Skip to content

fix(deps): update passport to ^0.7.0 to fix session regeneration CVE#2

Open
sstremovsky wants to merge 1 commit into
securitybunker:mainfrom
sstremovsky:fix/security-deps-20260609
Open

fix(deps): update passport to ^0.7.0 to fix session regeneration CVE#2
sstremovsky wants to merge 1 commit into
securitybunker:mainfrom
sstremovsky:fix/security-deps-20260609

Conversation

@sstremovsky

@sstremovsky sstremovsky commented Jun 9, 2026

Copy link
Copy Markdown

Security Dependency Updates

Resolves Dependabot security alerts by updating package.json version constraints.

Packages updated

  • passport: ^0.4.1 → ^0.7.0 (≥0.6.0 required; CVE: session fixation)

Notes

After merging, run npm install to regenerate package-lock.json with the updated versions.

See the Dependabot alerts in the Security tab for full CVE details.

🤖 Generated with Claude Code

@stremovsky
fix(deps): update vulnerable dependencies
1f1dce8 
Packages updated:
- passport: ^0.4.1 → ^0.7.0 (≥0.6.0 required; CVE: session fixation)

Fixes Dependabot security alerts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sstremovsky @stremovsky