Skip to content
This repository has been archived by the owner on Jul 16, 2024. It is now read-only.

[Snyk] Upgrade winston from 3.3.3 to 3.8.0 #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Sep 6, 2022

Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2022-06-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-ASYNC-2441827
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: winston
  • 3.8.0 - 2022-06-23

    Added functionality

    • Add the stringify replacer option to the HTTP transport by @ domiins in #2155

    Dependency updates by @ dependabot + CI autotesting

    • Bump @ babel/core from 7.17.8 to 7.18.5
    • Bump eslint from 8.12.0 to 8.18.0
    • Bump @ types/node from 17.0.23 to 18.0.0
    • Bump @ babel/preset-env from 7.16.11 to 7.18.2
    • Bump @ babel/cli from 7.17.6 to 7.17.10

    Updates facilitating repo maintenance & enhancing documentation

    • Explicitly note that the Contirbuting.md file is out of date
    • Add instructions for publishing updated version by @ wbt (docs/publishing.md)
    • Prettier Config File by @ jeanpierrecarvalho in #2092
    • Readme update to explain origin of errors for handling (#2120)
    • update documentation for #2114 by @ zizifn in #2138
    • enhance message for logs with no transports #2114 by @ zizifn in #2139
    • Added a new Community Transport option to the list: Worker Thread based async Console Transport by @ arpad1337 in #2140

    New Contributors

    Full Changelog: v3.7.2...v3.8.0

  • 3.7.2 - 2022-04-04

    What's Changed

    Full Changelog: v3.7.1...v3.7.2

    The release announcement on GitHub is 24 days behind the NPM release in this case, sorry for the confusion!

  • 3.7.1 - 2022-04-04

    This change includes some minor updates to package-lock.json resolving npm audit failures: one in ansi-regex and another in minimist.

    Full Changelog: v3.7.0...v3.7.1

  • 3.6.0 - 2022-02-12

    v3.5.1...v3.6.0

  • 3.5.1 - 2022-01-31

    This release reverts the changes made in PR #1896 which added stricter typing to the available log levels,
    and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!

  • 3.5.0 - 2022-01-27
    Read more
  • 3.4.0 - 2022-01-10

    v3.4.0 / 2022-01-10

    Yesterday's release was done with a higher sense of urgency than usual due to vandalism in the colors package. This release:

    • ties up a loose end by including [#1973] to go with [#1824]
    • adds a missing http property in NpmConfigSetColors [#2004] (thanks @ SimDaSong)
    • fixes a minor issue in the build/release process [#2014]
    • pins the version of the testing framework to avoid an issue with a test incorrectly failing [#2017]

    The biggest change in this release, motivating the feature-level update, is [#2006] Make winston more ESM friendly, thanks to @ miguelcobain.

    Thanks also to @ DABH, @ wbt, and @ fearphage for contributions and reviews!

  • 3.3.4 - 2022-01-10

    Version 3.3.4

  • 3.3.3 - 2020-06-23
from winston GitHub release notes
Commit messages
Package name: winston

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant