Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
fix(security): updating vulnerable packages (#1802)
Browse files Browse the repository at this point in the history
* fix(security): updating vulnerable packages

* fix(helmet): updating to support latest changes, transition from ms to seconds represntation

* comment on SIX_MONTHS variable
  • Loading branch information
lirantal authored Jul 2, 2017
1 parent e3df83e commit 57c63e6
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 6 deletions.
4 changes: 2 additions & 2 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ addons:
- clang
before_install:
- npm install nsp -g
- npm install snyk -g
# - npm install snyk -g
- npm install protractor
- 'export DISPLAY=:99.0'
- 'sh -e /etc/init.d/xvfb start'
Expand All @@ -42,7 +42,7 @@ before_install:
# - snyk test
after_script:
- nsp check
- snyk test
# - snyk test
- gulp test:coverage
- node_modules/.bin/lcov-result-merger 'coverage/**/lcov.info' | node_modules/coveralls/bin/coveralls.js
notifications:
Expand Down
7 changes: 4 additions & 3 deletions config/lib/express.js
Original file line number Diff line number Diff line change
Expand Up @@ -137,11 +137,12 @@ module.exports.initModulesConfiguration = function (app, db) {
};

/**
* Configure Helmet headers configuration
* Configure Helmet headers configuration for security
*/
module.exports.initHelmetHeaders = function (app) {
// Use helmet to secure Express headers
var SIX_MONTHS = 15778476000;
// six months expiration period specified in seconds
var SIX_MONTHS = 15778476;

app.use(helmet.frameguard());
app.use(helmet.xssFilter());
app.use(helmet.noSniff());
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"express-session": "~1.15.2",
"generate-password": "~1.3.0",
"glob": "~7.1.1",
"helmet": "~2.3.0",
"helmet": "~3.6.1",
"jasmine-core": "~2.5.2",
"lodash": "~4.17.4",
"lusca": "~1.4.1",
Expand Down

0 comments on commit 57c63e6

Please sign in to comment.