Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2019-5413] Update morgan for vulnerability #1137

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[CVE-2019-5413] Update morgan for vulnerability #1137

wants to merge 2 commits into from

Conversation

fursich
Copy link

@fursich fursich commented Mar 26, 2019

Hi, this PR is related to the issue #1136

I'd like to suggest to use updated morgan to cope with the know vulnerability.

I also updated .bowerrc following the instruction to point to the latest directory. (please see here for details

Apparently (at least in my forked repository) there are a couple of CI errors with the master branch - something related with angular-highlightjs - but I leave it as it is, since I believe it has little to do with these changes.

As I'm quite new to contribute to this package any advises would be appreciated.
Would be cool if we can use this package without getting warnings from github :)

@fursich
update .bowerrc
405953f 
update legacy .bowerrc to point to new Bower registory
https://gist.github.com/sheerun/c04d856a7a368bad2896ff0c4958cb00
@fursich
(security fix) update morgan
2b1906e 
This commit is to update one of the dependent node modules 'morgan'
upto version 1.9.1 so as to catch up with its security fix. see also:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5413
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fursich