This repository has been archived by the owner on Nov 15, 2024. It is now read-only.
[Snyk] Upgrade winston from 3.3.3 to 3.8.0 #17
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.0. See this package in npm: https://www.npmjs.com/package/winston See this project in Snyk: https://app.snyk.io/org/violethaze74/project/e533b133-81d6-4d5d-8275-539d0c008887?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-ASYNC-2441827
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-COLORSTRING-1082939
Why? Proof of Concept exploit, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: winston
-
3.8.0 - 2022-06-23
- Add the stringify replacer option to the HTTP transport by @ domiins in #2155
- Bump @ babel/core from 7.17.8 to 7.18.5
- Bump eslint from 8.12.0 to 8.18.0
- Bump @ types/node from 17.0.23 to 18.0.0
- Bump @ babel/preset-env from 7.16.11 to 7.18.2
- Bump @ babel/cli from 7.17.6 to 7.17.10
- Explicitly note that the Contirbuting.md file is out of date
- Add instructions for publishing updated version by @ wbt (docs/publishing.md)
- Prettier Config File by @ jeanpierrecarvalho in #2092
- Readme update to explain origin of errors for handling (#2120)
- update documentation for #2114 by @ zizifn in #2138
- enhance message for logs with no transports #2114 by @ zizifn in #2139
- Added a new Community Transport option to the list: Worker Thread based async Console Transport by @ arpad1337 in #2140
- @ zizifn made their first contribution in #2138
- @ arpad1337 made their first contribution in #2140
- @ domiins made their first contribution in #2155
- made their first contribution in #2092
-
3.7.2 - 2022-04-04
- Revert for #2103 in #2104
-
3.7.1 - 2022-04-04
-
3.6.0 - 2022-02-12
- Changelog updates for v3.6.0 5e72485
- Update dependencies, including latest logform (#2071) 93077ef
- Update to @ colors/colors (#2069) 035f94a
- Bump @ babel/core from 7.16.12 to 7.17.2 (#2068) 7665d88
- Bump @ babel/cli from 7.16.8 to 7.17.0 (#2064) e658389
- chore: add editorconfig (#2058) 30d260d
- Add search terms field to bug report template (#2067) 40ef309
- Bump @ types/node from 17.0.13 to 17.0.15 (#2062) c9b7579
- Chore: Organize and restructure tests (#2049) 2b8cd55
- Bump to latest winston-transport 2017c50
- Memory leak fix: do not wait for
- Update linter dependencies and config (#2059) 438cb73
- Bump @ types/node from 17.0.10 to 17.0.13 (#2051) 7f6a6f2
-
3.5.1 - 2022-01-31
-
3.5.0 - 2022-01-27
-
3.4.0 - 2022-01-10
- ties up a loose end by including [#1973] to go with [#1824]
- adds a missing http property in NpmConfigSetColors [#2004] (thanks @ SimDaSong)
- fixes a minor issue in the build/release process [#2014]
- pins the version of the testing framework to avoid an issue with a test incorrectly failing [#2017]
-
3.3.4 - 2022-01-10
-
3.3.3 - 2020-06-23
from winston GitHub release notesAdded functionality
Dependency updates by @ dependabot + CI autotesting
Updates facilitating repo maintenance & enhancing documentation
New Contributors
Full Changelog: v3.7.2...v3.8.0
What's Changed
Full Changelog: v3.7.1...v3.7.2
The release announcement on GitHub is 24 days behind the NPM release in this case, sorry for the confusion!
This change includes some minor updates to package-lock.json resolving npm audit failures: one in ansi-regex and another in minimist.
Full Changelog: v3.7.0...v3.7.1
process.nextTickto clear pending callbacks (#2057) f741383v3.5.1...v3.6.0
This release reverts the changes made in PR #1896 which added stricter typing to the available log levels,
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
Read more
v3.4.0 / 2022-01-10
Yesterday's release was done with a higher sense of urgency than usual due to vandalism in the
colorspackage. This release:The biggest change in this release, motivating the feature-level update, is [#2006] Make winston more ESM friendly, thanks to @ miguelcobain.
Thanks also to @ DABH, @ wbt, and @ fearphage for contributions and reviews!
Version 3.3.4
Commit messages
Package name: winston
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs