Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
bunyan - npm Package Versions
Changelog
2.0.5 (beta)
- [pull #575, #278] Change the default "req" serializer to accept expressjs's
req.originalUrlfor the "url" field per https://expressjs.com/en/api.html#req.originalUrl. (By @twelve17 and @kingcody.) - Development change: Switch to node-tap for testing (from nodeunit, which is now obsolete). Currently just tap v9 because that is the last major version of node-tap that supports back to node v0.10.
Changelog
2.0.4 (beta)
- [pull #558] Update minimum "moment" version to 2.19.3 for CVE-2017-18214.
- [issue #589] Use
os.EOLfor newlines in bunyan output, which helps with some Unix-EOL-naive apps like notepad. (By @bwknight877.) - Development change: Switched to GitHub Actions for CI.
Changelog
2.0.3 (beta)
-
Fix a vulnerability from a crafted argument to 'bunyan -p ARG'
This was reported privately as: https://hackerone.com/reports/902739 bunyan - RCE via insecure command formatting
Previous to this version the 'bunyan' CLI was not escaping a given argument to the '-p' option before executing
ps -A -o pid,command | grep '$ARG'which could lead to unintended execution.(This same change is also in bunyan@1.8.13.)
Changelog
2.0.2 (beta)
- [issue #444] Fix the
bunyanCLI to not duplicate the "HTTP/1.1 ..." status line when serializing a "res" field.
Changelog
2.0.1 (beta)
- [issue #504] Backward incompatible change to the
bunyanCLI: ThebunyanCLI no longer adds aHostheader when rendering aclient_reqfield in a log record. In 1.x it used to do this (usingclient_req.addressandclient_req.port), on the guess that Node.js'http.ClientRequesthandling would add it. However, the guess can be wrong and misleading. It is better not to guess.