diff --git a/app/templates/_package.json b/app/templates/_package.json
index 5345f2d5f..67760246d 100644
--- a/app/templates/_package.json
+++ b/app/templates/_package.json
@@ -3,20 +3,20 @@
   "version": "0.0.0",
   "main": "server/app.js",
   "dependencies": {
-    "express": "~4.9.0",
-    "morgan": "~1.0.0",
-    "body-parser": "~1.5.0",
-    "method-override": "~1.0.0",
-    "cookie-parser": "~1.0.1",
-    "express-session": "~1.0.2",
-    "errorhandler": "~1.0.0",
-    "compression": "~1.0.1",
+    "express": "^4.13.3",
+    "morgan": "~1.6.1",
+    "body-parser": "^1.13.3",
+    "method-override": "^2.3.5",
+    "cookie-parser": "^1.3.5",
+    "express-session": "^1.11.3",
+    "errorhandler": "^1.4.2",
+    "compression": "^1.5.2",
     "composable-middleware": "^0.3.0",
-    "lodash": "~2.4.1",
-    "lusca": "1.3.0",
+    "lodash": "^3.10.1",
+    "lusca": "^1.3.0",
     "babel-core": "^5.6.4",<% if (filters.jade) { %>
-    "jade": "~1.2.0",<% } %><% if (filters.html) { %>
-    "ejs": "~0.8.4",<% } %><% if (filters.mongoose) { %>
+    "jade": "^1.11.0",<% } %><% if (filters.html) { %>
+    "ejs": "^2.3.3",<% } %><% if (filters.mongoose) { %>
     "mongoose": "^4.1.2",
     "bluebird": "^2.9.34",
     "connect-mongo": "^0.8.1",<% } %><% if (filters.sequelize) { %>
@@ -25,15 +25,15 @@
     "express-sequelize-session": "0.4.0",<% } %><% if (filters.auth) { %>
     "jsonwebtoken": "^5.0.0",
     "express-jwt": "^3.0.0",
-    "passport": "~0.2.0",
-    "passport-local": "~0.1.6",<% } %><% if (filters.facebookAuth) { %>
+    "passport": "~0.3.0",
+    "passport-local": "^1.0.0",<% } %><% if (filters.facebookAuth) { %>
     "passport-facebook": "latest",<% } %><% if (filters.twitterAuth) { %>
     "passport-twitter": "latest",<% } %><% if (filters.googleAuth) { %>
     "passport-google-oauth": "latest",<% } %><% if (filters.socketio) { %>
     "socket.io": "^1.3.5",
     "socket.io-client": "^1.3.5",
     "socketio-jwt": "^4.2.0",<% } %>
-    "serve-favicon": "~2.0.1"
+    "serve-favicon": "^2.3.0"
   },
   "devDependencies": {
     "autoprefixer-core": "^5.2.1",
diff --git a/app/templates/server/api/user(auth)/user.controller.js b/app/templates/server/api/user(auth)/user.controller.js
index f1c2498fb..059216b4c 100644
--- a/app/templates/server/api/user(auth)/user.controller.js
+++ b/app/templates/server/api/user(auth)/user.controller.js
@@ -1,7 +1,6 @@
 'use strict';
 <% if (filters.mongooseModels) { %>
 var User = require('./user.model');<% } %><% if (filters.sequelizeModels) { %>
-var _ = require('lodash');
 var sqldb = require('../../sqldb');
 var User = sqldb.User;<% } %>
 var passport = require('passport');
diff --git a/app/templates/server/config/express.js b/app/templates/server/config/express.js
index ed88b6474..de7505759 100644
--- a/app/templates/server/config/express.js
+++ b/app/templates/server/config/express.js
@@ -41,7 +41,6 @@ module.exports = function(app) {
   // oauth 1.0 strategy, and Lusca depends on sessions
   app.use(session({
     secret: config.secrets.session,
-    resave: true,
     saveUninitialized: true<% if (filters.mongoose) { %>,
     store: new mongoStore({
       mongooseConnection: mongoose.connection,