jeremybradbury / express4-https-bearer-token-mysql-api

Express 4.x HTTPS API app using Passport Bearer tokens with a MySQL backend.
https://jeremybradbury.github.io/express4-https-bearer-token-mysql-api/
The Unlicense
1 stars 0 forks source link

[Snyk] Security upgrade winston from 2.4.5 to 3.3.0 #20

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: winston The new version differs by 250 commits.
  • b47d5d5 3.3.0
  • b6bc918 Prepare for v3.3.0
  • 9354721 doc: fix whitespace and trailing comma. (#1778)
  • 3d07a80 docs: add example of uncaughtRejections logging (#1780)
  • df25fa2 fix: change property of handleRejections (#1779)
  • 950cbcd Add options to request (#1777)
  • 1c75292 Update package-lock.json (#1772)
  • e7d13d5 Exclude unnecessary files from npm package (#1768)
  • 75f7edf Fix removes a logger when pass undefined transport (#1785)
  • 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)
  • 73ae01f Update Sentry transport `require` change (#1754)
  • 7b67eb0 Fix typo (#1750)
  • 1679c49 Fix Issue where winston removes transport on error (#1364) (#1714)
  • 0e0cf14 Fix #1690 (#1691)
  • 85a250a Node 12 is LTS now
  • bea9c34 Update README.md (#1743)
  • 319abf1 Add defaultMeta to Logger index.d.ts (#1736)
  • c719706 (typo) Missing label import in example (#1733)
  • 8944598 Update index.d.ts (#1729)
  • 7bb258c Fix `npm` logging levels on README.md (#1737)
  • 64744d7 #1567: document common transport options (#1723)
  • ae2335b Add Humio transport link to docs (#1705)
  • 785bd9e UPDATE levels on readme (http added) (#1650)
  • 4f44acb Add PostgresQL transport to list of community transports (#1697)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

šŸ¦‰ Prototype Pollution