search

OpenTMI / opentmi

OpenTMI (Test Management Infrastructure) Core
MIT License
21 stars 6 forks source link

[Snyk] Upgrade winston from 3.7.2 to 3.11.0 #753

Open jupe opened 8 months ago

jupe commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade winston from 3.7.2 to 3.11.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **3 months ago**, on 2023-10-07. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Pollution
[SNYK-JS-MONGOOSE-5777721](https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Denial of Service (DoS)
[SNYK-JS-DICER-2311764](https://snyk.io/vuln/SNYK-JS-DICER-2311764) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Mature | Denial of Service (DoS)
[SNYK-JS-ENGINEIO-3136336](https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Uncaught Exception
[SNYK-JS-ENGINEIO-5496331](https://snyk.io/vuln/SNYK-JS-ENGINEIO-5496331) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MOMENT-2944238](https://snyk.io/vuln/SNYK-JS-MOMENT-2944238) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Denial of Service (DoS)
[SNYK-JS-SOCKETIOPARSER-5596892](https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-5596892) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-MONGODB-5871303](https://snyk.io/vuln/SNYK-JS-MONGODB-5871303) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Command Injection
[SNYK-JS-SNYK-3037342](https://snyk.io/vuln/SNYK-JS-SNYK-3037342) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Command Injection
[SNYK-JS-SNYK-3038622](https://snyk.io/vuln/SNYK-JS-SNYK-3038622) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept | Code Injection
[SNYK-JS-SNYK-3111871](https://snyk.io/vuln/SNYK-JS-SNYK-3111871) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit | Improper Input Validation
[SNYK-JS-SOCKETIOPARSER-3091012](https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: winston from winston GitHub release notes
Commit messages
Package name: winston
  • 1c8c65f 3.11.0
  • 37f4282 Bump split2 from 4.1.0 to 4.2.0 (#2336)
  • fdcc893 Bump actions/checkout from 3 to 4 (#2346)
  • dcbec34 Bump @ colors/colors packgae to 1.6.0 (#2353)
  • aaaa4c0 Bump rimraf from 3.0.2 to 5.0.5 (#2357)
  • 914b846 feat: add guardrails to the instantiation of a Profiler (#2226)
  • 23cb80c Bump @ types/node from 20.3.1 to 20.4.2 (#2329)
  • 1c43f7b Bug Fix: FileTransportOptions type missing lazy:boolean option (#2334)
  • 19ac9d8 3.10.0
  • fc9c83d Avoid potential github issues - relax engines node requirement in package.json
  • eda40ef Export Logger class (#2181)
  • f7e7f2f Added Lazy option to file transport (#2317)
  • de2e887 Bump eslint from 8.32.0 to 8.44.0 (#2321)
  • fcc69ec docs(#2319): Syntax error on README.md (#2320)
  • 9d6001a fix(types): Allow any object to be passed as meta to logger.profile (#2314)
  • 06e3165 Bump @ types/node from 18.11.18 to 20.3.1 (#2313)
  • 61e2f5b Update supported Node versions and run npm audit fix (#2315)
  • 7643ad6 Bump @ babel/core from 7.20.12 to 7.22.1 (#2309)
  • 0ed7650 Merge branch 'master' of https://github.com/winstonjs/winston
  • 0f092ca v3.9.0 package-lock & changelog
  • c77e117 Note what might be missing
  • b2bf0b3 Bump safe-stable-stringify from 2.4.0 to 2.4.3
  • c198523 move guard higher and add comment
  • 2609a55 attempt to fix haning streams issue
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/jupe/project/89137d2b-8d19-4840-b8f3-d0a8d93b8f9e?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/jupe/project/89137d2b-8d19-4840-b8f3-d0a8d93b8f9e/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/jupe/project/89137d2b-8d19-4840-b8f3-d0a8d93b8f9e/settings/integration?pkg=winston&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)