Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 9 versions ahead of your current version.
The recommended version was released 2 months ago, on 2022-06-30.
This release reverts the changes made in PR #1896 which added stricter typing to the available log levels,
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-ASYNC-2441827
Why? Proof of Concept exploit, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: winston
Patch-level changes
Dependency updates by @ dependabot + CI autotesting
Full Changelog: v3.8.0...v3.8.1
Added functionality
Dependency updates by @ dependabot + CI autotesting
Updates facilitating repo maintenance & enhancing documentation
New Contributors
Full Changelog: v3.7.2...v3.8.0
What's Changed
Full Changelog: v3.7.1...v3.7.2
The release announcement on GitHub is 24 days behind the NPM release in this case, sorry for the confusion!
This change includes some minor updates to package-lock.json resolving npm audit failures: one in ansi-regex and another in minimist.
Full Changelog: v3.7.0...v3.7.1
process.nextTick
to clear pending callbacks (#2057) f741383v3.5.1...v3.6.0
This release reverts the changes made in PR #1896 which added stricter typing to the available log levels,
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
Version 3.3.4
Commit messages
Package name: winston
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:![](https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjNTA3ZWNhNy1mZTc2LTQ2ZmEtOGEzOC0yNmY3NDk2YzlhODQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImM1MDdlY2E3LWZlNzYtNDZmYS04YTM4LTI2Zjc0OTZjOWE4NCJ9fQ==)
![](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=winston&from_version=3.3.3&to_version=3.8.1&pr_id=c507eca7-fe76-46fa-8a38-26f7496c9a84&visibility=false&has_feature_flag=false)
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs