Update dependency passport to v0.6.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
passport (source)	0.5.2 -> 0.6.0

GitHub Vulnerability Alerts

CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

---

Release Notes

jaredhanson/passport (passport)

v0.6.0

Compare Source

Added

• authenticate(), req#login, and req#logout accept a
  keepSessionInfo: true option to keep session information after regenerating
  the session.

Changed

• req#login() and req#logout() regenerate the the session and clear session
  information by default.
• req#logout() is now an asynchronous function and requires a callback
  function as the last argument.

Security

• Improved robustness against session fixation attacks in cases where there is
  physical access to the same system or the application is susceptible to
  cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed

• initialize() middleware extends request with login(), logIn(),
  logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
  again, reverting change from 0.5.1.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: server/package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @nestjs/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/passport
npm ERR!   passport@"0.6.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer passport@"^0.4.0 || ^0.5.0" from @nestjs/[email protected]
npm ERR! node_modules/@nestjs/passport
npm ERR!   @nestjs/passport@"8.2.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/passport
npm ERR!   peer passport@"^0.4.0 || ^0.5.0" from @nestjs/[email protected]
npm ERR!   node_modules/@nestjs/passport
npm ERR!     @nestjs/passport@"8.2.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-12-08T23_31_39_067Z-debug-0.log