update for some vulnerabilities

app.js

@@ -9,6 +9,7 @@ const opts = Object.assign({
 const logger = require('pino')(opts);
 const express = require('express');
 const app = express();
+app.disable('x-powered-by');
 const cors = require('cors');
 const passport = require('passport');
 const routes = require('./lib/routes');
@@ -88,7 +89,7 @@ const unless = (paths, middleware) => {
     return middleware(req, res, next);
   };
 };
-
+app.use(passport.initialize());
 app.use(cors());
 app.use(express.urlencoded({extended: true}));
 app.use(unless(['/stripe'], express.json()));

lib/utils/encrypt-decrypt.js

@@ -1,5 +1,5 @@
 const crypto = require('crypto');
-const algorithm = 'aes-256-ctr';
+const algorithm = 'aes-256-cbc';
 const iv = crypto.randomBytes(16);
 const secretKey = crypto.createHash('sha256')
   .update(String(process.env.JWT_SECRET))

package.json

@@ -32,7 +32,7 @@
     "jsonwebtoken": "^8.5.1",
     "mailgun.js": "^3.3.0",
     "mysql2": "^2.2.5",
-    "passport": "^0.4.1",
+    "passport": "^0.5.0",
     "passport-http-bearer": "^1.0.1",
     "pino": "^5.17.0",
     "short-uuid": "^4.1.0",