search

katalon-studio / kr-cli

A public repo for Katalon Recorder Command-Line Runner
1 stars 2 forks source link

[Snyk] Upgrade winston from 3.3.3 to 3.8.2 #11

Open tructran273 opened 1 year ago

tructran273 commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **10 versions** ahead of your current version. - The recommended version was released **10 months ago**, on 2022-09-07. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: winston
  • 3.8.2 - 2022-09-07

    Patch-level changes

    • Add .js to main entry point in package.json in #2177; thanks to new contributor @ rumanbsl
    • Small grammatical fixes in README.md in #2183; thanks to new contributor @ mikebarr24
    • Move colors to non-dev dependencies by @ wbt in #2190

    Dependency updates by @ dependabot + CI autotesting

    • Bump @ babel/preset-env from 7.18.2 to 7.19.0 in #2189
    • Bump @ babel/cli from 7.17.10 to 7.18.10 in #2173
    • Bump eslint from 8.18.0 to 8.23.0 in #2184
    • Bump @ babel/core from 7.18.5 to 7.19.0 in #2192
    • Bump logform from 2.4.1 to 2.4.2 in #2191
  • 3.8.1 - 2022-06-30

    Patch-level changes

    • Update types to match in-code definitions in #2157; thanks to new contributor @ flappyBug

    Dependency updates by @ dependabot + CI autotesting

    • Bump logform from 2.4.0 to 2.4.1 in #2156
    • Bump async from 3.2.3 to 3.2.4 in #2147

    Full Changelog: v3.8.0...v3.8.1

  • 3.8.0 - 2022-06-23

    Added functionality

    • Add the stringify replacer option to the HTTP transport by @ domiins in #2155

    Dependency updates by @ dependabot + CI autotesting

    • Bump @ babel/core from 7.17.8 to 7.18.5
    • Bump eslint from 8.12.0 to 8.18.0
    • Bump @ types/node from 17.0.23 to 18.0.0
    • Bump @ babel/preset-env from 7.16.11 to 7.18.2
    • Bump @ babel/cli from 7.17.6 to 7.17.10

    Updates facilitating repo maintenance & enhancing documentation

    • Explicitly note that the Contirbuting.md file is out of date
    • Add instructions for publishing updated version by @ wbt (docs/publishing.md)
    • Prettier Config File by @ jeanpierrecarvalho in #2092
    • Readme update to explain origin of errors for handling (#2120)
    • update documentation for #2114 by @ zizifn in #2138
    • enhance message for logs with no transports #2114 by @ zizifn in #2139
    • Added a new Community Transport option to the list: Worker Thread based async Console Transport by @ arpad1337 in #2140

    New Contributors

    Full Changelog: v3.7.2...v3.8.0

  • 3.7.2 - 2022-04-04

    What's Changed

    Full Changelog: v3.7.1...v3.7.2

    The release announcement on GitHub is 24 days behind the NPM release in this case, sorry for the confusion!

  • 3.7.1 - 2022-04-04

    This change includes some minor updates to package-lock.json resolving npm audit failures: one in ansi-regex and another in minimist.

    Full Changelog: v3.7.0...v3.7.1

      </li>
  <li>
    <b>3.6.0</b> - <a href="https://snyk.io/redirect/github/winstonjs/winston/releases/tag/v3.6.0">2022-02-12</a></br><ul>
  • Changelog updates for v3.6.0 5e72485
  • Update dependencies, including latest logform (#2071) 93077ef
  • Update to @ colors/colors (#2069) 035f94a
  • Bump @ babel/core from 7.16.12 to 7.17.2 (#2068) 7665d88
  • Bump @ babel/cli from 7.16.8 to 7.17.0 (#2064) e658389
  • chore: add editorconfig (#2058) 30d260d
  • Add search terms field to bug report template (#2067) 40ef309
  • Bump @ types/node from 17.0.13 to 17.0.15 (#2062) c9b7579
  • Chore: Organize and restructure tests (#2049) 2b8cd55
  • Bump to latest winston-transport 2017c50
  • Memory leak fix: do not wait for process.nextTick to clear pending callbacks (#2057) f741383
  • Update linter dependencies and config (#2059) 438cb73
  • Bump @ types/node from 17.0.10 to 17.0.13 (#2051) 7f6a6f2

v3.5.1...v3.6.0

  </li>
  <li>
    <b>3.5.1</b> - <a href="https://snyk.io/redirect/github/winstonjs/winston/releases/tag/v3.5.1">2022-01-31</a></br><a href="https://snyk.io/redirect/github/winstonjs/winston/releases/tag/v3.5.1"> Read more </a>
  </li>
  <li>
    <b>3.5.0</b> - <a href="https://snyk.io/redirect/github/winstonjs/winston/releases/tag/v3.5.0">2022-01-27</a></br><a href="https://snyk.io/redirect/github/winstonjs/winston/releases/tag/v3.5.0"> Read more </a>
  </li>
  <li>
    <b>3.4.0</b> - 2022-01-10
  </li>
  <li>
    <b>3.3.4</b> - 2022-01-10
  </li>
  <li>
    <b>3.3.3</b> - 2020-06-23
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/winstonjs/winston/releases">winston GitHub release notes</a>

Commit messages
Package name: winston
  • 101e2f4 Merge branch 'master' of https://github.com/winstonjs/winston
  • a14ac04 v3.8.2
  • c32a5ae Bump logform from 2.4.1 to 2.4.2
  • 0bf0fae Bump @ babel/core from 7.18.5 to 7.19.0
  • ff219f3 Bump eslint from 8.18.0 to 8.23.0
  • 90fb00b Bump @ babel/cli from 7.17.10 to 7.18.10
  • 64e25e4 Bump @ babel/preset-env from 7.18.2 to 7.19.0
  • 7e66751 Move colors to non-dev dependencies
  • 3f1dcc1 Update README.md
  • acaa95b Update package.json
  • 3998df0 v3.8.1 docs
  • 013799c Bump async from 3.2.3 to 3.2.4
  • 6217120 Replace `new` with `constructor`
  • afd389a Change interface to class in exported types
  • b892de9 Bump logform from 2.4.0 to 2.4.1
  • 5658ec3 Note 2nd place for version # update
  • 70ffba6 Another update of package #
  • 38c1c46 Update changelog & version # 3.8.0
  • 7b1917e Update publishing steps for easier drafting
  • 6e27faa Prettier Config File
  • 063cea2 Bump @ types/node from 17.0.42 to 18.0.0
  • 95a6a2f Bump eslint from 8.17.0 to 8.18.0
  • 355650e Add the replacer option to the HTTP transport
  • 440babc Added a new Community Transport option to the list (#2140)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs