Update dependency passport to ^0.6.0

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
passport (source)	dependencies	minor	^0.5.0 -> ^0.6.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Medium	4.8	CVE-2022-25896

---

Release Notes

jaredhanson/passport

v0.6.0

Compare Source

Added

• authenticate(), req#login, and req#logout accept a
  keepSessionInfo: true option to keep session information after regenerating
  the session.

Changed

• req#login() and req#logout() regenerate the the session and clear session
  information by default.
• req#logout() is now an asynchronous function and requires a callback
  function as the last argument.

Security

• Improved robustness against session fixation attacks in cases where there is
  physical access to the same system or the application is susceptible to
  cross-site scripting (XSS).

v0.5.3

Compare Source

Fixed

• initialize() middleware extends request with login(), logIn(),
  logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
  again, reverting change from 0.5.1.

v0.5.2

Compare Source

Fixed

• Introduced a compatibility layer for strategies that depend directly on
  passport@0.4.x or earlier (such as passport-azure-ad), which were
  broken by the removal of private variables in passport@0.5.1.

v0.5.1

Compare Source

Added

• Informative error message in session strategy if session support is not
  available.

Changed

• authenticate() middleware, rather than initialize() middleware, extends
  request with login(), logIn(), logout(), logOut(), isAuthenticated(),
  and isUnauthenticated() functions.

---

• If you want to rebase/retry this PR, click this checkbox.