This repository was archived by the owner on Nov 4, 2025. It is now read-only.
[CVE-2019-5413] Update morgan for vulnerability #1137
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
update legacy .bowerrc to point to new Bower registory https://gist.github.com/sheerun/c04d856a7a368bad2896ff0c4958cb00
This commit is to update one of the dependent node modules 'morgan' upto version 1.9.1 so as to catch up with its security fix. see also: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5413
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi, this PR is related to the issue #1136
I'd like to suggest to use updated morgan to cope with the know vulnerability.
I also updated
.bowerrcfollowing the instruction to point to the latest directory. (please see here for detailsApparently (at least in my forked repository) there are a couple of CI errors with the master branch - something related with angular-highlightjs - but I leave it as it is, since I believe it has little to do with these changes.
As I'm quite new to contribute to this package any advises would be appreciated.
Would be cool if we can use this package without getting warnings from github :)