If you make any changes to it yourself then they will take precedence over the rebase.
Bumps morgan from 1.9.0 to 1.9.1. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.*
> **Moderate severity vulnerability that affects morgan**
> An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
>
> Affected versions: < 1.9.1
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/473.json).*
> **Arbitrary Code Injection**
> Code Injection Vulnerability in morgan Package
>
> Affected versions: <1.9.1
Release notes
*Sourced from [morgan's releases](https://github.com/expressjs/morgan/releases).*
> ## 1.9.1
> * Fix using special characters in format
> * deps: depd@~1.1.2
> - perf: remove argument reassignment
Changelog
*Sourced from [morgan's changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md).*
> 1.9.1 / 2018-09-10
> ==================
>
> * Fix using special characters in format
> * deps: depd@~1.1.2
> - perf: remove argument reassignment
Commits
- [`572dd93`](https://github.com/expressjs/morgan/commit/572dd937f26d486babc709228c98fd15dd807408) 1.9.1
- [`e02de38`](https://github.com/expressjs/morgan/commit/e02de384bd27c6131c516e05d6499845a6793707) lint: apply standard 12 style
- [`e329663`](https://github.com/expressjs/morgan/commit/e329663836809de4be557b200a5b983ab8b4e6c2) Fix using special characters in format
- [`eb1968a`](https://github.com/expressjs/morgan/commit/eb1968ac69a3d1ad98bacd06b738e9125630c3d3) tests: use strict equality checks
- [`310b206`](https://github.com/expressjs/morgan/commit/310b2069de0143c958db341141cbc429bc0e2cd2) build: use yaml eslint configuration
- [`5810937`](https://github.com/expressjs/morgan/commit/581093770cc2c323a39fd306034e9e859cb0ffb2) build: Node.js@9.11
- [`f60afd5`](https://github.com/expressjs/morgan/commit/f60afd502f5be3ebc916f10dab84fdb818a1c494) build: Node.js@8.11
- [`5295b0c`](https://github.com/expressjs/morgan/commit/5295b0cff959201aa06186f999d8d48f8f3c8384) build: eslint-plugin-standard@3.1.0
- [`178daaf`](https://github.com/expressjs/morgan/commit/178daaf25c4edebc9daddd5a847d40cd69594705) build: eslint-plugin-promise@3.8.0
- [`7b08641`](https://github.com/expressjs/morgan/commit/7b08641f7d96472bd959b11f07cfaef94f6818ba) build: eslint-plugin-import@2.12.0
- Additional commits viewable in [compare view](https://github.com/expressjs/morgan/compare/1.9.0...1.9.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
⚠️ Dependabot is rebasing this PR ⚠️
If you make any changes to it yourself then they will take precedence over the rebase.
Bumps morgan from 1.9.0 to 1.9.1. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.* > **Moderate severity vulnerability that affects morgan** > An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. > > Affected versions: < 1.9.1 *Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/473.json).* > **Arbitrary Code Injection** > Code Injection Vulnerability in morgan Package > > Affected versions: <1.9.1Release notes
*Sourced from [morgan's releases](https://github.com/expressjs/morgan/releases).* > ## 1.9.1 > * Fix using special characters in format > * deps: depd@~1.1.2 > - perf: remove argument reassignmentChangelog
*Sourced from [morgan's changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md).* > 1.9.1 / 2018-09-10 > ================== > > * Fix using special characters in format > * deps: depd@~1.1.2 > - perf: remove argument reassignmentCommits
- [`572dd93`](https://github.com/expressjs/morgan/commit/572dd937f26d486babc709228c98fd15dd807408) 1.9.1 - [`e02de38`](https://github.com/expressjs/morgan/commit/e02de384bd27c6131c516e05d6499845a6793707) lint: apply standard 12 style - [`e329663`](https://github.com/expressjs/morgan/commit/e329663836809de4be557b200a5b983ab8b4e6c2) Fix using special characters in format - [`eb1968a`](https://github.com/expressjs/morgan/commit/eb1968ac69a3d1ad98bacd06b738e9125630c3d3) tests: use strict equality checks - [`310b206`](https://github.com/expressjs/morgan/commit/310b2069de0143c958db341141cbc429bc0e2cd2) build: use yaml eslint configuration - [`5810937`](https://github.com/expressjs/morgan/commit/581093770cc2c323a39fd306034e9e859cb0ffb2) build: Node.js@9.11 - [`f60afd5`](https://github.com/expressjs/morgan/commit/f60afd502f5be3ebc916f10dab84fdb818a1c494) build: Node.js@8.11 - [`5295b0c`](https://github.com/expressjs/morgan/commit/5295b0cff959201aa06186f999d8d48f8f3c8384) build: eslint-plugin-standard@3.1.0 - [`178daaf`](https://github.com/expressjs/morgan/commit/178daaf25c4edebc9daddd5a847d40cd69594705) build: eslint-plugin-promise@3.8.0 - [`7b08641`](https://github.com/expressjs/morgan/commit/7b08641f7d96472bd959b11f07cfaef94f6818ba) build: eslint-plugin-import@2.12.0 - Additional commits viewable in [compare view](https://github.com/expressjs/morgan/compare/1.9.0...1.9.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.