[Snyk] Upgrade winston from 3.14.2 to 3.17.0

Open vinitkumar opened this issue 6 months ago • 0 comments

Snyk has created this PR to upgrade winston from 3.14.2 to 3.17.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 9 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	542	Proof of Concept

Release notes

Package name: winston

3.17.0 - 2024-11-10
- Try winston-transport 4.9.0 3e87128
- Revert "Try bumping winston-transport to 4.8.0" 69625fc
- Revert "Try bumping winston-transport to 4.8.0" 876ef7a
- Try bumping winston-transport to 4.8.0 7ef2c1d
- Try bumping winston-transport to 4.8.0 fe4b64e
- Bump logform c9fd9a4
- Revert "Update logform and winston-transport" 14fef0f
- Merge branch 'master' of github.com:winstonjs/winston 545b683
- Update logform and winston-transport cceb265
- Bump mocha from 10.7.3 to 10.8.2 (#2523) bb529b6
- Bump async from 3.2.5 to 3.2.6 (#2516) ae847ab
v3.16.0...v3.17.0
3.16.0 - 2024-11-01
- Feature - optionally include Error.cause property (#2447) 201b6f1
v3.15.0...v3.16.0
3.15.0 - 2024-10-05
Note: we removed LogCallback from the TS definitions because the underlying library didn't actually support these. If this causes issues in your apps, we recommend you remove references to LogCallbacks, since such code was not being executed anyways. See #2513 and the issue linked therein.
- remove logcallback (#2513) 3a54777
- chore(docs): Update README.md w/ usage comments (#2507) f110f61
- Bump nyc from 15.1.0 to 17.1.0 (#2511) f5dde86
- Bump @ babel/cli from 7.24.7 to 7.25.6 (#2512) d1b8dc6
- Bump @ babel/preset-env from 7.24.8 to 7.25.4 (#2506) 564161a
- Bump mocha from 10.7.0 to 10.7.3 (#2500) eb7e315
- Unified Handler Tests (#2020) 22aab6d
v3.14.2...v3.15.0
3.14.2 - 2024-08-14
- Move initialization to constructor (#2503) 2458ba6
v3.14.1...v3.14.2

from winston GitHub release notes

[!IMPORTANT]

Check the changes in this PR to ensure they won't cause issues with your project.

This PR was automatically created by Snyk using the credentials of a real user.

Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

This change is

Aug 20 '25 13:08 vinitkumar