chore(deps): bump passport from 0.4.0 to 0.6.0 (#31)

* chore(deps): bump passport from 0.4.0 to 0.6.0

Bumps [passport](https://github.com/jaredhanson/passport) from 0.4.0 to 0.6.0.
- [Release notes](https://github.com/jaredhanson/passport/releases)
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.4.0...v0.6.0)

---
updated-dependencies:
- dependency-name: passport
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* fix: use `keepSessionInfo` to maintain session

The passport.js changes in `0.6.0` have breaking changes related to protecting against "Session Fixation".
- jaredhanson/passport#900
- https://medium.com/passportjs/fixing-session-fixation-b2b68619c51d

The assumption for the fix in this commit is that our example project here only has the session storage as its storage mechanism, so we're not quite vulnerable to the same thing since the storage goes away when the local project is stopped.

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jaime Lopez <[email protected]>

package.json

@@ -14,7 +14,7 @@
     "express-session": "^1.15.6",
     "node-fetch": "2.6.7",
     "openid-client": "^5.3.0",
-    "passport": "^0.4.0"
+    "passport": "^0.6.0"
   },
   "engines": {
     "node": ">=12.0"

server.js

@@ -155,7 +155,10 @@ app.get('/auth/cb', (req, res, next) => {
     if (err || !user) {
       return res.redirect('/login.html');
     }
-    req.logIn(user, (err) => {
+    const options = {
+      keepSessionInfo: true
+    }
+    req.logIn(user, options, (err) => {
       if (err) {
         return next(err);
       }