This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade winston from 3.3.3 to 3.7.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **7 versions** ahead of your current version.
- The recommended version was released **22 days ago**, on 2022-04-04.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Directory Traversal [SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit
| Prototype Pollution [SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit
| Information Exposure [SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept
| Information Exposure [SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: winston
</li>
<li>
<b>3.5.1</b> - <a href="https://snyk.io/redirect/github/winstonjs/winston/releases/tag/v3.5.1">2022-01-31</a></br><p>This release reverts the changes made in PR <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="835644953" data-permission-text="Title is private" data-url="https://github.com/winstonjs/winston/issues/1896" data-hovercard-type="pull_request" data-hovercard-url="/winstonjs/winston/pull/1896/hovercard" href="https://snyk.io/redirect/github/winstonjs/winston/pull/1896">#1896</a> which added stricter typing to the available log levels,<br>
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade winston from 3.3.3 to 3.7.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **7 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2022-04-04. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Directory Traversal
[SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: winston
This change includes some minor updates to package-lock.json resolving npm audit failures: one in ansi-regex and another in minimist.
Full Changelog: v3.7.0...v3.7.1
process.nextTick
to clear pending callbacks (#2057) f741383v3.5.1...v3.6.0
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
This release includes the following, in sequence by first merge in group:
Feature updates:
Patch-level updates:
.rejections
(#1842, #1929, #2021; thanks @ vanflux, @ svaj, @ glensc, & others!)stringify
, e.g. to avoid issues from circular structures, in the http transport (#2043, thanks @ karlwir!)Updates to the repo & project which don’t actually affect the running code:
Thanks also to maintainers @ DABH, @ fearphage, @ maverick1872, and @ wbt for issue/PR shepherding and help across multiple parts of the release!
If somebody got missed in the list of thanks, please forgive the accidental oversight and/or feel free to open a PR on the changelog.
Commit messages
Package name: winston
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs