[Snyk] Upgrade winston from 3.2.1 to 3.6.0 #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade winston from 3.2.1 to 3.6.0. See this package in npm: https://www.npmjs.com/package/winston See this project in Snyk: https://app.snyk.io/org/jswheeler/project/68241680-dcad-41c0-a6ad-1a5927f83814?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade winston from 3.2.1 to 3.6.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-COLORSTRING-1082939
Why? Proof of Concept exploit, CVSS 5.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: winston
-
3.6.0 - 2022-02-12
- Changelog updates for v3.6.0 5e72485
- Update dependencies, including latest logform (#2071) 93077ef
- Update to @ colors/colors (#2069) 035f94a
- Bump @ babel/core from 7.16.12 to 7.17.2 (#2068) 7665d88
- Bump @ babel/cli from 7.16.8 to 7.17.0 (#2064) e658389
- chore: add editorconfig (#2058) 30d260d
- Add search terms field to bug report template (#2067) 40ef309
- Bump @ types/node from 17.0.13 to 17.0.15 (#2062) c9b7579
- Chore: Organize and restructure tests (#2049) 2b8cd55
- Bump to latest winston-transport 2017c50
- Memory leak fix: do not wait for
- Update linter dependencies and config (#2059) 438cb73
- Bump @ types/node from 17.0.10 to 17.0.13 (#2051) 7f6a6f2
-
3.5.1 - 2022-01-31
-
3.5.0 - 2022-01-27
- Support batch mode in HTTP Transport (Issue #1970, PR #1998, thanks @ BBE78!)
- Bump dependency versions (thanks @ dependabot & @ DABH!)
- Bump @ types/node from 16.11.12 to 17.0.8 (PR #2009)
- Bump @ babel/preset-env from 7.16.7 to 7.16.8 (#2036)
- Bump @ types/node from 17.0.8 to 17.0.9 (#2035)
- Bump @ babel/cli from 7.16.7 to 7.16.8 (#2034)
- Bump @ types/node from 17.0.9 to 17.0.10 (#2042)
- Bump @ babel/core from 7.16.7 to 7.16.12 (#2041)
- Bump @ babel/preset-env from 7.16.8 to 7.16.11 (#2040)
- Fixing documentation syntax errors in transports code examples (#1916; thanks @ romanzaycev!)
- Fix missing type declarations, especially for
- More narrowly typing the “level” string (#1896, thanks @ yonas-g!)
- Using a safer
- Add a channel for reporting security vulnerabilities (#2024, thanks @ JamieSlome!)
- Add coverage tracking in CI & documentation (#2025 and #2028, thanks @ fearphage!)
- Update issue templates (#2030 and #2031, thanks @ maverick1872!)
- Remove gitter link from README.md (#2027, thanks @ DABH!)
-
3.4.0 - 2022-01-10
-
3.3.4 - 2022-01-10
-
3.3.3 - 2020-06-23
- Prepare for 3.3.3 c416e3a
- revert Fix bugs in type (#1807) (#1820) 35b0774
- Fix issue #1817 (#1819) bc6f681
-
3.3.2 - 2020-06-22
-
3.3.1 - 2020-06-22
-
3.3.0 - 2020-06-21
-
3.2.1 - 2019-01-29
from winston GitHub release notesprocess.nextTickto clear pending callbacks (#2057) f741383v3.5.1...v3.6.0
This release reverts the changes made in PR #1896 which added stricter typing to the available log levels,
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
This release includes the following, in sequence by first merge in group:
Feature updates:
Patch-level updates:
.rejections(#1842, #1929, #2021; thanks @ vanflux, @ svaj, @ glensc, & others!)stringify, e.g. to avoid issues from circular structures, in the http transport (#2043, thanks @ karlwir!)Updates to the repo & project which don’t actually affect the running code:
Thanks also to maintainers @ DABH, @ fearphage, @ maverick1872, and @ wbt for issue/PR shepherding and help across multiple parts of the release!
If somebody got missed in the list of thanks, please forgive the accidental oversight and/or feel free to open a PR on the changelog.
Read more
Version 3.3.4
v3.3.2...v3.3.3
Read more
Read more
Commit messages
Package name: winston
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs