- Notifications
You must be signed in to change notification settings - Fork1
[Snyk] Upgrade morgan from 1.0.1 to 1.10.0#4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Open
snyk-bot wants to merge1 commit intomasterChoose a base branch
base:master
Could not load branches
Branch not found:{{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline, and old review comments may become outdated.
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade morgan from 1.0.1 to 1.10.0.See this package in npm:https://www.npmjs.com/package/morganSee this project in Snyk:https://app.snyk.io/org/jswheeler/project/6bd5303a-7079-4ced-ab77-2bd07e622813?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade morgan from 1.0.1 to 1.10.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-MORGAN-72579
Why? Proof of Concept exploit, Has a fix available, CVSS 6.8
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name:morgan
- 1.10.0 -2020-03-20
- Add
- Fix trailing space in colored status code for
- deps: basic-auth@~2.0.1
- deps: safe-buffer@5.1.2
- deps: depd@~2.0.0
- Replace internal
- Use instance methods on
- deps: on-headers@~1.0.2
- Fix
- 1.9.1 -2018-09-11
- Fix using special characters in format
- deps: depd@~1.1.2
- perf: remove argument reassignment
- 1.9.0 -2017-09-27
- Use
- deps: basic-auth@~2.0.0
- Use
- deps: debug@2.6.9
- deps: depd@~1.1.1
- Remove unnecessary
- 1.8.2 -2017-05-24
- deps: debug@2.6.8
- Fix
- deps: ms@2.0.0
- 1.8.1 -2017-02-11
- deps: debug@2.6.1
- Fix deprecation messages in WebStorm and other editors
- Undeprecate
- 1.8.0 -2017-02-05
- Fix sending unnecessary
- deps: basic-auth@~1.1.0
- deps: debug@2.6.0
- Allow colors in workers
- Deprecated
- Fix error when running under React Native
- Use same color for same namespace
- deps: ms@0.7.2
- perf: enable strict mode in compiled functions
- 1.7.0 -2016-02-19
- Add
- deps: depd@~1.1.0
- Enable strict mode in more places
- Support web browser loading
- deps: on-headers@~1.0.1
- perf: enable strict mode
- 1.6.1 -2015-07-04
- deps: basic-auth@~1.0.3
- 1.6.0 -2015-06-13
- Add
- Do not color 1xx status codes in
- Fix
- Fix
- Fix token return values to be
- Improve representation of multiple headers in
- Use
- deps: basic-auth@~1.0.2
- perf: enable strict mode
- perf: hoist regular expression
- perf: parse with regular expressions
- perf: remove argument reassignment
- deps: on-finished@~2.3.0
- Add defined behavior for HTTP
- Add defined behavior for HTTP
- deps: ee-first@1.1.1
- pref: enable strict mode
- pref: reduce function closure scopes
- pref: remove dynamic compile on every request for
- pref: remove an argument reassignment
- pref: skip function call without
- 1.5.3 -2015-05-11
- deps: basic-auth@~1.0.1
- deps: debug@~2.2.0
- deps: ms@0.7.1
- deps: depd@~1.0.1
- deps: on-finished@~2.2.1
- Fix
- 1.5.2 - 2015-03-15
- 1.5.1 - 2014-12-31
- 1.5.0 - 2014-11-07
- 1.4.1 - 2014-10-23
- 1.4.0 - 2014-10-17
- 1.3.2 - 2014-09-28
- 1.3.1 - 2014-09-14
- 1.3.0 - 2014-09-02
- 1.2.3 - 2014-08-17
- 1.2.2 - 2014-07-27
- 1.2.1 - 2014-07-26
- 1.2.0 - 2014-07-20
- 1.1.1 - 2014-05-21
- 1.1.0 - 2014-05-19
- 1.0.1 - 2014-05-05
frommorgan GitHub release notes:total-timetokendevformatevalusage withFunctionconstructorprocessto check for listenersres.writeHeadpatch missing return valueres.headersSentwhen availablesafe-bufferfor improved Buffer APIBufferloadingDEBUG_MAX_ARRAY_LENGTHDEBUG_FDset to1or2undefinedargument to token functionsDEBUG_FDenvironment variabledigitsargument toresponse-timetokenmorgan.compile(format)exportdevformatresponse-timetoken to not include response latencystatustoken incorrectly displaying before response indevformatundefinedor a stringreqandrestokensres.getHeaderinrestokenCONNECTrequestsUpgraderequestsdevformatskipoptionisFinished(req)when data bufferedNote:You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐View latest project report
🛠Adjust upgrade PR settings
🔕Ignore this dependency or unsubscribe from future upgrade PRs