kristakunkle / vulnerable-node

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
Other
0 stars 0 forks source link

chore(deps): update dependency morgan to ~1.9.1 #5

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
morgan dependencies minor ~1.6.1 -> ~1.9.1

By merging this PR, the issue #12 will be automatically resolved and closed:

Severity CVSS Score CVE
Critical Critical 9.8 CVE-2019-5413

Release Notes

expressjs/morgan (morgan) ### [`v1.9.1`](https://redirect.github.com/expressjs/morgan/blob/HEAD/HISTORY.md#191--2018-09-10) [Compare Source](https://redirect.github.com/expressjs/morgan/compare/1.9.0...1.9.1) \================== - Fix using special characters in format - deps: depd@~1.1.2 - perf: remove argument reassignment ### [`v1.9.0`](https://redirect.github.com/expressjs/morgan/blob/HEAD/HISTORY.md#190--2017-09-26) [Compare Source](https://redirect.github.com/expressjs/morgan/compare/1.8.2...1.9.0) \================== - Use `res.headersSent` when available - deps: basic-auth@~2.0.0 - Use `safe-buffer` for improved Buffer API - deps: debug@2.6.9 - deps: depd@~1.1.1 - Remove unnecessary `Buffer` loading ### [`v1.8.2`](https://redirect.github.com/expressjs/morgan/blob/HEAD/HISTORY.md#182--2017-05-23) [Compare Source](https://redirect.github.com/expressjs/morgan/compare/1.8.1...1.8.2) \================== - deps: debug@2.6.8 - Fix `DEBUG_MAX_ARRAY_LENGTH` - deps: ms@2.0.0 ### [`v1.8.1`](https://redirect.github.com/expressjs/morgan/blob/HEAD/HISTORY.md#181--2017-02-04) [Compare Source](https://redirect.github.com/expressjs/morgan/compare/1.8.0...1.8.1) \================== - deps: debug@2.6.1 - Fix deprecation messages in WebStorm and other editors - Undeprecate `DEBUG_FD` set to `1` or `2` ### [`v1.8.0`](https://redirect.github.com/expressjs/morgan/blob/HEAD/HISTORY.md#180--2017-02-04) [Compare Source](https://redirect.github.com/expressjs/morgan/compare/1.7.0...1.8.0) \================== - Fix sending unnecessary `undefined` argument to token functions - deps: basic-auth@~1.1.0 - deps: debug@2.6.0 - Allow colors in workers - Deprecated `DEBUG_FD` environment variable - Fix error when running under React Native - Use same color for same namespace - deps: ms@0.7.2 - perf: enable strict mode in compiled functions ### [`v1.7.0`](https://redirect.github.com/expressjs/morgan/blob/HEAD/HISTORY.md#170--2016-02-18) [Compare Source](https://redirect.github.com/expressjs/morgan/compare/1.6.1...1.7.0) \================== - Add `digits` argument to `response-time` token - deps: depd@~1.1.0 - Enable strict mode in more places - Support web browser loading - deps: on-headers@~1.0.1 - perf: enable strict mode