[Security] Bump morgan from 1.9.0 to 1.9.1

[dependabot-preview]

Bumps morgan from 1.9.0 to 1.9.1. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects morgan
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.

Affected versions: < 1.9.1

Sourced from The Node Security Working Group.

Arbitrary Code Injection
Code Injection Vulnerability in morgan Package

Affected versions: <1.9.1

Release notes

Sourced from morgan's releases.

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

Changelog

Sourced from morgan's changelog.

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

Commits

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.