Morgan version 1.10.0 represents an incremental update over version 1.9.1, offering improvements and refinements beneficial to Node.js developers utilizing the HTTP request logger middleware. Key differences lie primarily in the development dependencies, reflecting advancements in tooling and code quality practices. For instance, the newer version adopts a more recent suite of ESLint plugins extending capabilities like node-specific rules, enhanced import handling, promise management, and standard code style enforcement, suggesting a heightened focus on code maintainability and best practices. The update also involves the employment of nyc for coverage reporting, replacing istanbul, which is an alternative tool for the same purpose but highlighting the fact that the update may have improved code coverage. Furthermore, the dependencies have upgraded versions, such as the depd dependency, that went from ~1.1.2 to ~2.0.0 or basic-auth that went from ~2.0.0 to ~2.0.1, which hints towards some API or functionality refinement work.
The most recent version boasts a small increase in unpacked size, and a much more recent releaseDate, indicating not only codebase changes but also recent maintenance and updates. While functionality should remain fundamentally similar, upgrading from 1.9.1 to 1.10.0 ensures developers benefit from modern linting rules, and dependecies' improvements, leading to less potential vulnerabilities and a generally more robust development environment. Using the very last version is in general, a very good idea.
All the vulnerabilities related to the version 1.10.0 of the package
on-headers is vulnerable to http response header manipulation
A bug in on-headers versions < 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead()
Users should upgrade to 1.1.0
Uses are encouraged to upgrade to 1.1.0, but this issue can be worked around by passing an object to response.writeHead() rather than an array.
