Bump the passport group in /generators/node-server/resources with 5 updates

[dependabot]

Bumps the passport group in /generators/node-server/resources with 5 updates:

Package	From	To
@nestjs/passport	7.1.0	10.0.2
jwt-decode	3.1.1	4.0.0
passport	0.4.1	0.6.0
passport-jwt	4.0.0	4.0.1
@types/passport-jwt	3.0.3	3.0.13

Updates @nestjs/passport from 7.1.0 to 10.0.2

Release notes

Sourced from @​nestjs/passport's releases.

Release 10.0.2

• Merge branch 'master' of https://github.com/nestjs/passport (85383fa)
• fix: replace generic with any (eabad6a)
• chore(deps): update dependency eslint to v8.49.0 (c7a1983)
• chore(deps): update dependency @​types/node to v18.17.15 (310fddc)
• chore(deps): update dependency pactum to v3.5.1 (39cf46f)
• chore(deps): update typescript-eslint monorepo to v6.6.0 (c69b1e7)
• chore(deps): update dependency @​types/node to v18.17.14 (871acb1)
• chore(deps): update dependency @​types/node to v18.17.13 (17850e5)
• chore(deps): update dependency @​nestjs/jwt to v10.1.1 (83190d3)
• chore(deps): update nest monorepo to v10.2.4 (0769c40)
• chore(deps): update nest monorepo to v10.2.3 (ea0f37a)
• chore(deps): update dependency prettier to v3.0.3 (2a95142)
• chore(deps): update typescript-eslint monorepo to v6.5.0 (99298d0)
• chore(deps): update nest monorepo to v10.2.2 (074d334)
• chore(deps): update dependency @​types/node to v18.17.12 (4065f5a)
• chore(deps): update dependency eslint to v8.48.0 (56222c3)
• chore(deps): update dependency typescript to v5.2.2 (8fe1a0f)
• chore(deps): update dependency @​types/node to v18.17.11 (465652d)
• chore(deps): update dependency jest to v29.6.4 (2c786fe)
• chore(deps): update dependency @​types/node to v18.17.9 (da3ae1b)
• chore(deps): update dependency @​types/node to v18.17.8 (292e3dd)
• chore(deps): update dependency @​types/jest to v29.5.4 (0230e75)
• chore(deps): update nest monorepo to v10.2.1 (75f76ba)
• chore(deps): update dependency @​types/node to v18.17.7 (19a6834)

Release 10.0.1

• Merge pull request #1386 from gaiuaurelian/fix/1385 (0f17e39)
• chore(deps): update typescript-eslint monorepo to v6.4.1 (322857a)
• chore(deps): update dependency jest to v29.6.3 (0511129)
• chore(deps): update nest monorepo to v10.2.0 (8fc1e7b)
• chore(deps): update dependency lint-staged to v14.0.1 (e747dc1)
• chore(deps): update dependency eslint-plugin-import to v2.28.1 (eea965f)
• chore(deps): update dependency @​types/node to v18.17.6 (7ca9132)
• fix(@​nestjs/passport): pass options to request.logIn in order to pass keepSessionInfo property or other properties to passport sessionManager (7c9de11)
• chore(deps): update dependency prettier to v3.0.2 (eb43a86)
• chore(deps): update typescript-eslint monorepo to v6.4.0 (cf49e3c)
• chore(deps): update dependency lint-staged to v14 (a6a1ae5)
• chore(deps): update dependency pactum to v3.5.0 (2ef5d4c)
• chore(deps): update dependency lint-staged to v13.3.0 (82f9c09)
• chore(deps): update dependency release-it to v16.1.5 (865b1b7)
• chore(deps): update dependency @​types/node to v18.17.5 (44bd7f4)
• chore(deps): update dependency eslint to v8.47.0 (212d67e)
• chore(deps): update dependency @​commitlint/cli to v17.7.1 (d87e567)
• chore(deps): update dependency release-it to v16.1.4 (a99b777)
• chore(deps): update commitlint monorepo to v17.7.0 (6a749a6)
• chore(deps): update dependency @​types/node to v18.17.4 (867aa0c)
• chore(deps): update typescript-eslint monorepo to v6.3.0 (cd12345)
• chore(deps): update dependency eslint-config-prettier to v9 (8c2c4de)
• chore(deps): update dependency @​types/node to v18.17.3 (dd29b82)

... (truncated)

Commits

• c929fd6 chore(): release v10.0.2
• 85383fa Merge branch 'master' of https://github.com/nestjs/passport
• eabad6a fix: replace generic with any
• c7a1983 chore(deps): update dependency eslint to v8.49.0
• 310fddc chore(deps): update dependency @​types/node to v18.17.15
• 39cf46f chore(deps): update dependency pactum to v3.5.1
• c69b1e7 chore(deps): update typescript-eslint monorepo to v6.6.0
• 871acb1 chore(deps): update dependency @​types/node to v18.17.14
• 17850e5 chore(deps): update dependency @​types/node to v18.17.13
• 83190d3 chore(deps): update dependency @​nestjs/jwt to v10.1.1
• Additional commits viewable in compare view

Updates jwt-decode from 3.1.1 to 4.0.0

Release notes

Sourced from jwt-decode's releases.

v4.0.0

A new version of the library, including a couple of improvements:

• No longer include a polyfill for atob, as this is supported in all major browsers (and node environments > 14).
• Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
• Use Node's atob when running on node.
• Drop support for Node 14 and 16, add support for Node 20.
• Add support for package.json's exports field, for better CJS/ESM support
• Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
• Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
• Infer JwtPayload and JwtHeader default types from the header argument by using overloads.

Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.

Migration to v4.0.0

The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:

-import jwtDecodefrom "jwt-decode";
+import { jwtDecode } from "jwt-decode";

v4.0.0-beta.4

Breaking changes

• Raise minimum Node.js version to 18 #209 (jonkoops)

Fixed

• fix default condition should be the last one #199 (frederikprijck)

v4.0.0-beta.3

Breaking changes

• Drop UMD bundle #193 (frederikprijck)

Changed

• Use modern JavaScript syntax #187 (jonkoops)
• Use ESNext as default module system #188 (jonkoops)
• Avoid using any bundlers but use tsc instead #192 (frederikprijck)

v4.0.0-beta.2

Changed

• Avoid using default exports #175 (frederikprijck)
• Make options optional no default function parameter initializer #179 (cristobal)

Fixed

• Ensure types are bundled and correctly linked #174 (jonkoops)

v4.0.0-beta.1

Fixed

• Ensure build is run on prepack #167 (frederikprijck)

... (truncated)

Changelog

Sourced from jwt-decode's changelog.

Version 4.0.0

Full Changelog

A new version of the library, including a couple of improvements:

• No longer include a polyfill for atob, as this is supported in all major browsers (and node environments > 14).
• Compile to ES2017, dropping support for anything that does not support ES2017 (which should be very limited according to caniuse)
• Use Node's atob when running on node.
• Drop support for Node 14 and 16, add support for Node 20.
• Add support for package.json's exports field, for better CJS/ESM support
• Reorganize build artifacts for better CJS/ESM support (cjs and esm needs to be their own directory with a cjs specific package.json file)
• Drop manual UMD bundle creation in index.standalone.ts, but rely on rollup instead.
• Infer JwtPayload and JwtHeader default types from the header argument by using overloads.

Even though some users might experience breaking changes, mostly because of the exports field, the majority should be able to update without making any changes, assuming the SDK is used in environments with support for atob.

Migration to v4.0.0

The jwtDecode function is now no longer the default export, and is instead provided as a named export. Make sure to update your code in places where you are importing this function:

-import jwtDecode from "jwt-decode";
+import { jwtDecode } from "jwt-decode";

Version 4.0.0-beta.4

Full Changelog

Breaking changes

• Raise minimum Node.js version to 18 #209 (jonkoops)

Fixed

• fix default condition should be the last one #199 (frederikprijck)

Version 4.0.0-beta.3

Full Changelog

Breaking changes

• Drop UMD bundle #193 (frederikprijck)

Changed

• Use modern JavaScript syntax #187 (jonkoops)
• Use ESNext as default module system #188 (jonkoops)
• Avoid using any bundlers but use tsc instead #192 (frederikprijck)

Version 4.0.0-beta.2

... (truncated)

Commits

• 3b2d105 Update CHANGELOG.md
• bd50db0 Release v4.0.0 (#232)
• bcfd7da Bump actions/checkout from 3 to 4 (#228)
• 6ec1cba Bump concurrently from 8.2.0 to 8.2.2 (#226)
• 807d123 Bump @​typescript-eslint/eslint-plugin from 6.4.1 to 6.9.0 (#229)
• f68e292 Bump eslint-plugin-import from 2.28.1 to 2.29.0 (#230)
• b2e7489 Bump eslint-import-resolver-typescript from 3.6.0 to 3.6.1 (#225)
• ccb6488 Bump lint-staged from 14.0.1 to 15.0.2 (#231)
• cf3cd4f Bump actions/setup-node from 3 to 4 (#227)
• 0ce8017 pin babel/core to recent version and bump jest
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by auth0-oss, a new releaser for jwt-decode since your current version.

Updates passport from 0.4.1 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

• authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

• req#login() and req#logout() regenerate the the session and clear session information by default.
• req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

• Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

• initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

• Introduced a compatibility layer for strategies that depend directly on [email protected] or earlier (such as passport-azure-ad), which were broken by the removal of private variables in [email protected].

[0.5.1] - 2021-12-15

Added

• Informative error message in session strategy if session support is not available.

Changed

• authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

• initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• Additional commits viewable in compare view

Updates passport-jwt from 4.0.0 to 4.0.1

Commits

• fed94fa 4.0.1 release
• cfb5566 Merge pull request #248 from mikenicholson/update-minmatch
• 8e4ad5b Address minmatch vulnerability
• e9cf2ce Merge pull request #247 from mikenicholson/jsonwebtoken-9
• bfbc6cc Update jsonwebtoken to 9.0.0
• a49b43e Update minimist due to prototype pollution vulnerability in previous version
• a5137c6 Merge pull request #192 from markhoney/patch-1
• ea824cd Update jsonwebtoken and run npm audit fix
• 8e57eec Remove older node versions shiping npm without support for "ci"
• 3ab9305 Add CI workflow in GitHub Actions
• Additional commits viewable in compare view

Updates @types/passport-jwt from 3.0.3 to 3.0.13

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #381.