From 1f1dce8d122025090cd6a412d1d52fa9bd773fa2 Mon Sep 17 00:00:00 2001
From: sstremovsky <stremovsky@gmail.com>
Date: Tue, 9 Jun 2026 20:24:39 +0300
Subject: [PATCH] fix(deps): update vulnerable dependencies
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Packages updated:
- passport: ^0.4.1 → ^0.7.0 (≥0.6.0 required; CVE: session fixation)

Fixes Dependabot security alerts.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5675053..c5ed006 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "express": "^4.17.1",
     "express-session": "^1.17.1",
     "morgan": "^1.10.0",
-    "passport": "^0.4.1",
+    "passport": "^0.7.0",
     "passport-magic": "^1.0.0"
   }
 }