fix all vulnerabilities in the production code (#817)

Signed-off-by: Denis barbaron <denis.barbaron@orange.com>
2026-04-18 16:13:24 +02:00 · 2024-11-29 11:02:11 +01:00
parent 2f54e40206
commit 872b0bcbd8
26 changed files with 160 additions and 13627 deletions
--- a/lib/units/app/index.js
+++ b/lib/units/app/index.js
@@ -7,12 +7,11 @@ var url = require('url')
 var fs = require('fs')

 var express = require('express')
-var validator = require('express-validator')
 var cookieSession = require('cookie-session')
 var bodyParser = require('body-parser')
 var serveFavicon = require('serve-favicon')
 var serveStatic = require('serve-static')
-var csrf = require('csurf')
+var csrf = require('@dr.pogodin/csurf')
 var compression = require('compression')

 var logger = require('../../util/logger')
@@ -93,7 +92,6 @@ module.exports = function(options) {

  app.use(bodyParser.json())
  app.use(csrf())
-  app.use(validator())

  app.use(function(req, res, next) {
    res.cookie('XSRF-TOKEN', req.csrfToken())