 to 079d785 Compare May 13, 2024 06:30
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 079d785 to 485a63f Compare May 31, 2024 06:28
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 485a63f to 60e363b Compare June 12, 2024 06:19
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from 60e363b to dd5f7fd Compare July 15, 2024 06:14
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from dd5f7fd to f0071af Compare September 10, 2024 06:57
@dependabot
Bump the passport group
c697a81 
Bumps the passport group in /generators/node-server/resources with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@nestjs/passport](https://github.com/nestjs/passport) | `7.1.0` | `10.0.3` |
| [jwt-decode](https://github.com/auth0/jwt-decode) | `3.1.1` | `4.0.0` |
| [passport](https://github.com/jaredhanson/passport) | `0.4.1` | `0.7.0` |
| [passport-jwt](https://github.com/mikenicholson/passport-jwt) | `4.0.0` | `4.0.1` |
| [@types/passport-jwt](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/passport-jwt) | `3.0.3` | `4.0.1` |
| [passport-oauth2](https://github.com/jaredhanson/passport-oauth2) | `1.7.0` | `1.8.0` |


Updates `@nestjs/passport` from 7.1.0 to 10.0.3
- [Release notes](https://github.com/nestjs/passport/releases)
- [Changelog](https://github.com/nestjs/passport/blob/master/.release-it.json)
- [Commits](nestjs/passport@7.1.0...10.0.3)

Updates `jwt-decode` from 3.1.1 to 4.0.0
- [Release notes](https://github.com/auth0/jwt-decode/releases)
- [Changelog](https://github.com/auth0/jwt-decode/blob/main/CHANGELOG.md)
- [Commits](auth0/jwt-decode@v3.1.1...v4.0.0)

Updates `passport` from 0.4.1 to 0.7.0
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.4.1...v0.7.0)

Updates `passport-jwt` from 4.0.0 to 4.0.1
- [Commits](mikenicholson/passport-jwt@v4.0.0...v4.0.1)

Updates `@types/passport-jwt` from 3.0.3 to 4.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/passport-jwt)

Updates `passport-oauth2` from 1.7.0 to 1.8.0
- [Changelog](https://github.com/jaredhanson/passport-oauth2/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport-oauth2@v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: "@nestjs/passport"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: passport
- dependency-name: jwt-decode
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: passport
- dependency-name: passport
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: passport
- dependency-name: passport-jwt
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: passport
- dependency-name: "@types/passport-jwt"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: passport
- dependency-name: passport-oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: passport
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/generators/node-server/resources/passport-075e105ed0 branch from f0071af to c697a81 Compare September 13, 2024 06:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants