parse-dashboard
parse-dashboard copied to clipboard
parse-community
refactor: security upgrade passport from 0.5.3 to 0.6.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
454/1000 Why? Has a fix available, CVSS 4.8 |
Session Fixation SNYK-JS-PASSPORT-2840631 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: passport
The new version differs by 31 commits.- c33067b 0.6.0
- 3052bb4 Update changelog.
- 42630cb Merge pull request #900 from jaredhanson/fix-fixation
- 8dd79fe Use utils-merge rather than Object.assign for compatibility.
- 4f6bd5b Change keepSessionData to keepSessionData.
- 46756e5 Silence verbose logging.
- 987b191 Add tests.
- f8a175f Add tests.
- 29a90d6 No need to guard callback existence.
- bfba8a1 Add tests.
- 17111d7 Add option to keep session data on logout.
- a349c2b Add option to keep session data.
- e69834e Add optional options to login and logout.
- 8825a9a Add tests.
- c1991cf Add tests.
- 294f22c Better session detection and exceptions.
- 80cc4e3 Add tests.
- 3001654 Add tests.
- b395106 Clean up tests.
- cfa8259 Add tests.
- ee0bf81 Add tests.
- cc7606c Add tests.
- 71c54f6 Add test.
- 88c1f1b Handle logout without session manager.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
I will reformat the title to use the proper commit message syntax.
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for opening this pull request!
- ❌ Please edit your post and use the provided template when creating a new pull request. This helps everyone to understand your post better and asks for essential information to quicker review the pull request.
⚠️ DO NOT MERGE OR CLOSE THIS PR
The passport dependency cannot be upgraded due to an existing issue with the dependency itself, see https://github.com/parse-community/parse-dashboard/issues/2194. If this PR is closed, a new one will be automatically reopened, so keep it open for now.
