Bump express-bunyan-logger

[hedleysmith]

The latest version of express-bunyan-logger includes the option to obfuscate specific fields based on patterns.

This is really useful if you want to hide the body.password field which is currently logged by for failed signin attempts. Often users type their email in incorrectly but their password correctly so their valid password will be left hanging around in log files.

Will update docs with example of obfuscating as well.

[christiansmith]

I'm surprised that this is an issue, remember we had dealt with it at some point. But that was probably the pre-bunyan logger. Waiting for the travis build to complete and will review/merge. Thanks!

[coveralls]

Coverage remained the same at 79.743% when pulling e609d43ccf9dbc045ea6f77715940fb92bd6961e on hedleysmith:express-bunyan-logger-update into a21dd1ff17d4893bb97eb7beb455888afb10eea0 on anvilresearch:master.

[hedleysmith]

Yeah, could be worth including a conservative 'default' config somewhere so if people just 'turn on' logging it hides things like body.password for all requests. I'm not if/where the password field from successful login attempts are being blocked from being logged but if this is happening somewhere could be added alongside there. Or perhaps there could be default options just straight in boot/logger.js

[christiansmith]

@hedleysmith, sorry for the delay in responding to this. Been busy collaborating w/MIT CSAIL on some next gen oidc code and have unintentionally neglected this repo.

I will gladly accept a PR that defauls logging to hide the password if anyone has time.

cc: @tomkersten

[camfou]

Hello, I just created this PR : #354 ! Regards, Camille