🚨 [security] Update winston 3.2.1 → 3.14.2 (minor) #142
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ winston (3.2.1 → 3.14.2) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
3.2.1
3.2.0
3.1.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 22 commits:
3.2.1
revert color convert back down to es5-compatible version
3.2.0
bump color-convert and mocha
3.1.4
bump color-string
add .npmrc
3.1.3
bump color-string and add regression test for #174 (fixes #174)
fixed typo about hex() in readme
#166 Add new examples after code review
#166 More clearly documentation of methods whiten() and darken()
fix build with latest versions of node
3.1.2
fix Color(null) not working
3.1.1
run tests on newer versions of node
update test deps
Close #103 (#157)
3.1.0
throw exception when an empty string is passed to the constructor (#148)
Update README.md (#144)
Security Advisories 🚨
🚨 Regular Expression Denial of Service (ReDOS)
Release Notes
1.9.0
1.8.2
1.8.1
1.7.4
1.7.1
1.7.0
1.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 2 commits:
1.9.1
fix to.keyword returning Object.prototype values (#67)
Release Notes
4.2.3 (from changelog)
4.2.1 (from changelog)
Does any of this look wrong? Please let us know.
Release Notes
2.6.1
2.6.0
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.4.1
1.4.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 15 commits:
1.4.1
Relax node engines requirement to geq 14.0.0 in package.json
1.4.0
update package.json
update package.json
Merge branch 'master' of github.com:winstonjs/triple-beam
update npmignore
Bump assume from 2.0.1 to 2.3.0 (#8)
rm ts test
Fix lint config
Update packages
Bump y18n from 3.2.1 to 3.2.2 (#7)
Add GitHub Actions CI
Bump minimist, mkdirp, mocha and nyc (#6)
Exclude unnecessary files from the npm package (#5)
Release Notes
4.7.1
4.7.0
4.6.0
4.5.0
4.4.1
4.4.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 55 commits:
4.7.1
update dependencies
Bump mocha from 10.2.0 to 10.4.0 (#218)
Bump eslint from 8.56.0 to 8.57.0 (#213)
Bump @types/node from 20.11.10 to 20.12.7 (#221)
4.7.0
Resolve circular dependency issues downstream in Winston (#207)
Bump actions/checkout from 3 to 4 (#182)
Bump deep-equal from 2.2.2 to 2.2.3 (#190)
Bump rimraf from 3.0.2 to 5.0.5 (#181)
Bump actions/setup-node from 3 to 4 (#185)
Bump eslint from 8.51.0 to 8.56.0 (#199)
Bump @types/node from 20.8.6 to 20.11.10 (#206)
Bump @babel/traverse from 7.10.3 to 7.23.2 (#180)
4.6.0
Bump deep-equal from 2.0.5 to 2.2.2 (#178)
Update dependencies and increase minimum node engine to 12
Update CI node versions to match winston
Bump eslint from 8.25.0 to 8.35.0 (#176)
Bump @types/node from 18.11.0 to 18.14.6 (#177)
Bump decode-uri-component from 0.2.0 to 0.2.2 (#159)
Bump eslint from 8.16.0 to 8.25.0 (#148)
Bump mocha from 10.0.0 to 10.1.0 (#150)
Bump @types/node from 17.0.36 to 18.11.0 (#151)
Bump logform from 2.4.1 to 2.4.2 (#126)
Bump logform from 2.4.0 to 2.4.1 (#122)
Bump @types/node from 17.0.21 to 17.0.36 (#115)
Bump eslint from 8.10.0 to 8.16.0 (#114)
Bump mocha from 9.2.1 to 10.0.0 (#109)
Bump minimist from 1.2.5 to 1.2.6 (#104)
Bump actions/setup-node from 2 to 3 (#95)
Bump @types/node from 17.0.15 to 17.0.21 (#94)
Bump eslint from 8.8.0 to 8.10.0 (#93)
Bump mocha from 9.2.0 to 9.2.1 (#91)
Bump logform from 2.3.2 to 2.4.0 (#90)
Bump actions/checkout from 2 to 3 (#96)
4.5.0
Update .npmignore
Merge branch 'master' of github.com:winstonjs/winston-transport
Changelog for 4.5.0
Memory leak fix: do not wait `process.nextTick` (#81)
Update linting dependencies (#87)
Replace Travis CI with GitHub Actions (#82)
fix(logform): removed duplicate dependency (#67)
Relative ref to bin file not needed; npm looks there by default (#80)
Update logform dependency version and run npm audit fix; update package version to 4.4.2
4.4.1 release details (#78)
[fix] Bump to latest readable-stream. (#45)
Add handleRejections to types (#44)
Promote logform to dependency (#58)
Exclude unnecessary files from npm package (#60)
4.4.0
Prepare for v4.4.0: update changelog, update dependencies, update Travis Node version
Expose LegacyTransportStream on index (#42)
Add handleRejections option support (#41)
🆕 @colors/colors (added, 1.6.0)
🆕 @dabh/diagnostics (added, 2.0.3)
🆕 @types/triple-beam (added, 1.3.5)
🆕 fn.name (added, 1.1.0)
🆕 safe-stable-stringify (added, 2.4.3)
🗑️ colornames (removed)
🗑️ colors (removed)
🗑️ diagnostics (removed)
🗑️ env-variable (removed)
🗑️ fast-safe-stringify (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands