Update dependencies and improve CSP headers

2018-04-14 18:46:40 +01:00 · 2018-04-14 18:46:40 +01:00 · 7eacb52723
commit 7eacb52723
parent 5758a270c6
4 changed files with 66 additions and 61 deletions
--- a/app/Http/Middleware/CSPHeader.php
+++ b/app/Http/Middleware/CSPHeader.php
@ -47,7 +47,8 @@ p.typekit.net; \
 font-src 'self' \
 https://fonts.gstatic.com \
 use.typekit.net \
-fonts.typekit.net; \
+fonts.typekit.net \
+data:; \
 connect-src 'self' \
 https://api.mapbox.com \
 https://*.tiles.mapbox.com \
@ -55,7 +56,6 @@ performance.typekit.net \
 data: blob:; \
 worker-src 'self' blob:; \
 frame-src 'self' https://www.youtube.com blob:; \
-child-src 'self' blob:; \
 upgrade-insecure-requests; \
 block-all-mixed-content; \
 report-to csp-endpoint; \
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,8 @@
 # Changelog

+## Version {next}
+  - Improve CSP headers
+
 ## Version 0.16.3 (2018-04-12)
  - Improve JSON feed conformance

--- a/composer.json
+++ b/composer.json
@ -34,7 +34,7 @@
    },
    "require-dev": {
        "barryvdh/laravel-debugbar": "~3.0",
-        "codedungeon/phpunit-result-printer": "^0.12.0",
+        "codedungeon/phpunit-result-printer": "^0.14.0",
        "filp/whoops": "~2.0",
        "fzaninotto/faker": "~1.4",
        "jakub-onderka/php-parallel-lint": "^1.0.0",
--- a/composer.lock
+++ b/composer.lock
@ -1,23 +1,23 @@
 {
    "_readme": [
        "This file locks the dependencies of your project to a known state",
-        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "4127c4d74e7fbc79a541790fb5ea9d73",
+    "content-hash": "5e37bcec0043b7e6fe14b16f9602255f",
    "packages": [
        {
            "name": "aws/aws-sdk-php",
-            "version": "3.54.2",
+            "version": "3.54.4",
            "source": {
                "type": "git",
                "url": "https://github.com/aws/aws-sdk-php.git",
-                "reference": "17c2c7a47f54161d23b9a943b1c36600051cb93c"
+                "reference": "6642a13df7ddcccf19e66c744c5bfae5b61e9e85"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/17c2c7a47f54161d23b9a943b1c36600051cb93c",
-                "reference": "17c2c7a47f54161d23b9a943b1c36600051cb93c",
+                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/6642a13df7ddcccf19e66c744c5bfae5b61e9e85",
+                "reference": "6642a13df7ddcccf19e66c744c5bfae5b61e9e85",
                "shasum": ""
            },
            "require": {
@ -84,7 +84,7 @@
                "s3",
                "sdk"
            ],
-            "time": "2018-04-06T18:01:00+00:00"
+            "time": "2018-04-10T22:11:31+00:00"
        },
        {
            "name": "bosnadev/database",
@ -698,16 +698,16 @@
        },
        {
            "name": "doctrine/dbal",
-            "version": "v2.7.0",
+            "version": "v2.7.1",
            "source": {
                "type": "git",
                "url": "https://github.com/doctrine/dbal.git",
-                "reference": "f76bf5ef631cec551a86c2291fc749534febebf1"
+                "reference": "11037b4352c008373561dc6fc836834eed80c3b5"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/doctrine/dbal/zipball/f76bf5ef631cec551a86c2291fc749534febebf1",
-                "reference": "f76bf5ef631cec551a86c2291fc749534febebf1",
+                "url": "https://api.github.com/repos/doctrine/dbal/zipball/11037b4352c008373561dc6fc836834eed80c3b5",
+                "reference": "11037b4352c008373561dc6fc836834eed80c3b5",
                "shasum": ""
            },
            "require": {
@ -769,7 +769,7 @@
                "persistence",
                "queryobject"
            ],
-            "time": "2018-04-01T23:33:17+00:00"
+            "time": "2018-04-07T18:44:18+00:00"
        },
        {
            "name": "doctrine/inflector",
@ -943,16 +943,16 @@
        },
        {
            "name": "egulias/email-validator",
-            "version": "2.1.3",
+            "version": "2.1.4",
            "source": {
                "type": "git",
                "url": "https://github.com/egulias/EmailValidator.git",
-                "reference": "1bec00a10039b823cc94eef4eddd47dcd3b2ca04"
+                "reference": "8790f594151ca6a2010c6218e09d96df67173ad3"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/egulias/EmailValidator/zipball/1bec00a10039b823cc94eef4eddd47dcd3b2ca04",
-                "reference": "1bec00a10039b823cc94eef4eddd47dcd3b2ca04",
+                "url": "https://api.github.com/repos/egulias/EmailValidator/zipball/8790f594151ca6a2010c6218e09d96df67173ad3",
+                "reference": "8790f594151ca6a2010c6218e09d96df67173ad3",
                "shasum": ""
            },
            "require": {
@ -961,7 +961,7 @@
            },
            "require-dev": {
                "dominicsayers/isemail": "dev-master",
-                "phpunit/phpunit": "^4.8.35",
+                "phpunit/phpunit": "^4.8.35||^5.7||^6.0",
                "satooshi/php-coveralls": "^1.0.1"
            },
            "suggest": {
@ -996,7 +996,7 @@
                "validation",
                "validator"
            ],
-            "time": "2017-11-15T23:40:40+00:00"
+            "time": "2018-04-10T10:11:19+00:00"
        },
        {
            "name": "erusev/parsedown",
@ -1945,16 +1945,16 @@
        },
        {
            "name": "laravel/framework",
-            "version": "v5.6.15",
+            "version": "v5.6.16",
            "source": {
                "type": "git",
                "url": "https://github.com/laravel/framework.git",
-                "reference": "baa42cf6bdd942523fafece21ec16a1843c6db0f"
+                "reference": "fcdbc791bc3e113ada38ab0a1147141fb9ec2b16"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/framework/zipball/baa42cf6bdd942523fafece21ec16a1843c6db0f",
-                "reference": "baa42cf6bdd942523fafece21ec16a1843c6db0f",
+                "url": "https://api.github.com/repos/laravel/framework/zipball/fcdbc791bc3e113ada38ab0a1147141fb9ec2b16",
+                "reference": "fcdbc791bc3e113ada38ab0a1147141fb9ec2b16",
                "shasum": ""
            },
            "require": {
@ -2019,6 +2019,7 @@
                "aws/aws-sdk-php": "~3.0",
                "doctrine/dbal": "~2.6",
                "filp/whoops": "^2.1.4",
+                "league/flysystem-cached-adapter": "~1.0",
                "mockery/mockery": "~1.0",
                "moontoast/math": "^1.1",
                "orchestra/testbench-core": "3.6.*",
@ -2037,7 +2038,7 @@
                "guzzlehttp/guzzle": "Required to use the Mailgun and Mandrill mail drivers and the ping methods on schedules (~6.0).",
                "laravel/tinker": "Required to use the tinker console command (~1.0).",
                "league/flysystem-aws-s3-v3": "Required to use the Flysystem S3 driver (~1.0).",
-                "league/flysystem-cached-adapter": "Required to use Flysystem caching (~1.0).",
+                "league/flysystem-cached-adapter": "Required to use the Flysystem cache (~1.0).",
                "league/flysystem-rackspace": "Required to use the Flysystem Rackspace driver (~1.0).",
                "league/flysystem-sftp": "Required to use the Flysystem SFTP driver (~1.0).",
                "nexmo/client": "Required to use the Nexmo transport (~1.0).",
@ -2079,7 +2080,7 @@
                "framework",
                "laravel"
            ],
-            "time": "2018-03-30T13:29:58+00:00"
+            "time": "2018-04-09T16:07:04+00:00"
        },
        {
            "name": "laravel/horizon",
@ -3537,20 +3538,20 @@
        },
        {
            "name": "spatie/browsershot",
-            "version": "3.19.0",
+            "version": "3.20.1",
            "source": {
                "type": "git",
                "url": "https://github.com/spatie/browsershot.git",
-                "reference": "3830660e63dd74617fd9db6c192b89f897f21d49"
+                "reference": "d5abc3b88c1a3ff0f45dc09eb15681b132b7e971"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/spatie/browsershot/zipball/3830660e63dd74617fd9db6c192b89f897f21d49",
-                "reference": "3830660e63dd74617fd9db6c192b89f897f21d49",
+                "url": "https://api.github.com/repos/spatie/browsershot/zipball/d5abc3b88c1a3ff0f45dc09eb15681b132b7e971",
+                "reference": "d5abc3b88c1a3ff0f45dc09eb15681b132b7e971",
                "shasum": ""
            },
            "require": {
-                "php": "^7.0",
+                "php": "^7.1",
                "spatie/image": "^1.4",
                "spatie/temporary-directory": "^1.1",
                "symfony/process": "^3.0|^4.0"
@ -3589,20 +3590,20 @@
                "screenshot",
                "webpage"
            ],
-            "time": "2018-04-03T09:56:43+00:00"
+            "time": "2018-04-12T11:13:06+00:00"
        },
        {
            "name": "spatie/image",
-            "version": "1.4.1",
+            "version": "1.5.0",
            "source": {
                "type": "git",
                "url": "https://github.com/spatie/image.git",
-                "reference": "9ac824e02ae9ebcb6a74160d6dd9ab73a42f0e4f"
+                "reference": "2ff09d9eafbeccc71f29ee7a9eb6169a856df75e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/spatie/image/zipball/9ac824e02ae9ebcb6a74160d6dd9ab73a42f0e4f",
-                "reference": "9ac824e02ae9ebcb6a74160d6dd9ab73a42f0e4f",
+                "url": "https://api.github.com/repos/spatie/image/zipball/2ff09d9eafbeccc71f29ee7a9eb6169a856df75e",
+                "reference": "2ff09d9eafbeccc71f29ee7a9eb6169a856df75e",
                "shasum": ""
            },
            "require": {
@ -3613,6 +3614,7 @@
                "symfony/process": "^3.0|^4.0"
            },
            "require-dev": {
+                "larapack/dd": "^1.1",
                "phpunit/phpunit": "^6.0|^7.0",
                "symfony/var-dumper": "^3.2"
            },
@ -3640,7 +3642,7 @@
                "image",
                "spatie"
            ],
-            "time": "2018-02-08T09:09:05+00:00"
+            "time": "2018-04-13T11:53:18+00:00"
        },
        {
            "name": "spatie/image-optimizer",
@ -3693,23 +3695,23 @@
        },
        {
            "name": "spatie/temporary-directory",
-            "version": "1.1.3",
+            "version": "1.1.4",
            "source": {
                "type": "git",
                "url": "https://github.com/spatie/temporary-directory.git",
-                "reference": "e3da5b7a00c6610bc0b18480815fe09adf73383b"
+                "reference": "5e1799fa2297363ebfb4df296fea90afbd4ef9b7"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/spatie/temporary-directory/zipball/e3da5b7a00c6610bc0b18480815fe09adf73383b",
-                "reference": "e3da5b7a00c6610bc0b18480815fe09adf73383b",
+                "url": "https://api.github.com/repos/spatie/temporary-directory/zipball/5e1799fa2297363ebfb4df296fea90afbd4ef9b7",
+                "reference": "5e1799fa2297363ebfb4df296fea90afbd4ef9b7",
                "shasum": ""
            },
            "require": {
                "php": "^7.0"
            },
            "require-dev": {
-                "phpunit/phpunit": "5.*"
+                "phpunit/phpunit": "^6.3"
            },
            "type": "library",
            "autoload": {
@ -3735,7 +3737,7 @@
                "spatie",
                "temporary-directory"
            ],
-            "time": "2017-09-11T08:51:13+00:00"
+            "time": "2018-04-12T09:34:43+00:00"
        },
        {
            "name": "swiftmailer/swiftmailer",
@ -4897,16 +4899,16 @@
        },
        {
            "name": "codedungeon/phpunit-result-printer",
-            "version": "0.12.2",
+            "version": "0.14.0",
            "source": {
                "type": "git",
                "url": "https://github.com/mikeerickson/phpunit-pretty-result-printer.git",
-                "reference": "a3f8ba9e716f0e8818b6d01040002888ecc00cb3"
+                "reference": "fe0624ebe81a6dcc4441ace455b419b590cbb51e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/mikeerickson/phpunit-pretty-result-printer/zipball/a3f8ba9e716f0e8818b6d01040002888ecc00cb3",
-                "reference": "a3f8ba9e716f0e8818b6d01040002888ecc00cb3",
+                "url": "https://api.github.com/repos/mikeerickson/phpunit-pretty-result-printer/zipball/fe0624ebe81a6dcc4441ace455b419b590cbb51e",
+                "reference": "fe0624ebe81a6dcc4441ace455b419b590cbb51e",
                "shasum": ""
            },
            "require": {
@ -4916,7 +4918,7 @@
                "symfony/yaml": "^2.7|^3.0|^4.0"
            },
            "require-dev": {
-                "phpunit/phpunit": ">=7.1",
+                "phpunit/phpunit": "7.1.1",
                "spatie/phpunit-watcher": "^1.5"
            },
            "type": "library",
@ -4944,7 +4946,7 @@
                "result-printer",
                "testing"
            ],
-            "time": "2018-04-06T23:59:42+00:00"
+            "time": "2018-04-08T17:45:48+00:00"
        },
        {
            "name": "doctrine/instantiator",
@ -6181,16 +6183,16 @@
        },
        {
            "name": "phpunit/phpunit",
-            "version": "7.1.1",
+            "version": "7.1.3",
            "source": {
                "type": "git",
                "url": "https://github.com/sebastianbergmann/phpunit.git",
-                "reference": "f7fe5127889519e421600fe0feeb113a5e210f20"
+                "reference": "a7834993ddbf4b0ed2c3b2dc1f3b1d093ef910a9"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f7fe5127889519e421600fe0feeb113a5e210f20",
-                "reference": "f7fe5127889519e421600fe0feeb113a5e210f20",
+                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a7834993ddbf4b0ed2c3b2dc1f3b1d093ef910a9",
+                "reference": "a7834993ddbf4b0ed2c3b2dc1f3b1d093ef910a9",
                "shasum": ""
            },
            "require": {
@ -6208,7 +6210,7 @@
                "phpunit/php-file-iterator": "^1.4.3",
                "phpunit/php-text-template": "^1.2.1",
                "phpunit/php-timer": "^2.0",
-                "phpunit/phpunit-mock-objects": "^6.1",
+                "phpunit/phpunit-mock-objects": "^6.1.1",
                "sebastian/comparator": "^2.1",
                "sebastian/diff": "^3.0",
                "sebastian/environment": "^3.1",
@ -6257,20 +6259,20 @@
                "testing",
                "xunit"
            ],
-            "time": "2018-04-06T12:39:30+00:00"
+            "time": "2018-04-13T02:28:50+00:00"
        },
        {
            "name": "phpunit/phpunit-mock-objects",
-            "version": "6.1.0",
+            "version": "6.1.1",
            "source": {
                "type": "git",
                "url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git",
-                "reference": "3f5ca97eee66a07951d018f6726017629c85c86d"
+                "reference": "70c740bde8fd9ea9ea295be1cd875dd7b267e157"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/3f5ca97eee66a07951d018f6726017629c85c86d",
-                "reference": "3f5ca97eee66a07951d018f6726017629c85c86d",
+                "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/70c740bde8fd9ea9ea295be1cd875dd7b267e157",
+                "reference": "70c740bde8fd9ea9ea295be1cd875dd7b267e157",
                "shasum": ""
            },
            "require": {
@ -6313,7 +6315,7 @@
                "mock",
                "xunit"
            ],
-            "time": "2018-04-06T08:14:40+00:00"
+            "time": "2018-04-11T04:50:36+00:00"
        },
        {
            "name": "sebastian/code-unit-reverse-lookup",