From 14136450ab70a12a0eccbacac0850820cc398590 Mon Sep 17 00:00:00 2001 From: hyperreality Date: Mon, 29 Aug 2016 23:10:14 +0100 Subject: [PATCH] feat(core): update project dependencies, fix express config (#1463) --- config/env/default.js | 2 +- config/lib/express.js | 12 +++--------- package.json | 20 ++++++++++---------- 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/config/env/default.js b/config/env/default.js index d863253625..85508e1bd3 100644 --- a/config/env/default.js +++ b/config/env/default.js @@ -29,7 +29,7 @@ module.exports = { // Lusca config csrf: { csrf: false, - csp: { /* Content Security Policy object */}, + csp: false, xframe: 'SAMEORIGIN', p3p: 'ABCDEF', xssProtection: true diff --git a/config/lib/express.js b/config/lib/express.js index 13898b902b..eb2811528e 100644 --- a/config/lib/express.js +++ b/config/lib/express.js @@ -53,12 +53,6 @@ module.exports.initLocalVariables = function (app) { * Initialize application middleware */ module.exports.initMiddleware = function (app) { - // Showing stack errors - app.set('showStackError', true); - - // Enable jsonp - app.enable('jsonp callback'); - // Should be placed before express.static app.use(compress({ filter: function (req, res) { @@ -146,10 +140,10 @@ module.exports.initModulesConfiguration = function (app, db) { module.exports.initHelmetHeaders = function (app) { // Use helmet to secure Express headers var SIX_MONTHS = 15778476000; - app.use(helmet.xframe()); + app.use(helmet.frameguard()); app.use(helmet.xssFilter()); - app.use(helmet.nosniff()); - app.use(helmet.ienoopen()); + app.use(helmet.noSniff()); + app.use(helmet.ieNoOpen()); app.use(helmet.hsts({ maxAge: SIX_MONTHS, includeSubdomains: true, diff --git a/package.json b/package.json index db8ab9e9d2..313e3d5f26 100644 --- a/package.json +++ b/package.json @@ -32,35 +32,35 @@ }, "dependencies": { "acl": "~0.4.9", - "async": "~1.5.2", + "async": "~2.0.1", "body-parser": "~1.15.0", "bower": "~1.7.7", "cfenv": "~1.0.3", "chalk": "~1.1.1", "compression": "~1.6.1", "connect-flash": "~0.1.1", - "connect-mongo": "~1.1.0", + "connect-mongo": "~1.3.2", "cookie-parser": "~1.4.1", "crypto": "0.0.3", "express": "~4.14.0", "express-hbs": "^1.0.2", - "express-session": "~1.13.0", + "express-session": "~1.14.1", "file-stream-rotator": "~0.0.6", "generate-password": "~1.1.1", "glob": "~7.0.0", "grunt": "~1.0.1", "grunt-cli": "~1.2.0", "gulp-node-inspector": "~0.1.0", - "helmet": "~1.3.0", + "helmet": "~2.1.2", "jasmine-core": "~2.4.1", - "lodash": "~4.6.1", - "lusca": "~1.3.0", + "lodash": "~4.15.0", + "lusca": "~1.4.1", "method-override": "~2.3.5", "mocha": "~3.0.2", "mongoose": "~4.4.8", "morgan": "~1.7.0", - "multer": "~1.1.0", - "nodemailer": "~2.3.0", + "multer": "~1.2.0", + "nodemailer": "~2.5.0", "owasp-password-strength-test": "~1.3.0", "passport": "~0.3.2", "passport-facebook": "~2.1.0", @@ -72,8 +72,8 @@ "passport-twitter": "~1.0.4", "phantomjs-prebuilt": "~2.1.4", "serve-favicon": "~2.3.0", - "socket.io": "~1.4.5", - "validator": "~5.1.0", + "socket.io": "^1.4.8", + "validator": "~5.5.0", "winston": "^2.2.0", "wiredep": "~4.0.0" },