[Snyk] Upgrade @reactioncommerce/logger from 1.1.3 to 1.1.4

[snyk-bot]

Snyk has created this PR to upgrade @reactioncommerce/logger from 1.1.3 to 1.1.4.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 21 days ago, on 2021-08-19.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Remote Code Execution (RCE) SNYK-JS-BUNYAN-573166	310/1000 Why? CVSS 6.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @reactioncommerce/logger

• 1.1.4 - 2021-08-19
  

  1.1.4 (2021-08-19)

  Bug Fixes

  • upgrade bunyan from 1.8.12 to 1.8.15 (9d4ff9b)
  • upgrade node-loggly-bulk from 2.2.4 to 2.2.5 (0015556)
• 1.1.3 - 2019-11-07
  

  1.1.3 (2019-11-07)

  Bug Fixes

  • install missing linting modules and fix linting (bbb680c)
  • vulnerabilities reported by snyk (dfcba3a)

from @reactioncommerce/logger GitHub release notes

Commit messages

Package name: @reactioncommerce/logger

• bb77a30 Merge pull request #23 from reactioncommerce/snyk-upgrade-82b50d13d67ade1889757d353ddedca3
• 01f5e2f Merge pull request #24 from reactioncommerce/snyk-upgrade-ede980d8104e2a573067622b6d6972cf
• 0015556 fix: upgrade node-loggly-bulk from 2.2.4 to 2.2.5
• 9d4ff9b fix: upgrade bunyan from 1.8.12 to 1.8.15
• 84e782f Merge pull request #22 from reactioncommerce/dependabot/npm_and_yarn/path-parse-1.0.7
• 7294a7d chore(deps): bump path-parse from 1.0.6 to 1.0.7
• 7d7ebac Merge pull request #20 from reactioncommerce/dependabot/npm_and_yarn/trim-newlines-3.0.1
• 83fd000 Merge pull request #21 from reactioncommerce/dependabot/npm_and_yarn/normalize-url-5.3.1
• f2ae5a1 chore(deps): bump normalize-url from 5.3.0 to 5.3.1
• 0a51698 chore(deps): bump trim-newlines from 3.0.0 to 3.0.1
• 6b1a30d Merge pull request #16 from reactioncommerce/dependabot/npm_and_yarn/y18n-4.0.1
• 528fef2 Merge pull request #17 from reactioncommerce/dependabot/npm_and_yarn/handlebars-4.7.7
• c58f335 Merge pull request #18 from reactioncommerce/dependabot/npm_and_yarn/lodash-4.17.21
• 6e4f375 Merge pull request #19 from reactioncommerce/dependabot/npm_and_yarn/hosted-git-info-2.8.9
• ac6ee5d chore(deps): bump hosted-git-info from 2.8.5 to 2.8.9
• ac02a90 chore(deps): bump lodash from 4.17.19 to 4.17.21
• d7a7a3c chore(deps): bump handlebars from 4.7.6 to 4.7.7
• f1d04e4 chore(deps): bump y18n from 4.0.0 to 4.0.1
• 8188ae2 Merge pull request #15 from reactioncommerce/chore-mpaktiti-fix-circleci-conf
• fc684ed chore: fix circleCI conf
• 1dc9470 Merge pull request #14 from reactioncommerce/chore-mpaktiti-circleCI-node-version
• f15323a chore: upgrade circleCI node version
• db4f097 Merge pull request #12 from reactioncommerce/dependabot/npm_and_yarn/semantic-release-17.2.3
• f294285 Merge pull request #13 from reactioncommerce/dependabot/npm_and_yarn/ini-1.3.7

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs