imgix / ember-cli-imgix

Easily add imgix functionality to your Ember application
https://imgix.github.io/ember-cli-imgix
MIT License
26 stars 13 forks source link

chore(deps): [security] bump morgan from 1.9.0 to 1.9.1 #85

Closed dependabot-preview[bot] closed 5 years ago

dependabot-preview[bot] commented 5 years ago

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps morgan from 1.9.0 to 1.9.1. This update includes security fixes.

Vulnerabilities fixed *Sourced from The GitHub Security Advisory Database.* > **Moderate severity vulnerability that affects morgan** > An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. > > Affected versions: < 1.9.1 *Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/473.json).* > **Arbitrary Code Injection** > Code Injection Vulnerability in morgan Package > > Affected versions: <1.9.1
Release notes *Sourced from [morgan's releases](https://github.com/expressjs/morgan/releases).* > ## 1.9.1 > * Fix using special characters in format > * deps: depd@~1.1.2 > - perf: remove argument reassignment
Changelog *Sourced from [morgan's changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md).* > 1.9.1 / 2018-09-10 > ================== > > * Fix using special characters in format > * deps: depd@~1.1.2 > - perf: remove argument reassignment
Commits - [`572dd93`](https://github.com/expressjs/morgan/commit/572dd937f26d486babc709228c98fd15dd807408) 1.9.1 - [`e02de38`](https://github.com/expressjs/morgan/commit/e02de384bd27c6131c516e05d6499845a6793707) lint: apply standard 12 style - [`e329663`](https://github.com/expressjs/morgan/commit/e329663836809de4be557b200a5b983ab8b4e6c2) Fix using special characters in format - [`eb1968a`](https://github.com/expressjs/morgan/commit/eb1968ac69a3d1ad98bacd06b738e9125630c3d3) tests: use strict equality checks - [`310b206`](https://github.com/expressjs/morgan/commit/310b2069de0143c958db341141cbc429bc0e2cd2) build: use yaml eslint configuration - [`5810937`](https://github.com/expressjs/morgan/commit/581093770cc2c323a39fd306034e9e859cb0ffb2) build: Node.js@9.11 - [`f60afd5`](https://github.com/expressjs/morgan/commit/f60afd502f5be3ebc916f10dab84fdb818a1c494) build: Node.js@8.11 - [`5295b0c`](https://github.com/expressjs/morgan/commit/5295b0cff959201aa06186f999d8d48f8f3c8384) build: eslint-plugin-standard@3.1.0 - [`178daaf`](https://github.com/expressjs/morgan/commit/178daaf25c4edebc9daddd5a847d40cd69594705) build: eslint-plugin-promise@3.8.0 - [`7b08641`](https://github.com/expressjs/morgan/commit/7b08641f7d96472bd959b11f07cfaef94f6818ba) build: eslint-plugin-import@2.12.0 - Additional commits viewable in [compare view](https://github.com/expressjs/morgan/compare/1.9.0...1.9.1)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.