[Snyk] Upgrade morgan from 1.3.2 to 1.10.0 #64

snyk-bot · 2020-07-01T23:40:55Z

Snyk has created this PR to upgrade morgan from 1.3.2 to 1.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 15 versions ahead of your current version.
The recommended version was released 3 months ago, on 2020-03-20.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-MORGAN-72579	Proof of Concept

Release notes

Package name: morgan

1.10.0 - 2020-03-20
- Add :total-time token
- Fix trailing space in colored status code for dev format
- deps: basic-auth@~2.0.1
  - deps: [email protected]
- deps: depd@~2.0.0
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
- deps: on-headers@~1.0.2
  - Fix res.writeHead patch missing return value
1.9.1 - 2018-09-11
- Fix using special characters in format
- deps: depd@~1.1.2
  - perf: remove argument reassignment
1.9.0 - 2017-09-27
- Use res.headersSent when available
- deps: basic-auth@~2.0.0
  - Use safe-buffer for improved Buffer API
- deps: [email protected]
- deps: depd@~1.1.1
  - Remove unnecessary Buffer loading
1.8.2 - 2017-05-24
- deps: [email protected]
  - Fix DEBUG_MAX_ARRAY_LENGTH
  - deps: [email protected]
1.8.1 - 2017-02-11
- deps: [email protected]
  - Fix deprecation messages in WebStorm and other editors
  - Undeprecate DEBUG_FD set to 1 or 2
1.8.0 - 2017-02-05
- Fix sending unnecessary undefined argument to token functions
- deps: basic-auth@~1.1.0
- deps: [email protected]
  - Allow colors in workers
  - Deprecated DEBUG_FD environment variable
  - Fix error when running under React Native
  - Use same color for same namespace
  - deps: [email protected]
- perf: enable strict mode in compiled functions
1.7.0 - 2016-02-19
- Add digits argument to response-time token
- deps: depd@~1.1.0
  - Enable strict mode in more places
  - Support web browser loading
- deps: on-headers@~1.0.1
  - perf: enable strict mode
1.6.1 - 2015-07-04
- deps: basic-auth@~1.0.3
1.6.0 - 2015-06-13
- Add morgan.compile(format) export
- Do not color 1xx status codes in dev format
- Fix response-time token to not include response latency
- Fix status token incorrectly displaying before response in dev format
- Fix token return values to be undefined or a string
- Improve representation of multiple headers in req and res tokens
- Use res.getHeader in res token
- deps: basic-auth@~1.0.2
  - perf: enable strict mode
  - perf: hoist regular expression
  - perf: parse with regular expressions
  - perf: remove argument reassignment
- deps: on-finished@~2.3.0
  - Add defined behavior for HTTP CONNECT requests
  - Add defined behavior for HTTP Upgrade requests
  - deps: [email protected]
- pref: enable strict mode
- pref: reduce function closure scopes
- pref: remove dynamic compile on every request for dev format
- pref: remove an argument reassignment
- pref: skip function call without skip option
1.5.3 - 2015-05-11
- deps: basic-auth@~1.0.1
- deps: debug@~2.2.0
  - deps: [email protected]
- deps: depd@~1.0.1
- deps: on-finished@~2.2.1
  - Fix isFinished(req) when data buffered
1.5.2 - 2015-03-15
1.5.1 - 2014-12-31
1.5.0 - 2014-11-07
1.4.1 - 2014-10-23
1.4.0 - 2014-10-17
1.3.2 - 2014-09-28