search

bithavoc / express-winston

express.js middleware for winstonjs
https://www.npmjs.com/package/express-winston
MIT License
798 stars 186 forks source link

Dependency on Winston 0.7.x #67

Closed danvanorden closed 9 years ago

danvanorden commented 9 years ago

When I install express-winston (npm install express-winston), I see the package.json file that shows a dependency on winston 0.7.x rather than the newer ~0.9.0 dependency based on the following commit:

https://github.com/bithavoc/express-winston/commit/6fd3c897dab89e21ea759538399ac366004364e2#diff-b9cfc7f2cdf78a7f4b91a753d10865a2

Is the public npm registry not up-to-date with the latest, or is the issue on my end?

floatingLomas commented 9 years ago

@bithavoc, I don't think this got npm published...?

kirrg001 commented 9 years ago

+1

nsp audit-package Name Installed Patched Vulnerable Dependency qs 0.5.6 >= 1.x ****@1.0.0 > express-winston@0.2.12 > winston@0.7.3 > request@2.16.6 > qs@0.5.6

floatingLomas commented 9 years ago

@bithavoc, if you can give floatinglomas npm publish rights, I will deal with this right quick.

floatingLomas commented 9 years ago

Published v0.3.0, so closing.

danvanorden commented 9 years ago

Thanks, @floatingLomas.