From ca7f48ddb9b0dfc89ef159d310912078fcecc8ce Mon Sep 17 00:00:00 2001 From: Koji Arai Date: Wed, 24 Jan 2018 13:50:29 +0900 Subject: [PATCH 1/3] Update some packages --- package.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 1ce6b395d..70c3e988f 100644 --- a/package.json +++ b/package.json @@ -67,29 +67,29 @@ "colors": "~1.1.2", "compression": "^1.6.2", "connect-assets": "^5.3.0", - "connect-mongo": "^1.2.1", + "connect-mongo": "^2.0.1", "cookie-parser": "^1.4.3", "express.oi": "0.0.21", - "helmet": "^2.1.1", + "helmet": "^3.10.0", "i18n": "^0.8.3", "js-yaml": "^3.6.1", "less": "^2.7.1", "lodash": "^4.13.1", "md5": "^2.1.0", - "moment": "^2.14.1", - "mongoose": "^4.5.5", - "mongoose-unique-validator": "^1.0.2", + "moment": "^2.20.1", + "mongoose": "^5.0.1", + "mongoose-unique-validator": "^2.0.0", "mongoose-validate": "0.0.5", "multer": "^1.1.0", "node-xmpp-server": "^2.2.0", "node_hash": "^0.2.0", - "nunjucks": "^2.4.2", + "nunjucks": "^3.0.1", "on-finished": "^2.3.0", - "passport": "^0.3.2", + "passport": "^0.4.0", "passport-http": "0.3.0", "passport-http-bearer": "1.0.1", "passport-local": "1.0.0", - "passport.socketio": "3.6.2", + "passport.socketio": "3.7.0", "require-directory": "~2.1.1", "require-tree": "^1.1.1", "uuid": "^3.0.0" From ccf22acab5d13024159b1c3cd885d487049ab926 Mon Sep 17 00:00:00 2001 From: Koji Arai Date: Wed, 24 Jan 2018 18:06:26 +0900 Subject: [PATCH 2/3] Change for connect-mongo v2 --- app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.js b/app.js index 245d02d35..58af35c4e 100644 --- a/app.js +++ b/app.js @@ -20,7 +20,7 @@ var _ = require('lodash'), http = require('http'), nunjucks = require('nunjucks'), mongoose = require('mongoose'), - connectMongo = require('connect-mongo/es5'), + connectMongo = require('connect-mongo'), all = require('require-tree'), psjon = require('./package.json'), settings = require('./app/config'), From 83d8fd00048d143f87f0f4743a8f9ce0c05d30b4 Mon Sep 17 00:00:00 2001 From: Koji Arai Date: Wed, 24 Jan 2018 18:07:26 +0900 Subject: [PATCH 3/3] Change for helmet v3 --- app.js | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/app.js b/app.js index 58af35c4e..c06220985 100644 --- a/app.js +++ b/app.js @@ -91,14 +91,16 @@ app.use(helmet.hsts({ preload: true })); app.use(helmet.contentSecurityPolicy({ - defaultSrc: ['\'none\''], - connectSrc: ['*'], - scriptSrc: ['\'self\'', '\'unsafe-eval\''], - styleSrc: ['\'self\'', 'fonts.googleapis.com', '\'unsafe-inline\''], - fontSrc: ['\'self\'', 'fonts.gstatic.com'], - mediaSrc: ['\'self\''], - objectSrc: ['\'self\''], - imgSrc: ['* data:'] + directives: { + defaultSrc: ['\'none\''], + connectSrc: ['*'], + scriptSrc: ['\'self\'', '\'unsafe-eval\''], + styleSrc: ['\'self\'', 'fonts.googleapis.com', '\'unsafe-inline\''], + fontSrc: ['\'self\'', 'fonts.gstatic.com'], + mediaSrc: ['\'self\''], + objectSrc: ['\'self\''], + imgSrc: ['* data:'] + } })); var bundles = {};