Merge pull request #523 from nhubbard/develop

Update Dependencies and Improve Security
2025-06-28 20:22:53 +00:00 · 2016-11-17 19:36:14 +01:00 · 2016-11-17 19:36:14 +01:00 · 0f44fd2290
commit 0f44fd2290
parent a3a6fc0d15 690d461693
3 changed files with 12 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -35,6 +35,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Improve logger. `Log.log()` now accepts multiple arguments.
 - Remove extensive logging in newsfeed node helper.
 - Calendar times are now uniformly capitalized.
+- Modules are now secure, and Helmet is now used to prevent abuse of the Mirror's API.

 ### Fixed
 - Solve an issue where module margins would appear when the first module of a section was hidden.
--- a/js/server.js
+++ b/js/server.js
@ -12,6 +12,7 @@ var io = require("socket.io")(server);
 var path = require("path");
 var ipfilter = require("express-ipfilter").IpFilter;
 var fs = require("fs");
+var helmet = require("helmet");

 var Server = function(config, callback) {
 	console.log("Starting server op port " + config.port + " ... ");
@ -27,6 +28,7 @@ var Server = function(config, callback) {
 			res.status(403).send("This device is not allowed to access your mirror. <br> Please check your config.js or config.js.sample to change this.");
 		});
 	});
+	app.use(helmet());

 	app.use("/js", express.static(__dirname));
 	app.use("/config", express.static(path.resolve(__dirname + "/../config")));
--- a/package.json
+++ b/package.json
@ -17,7 +17,9 @@
    "modular"
  ],
  "author": "Michael Teeuw",
-  "contributors": ["https://github.com/MichMich/MagicMirror/graphs/contributors"],
+  "contributors": [
+    "https://github.com/MichMich/MagicMirror/graphs/contributors"
+  ],
  "license": "MIT",
  "bugs": {
    "url": "https://github.com/MichMich/MagicMirror/issues"
@ -27,23 +29,24 @@
    "grunt": "latest",
    "grunt-eslint": "latest",
    "grunt-jsonlint": "latest",
-    "grunt-markdownlint": "^1.0.4",
+    "grunt-markdownlint": "^1.0.13",
    "grunt-stylelint": "latest",
    "grunt-yamllint": "latest",
    "stylelint-config-standard": "latest",
    "time-grunt": "latest"
  },
  "dependencies": {
-    "electron": "^1.4.6",
+    "electron": "^1.4.7",
    "express": "^4.14.0",
    "express-ipfilter": "latest",
    "feedme": "latest",
+    "helmet": "^3.1.0",
    "iconv-lite": "latest",
    "moment": "latest",
-    "request": "^2.74.0",
+    "request": "^2.78.0",
    "rrule": "latest",
-    "simple-git": "^1.54.0",
-    "socket.io": "^1.4.6",
+    "simple-git": "^1.62.0",
+    "socket.io": "^1.5.1",
    "valid-url": "latest",
    "walk": "latest"
  }