Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade winston from 3.2.1 to 3.3.3 #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade winston from 3.2.1 to 3.3.3 #6

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jun 6, 2021

Snyk has created this PR to upgrade winston from 3.2.1 to 3.3.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-06-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 265/1000
Why? CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: winston from winston GitHub release notes
Commit messages
Package name: winston
  • 7b46dc8 3.3.3
  • c416e3a Prepare for 3.3.3
  • 35b0774 revert Fix bugs in type (#1807) (#1820)
  • bc6f681 Fix issue #1817 (#1819)
  • 5c8da2d 3.3.2
  • 0752614 [#1814] Use fork of diagnostics on NPM to avoid making Docker images require git
  • e364ddc 3.3.1
  • faac066 Prep for 3.3.1
  • 227ca0a Add space between `info.message` and `meta.message` (#1740)
  • ef97171 Fix bugs in `createLogger` type (#1807)
  • 0e1c812 Fix typing for Profile.start (was Date, should be Number) (#1803)
  • 9e7bd71 Merge branch 'master' of github.com:winstonjs/winston
  • 67cd9b5 [#1813] Use fork of diagnostics, avoiding indirect storage-engine dependency
  • 6545a7e remove emitErrs note from README (its no longer supported) (#1810)
  • b47d5d5 3.3.0
  • b6bc918 Prepare for v3.3.0
  • 9354721 doc: fix whitespace and trailing comma. (#1778)
  • 3d07a80 docs: add example of uncaughtRejections logging (#1780)
  • df25fa2 fix: change property of handleRejections (#1779)
  • 950cbcd Add options to request (#1777)
  • 1c75292 Update package-lock.json (#1772)
  • e7d13d5 Exclude unnecessary files from npm package (#1768)
  • 75f7edf Fix removes a logger when pass undefined transport (#1785)
  • 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot