[Snyk] Upgrade winston-transport from 4.4.0 to 4.7.1 #933
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade winston-transport from 4.4.0 to 4.7.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 6 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-SEMVER-3247795
SNYK-JS-ENGINEIO-1056749
SNYK-JS-ENGINEIO-3136336
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-BRACES-6838727
SNYK-JS-BRACES-6838727
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-INI-1048974
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-SOCKETIO-7278048
SNYK-JS-SOCKETIOPARSER-1056752
SNYK-JS-SOCKETIOPARSER-5596892
SNYK-JS-SSH2-1656673
SNYK-JS-MICROMATCH-6838728
SNYK-JS-GLOBPARENT-1016905
SNYK-JS-GOT-2932019
SNYK-JS-GOT-2932019
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-COLORSTRING-1082939
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-IP-7148531
SNYK-JS-ISTANBULREPORTS-2328088
SNYK-JS-JSON5-3182856
SNYK-JS-JSON5-3182856
SNYK-JS-JSZIP-1251497
SNYK-JS-JSZIP-3188562
SNYK-JS-JSZIP-1251497
SNYK-JS-JSZIP-3188562
SNYK-JS-SNYKPYTHONPLUGIN-3039677
SNYK-JS-SNYKSBTPLUGIN-3038626
SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625
SNYK-JS-SOCKETIO-1024859
SNYK-JS-SOCKETIOPARSER-3091012
SNYK-JS-SOCKETIOPARSER-3091012
SNYK-JS-NCONF-2395478
SNYK-JS-NETMASK-1089716
SNYK-JS-NETMASK-6056519
SNYK-JS-NORMALIZEURL-1296539
SNYK-JS-PUG-1071616
SNYK-JS-PUGCODEGEN-1082232
SNYK-JS-PUGCODEGEN-7086056
SNYK-JS-QS-3153490
SNYK-JS-LODASH-1040724
SNYK-JS-LODASHSET-1320032
SNYK-JS-MARKDOWNIT-6483324
SNYK-JS-WS-7266574
SNYK-JS-WS-7266574
SNYK-JS-XMLHTTPREQUESTSSL-1082936
SNYK-JS-TRIMNEWLINES-1298042
SNYK-JS-XMLHTTPREQUESTSSL-1255647
SNYK-JS-Y18N-1021887
SNYK-JS-Y18N-1021887
SNYK-JS-UNSETVALUE-2400660
SNYK-JS-IP-6240864
SNYK-JS-MICROMATCH-6838728
SNYK-JS-TAFFYDB-2992450
SNYK-JS-TMPL-1583443
SNYK-JS-LODASH-1040724
SNYK-JS-LODASH-567746
SNYK-JS-AJV-584908
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-PACRESOLVER-1564857
SNYK-JS-PARSELINKHEADER-1582783
SNYK-JS-SNYK-3037342
SNYK-JS-SNYK-3038622
SNYK-JS-SNYK-3111871
SNYK-JS-SNYKDOCKERPLUGIN-3039679
SNYK-JS-SNYKGOPLUGIN-3037316
SNYK-JS-SNYKGRADLEPLUGIN-3038624
SNYK-JS-SNYKMVNPLUGIN-3038623
SNYK-JS-MINIMATCH-3050818
SNYK-JS-NODENOTIFIER-1035794
SNYK-JS-LODASH-1018905
SNYK-JS-MARKDOWNIT-2331914
SNYK-JS-MARKED-2342073
SNYK-JS-MARKED-2342082
SNYK-JS-WS-1296835
SNYK-JS-WS-1296835
SNYK-JS-XML2JS-5414874
SNYK-JS-UGLIFYJS-1727251
SNYK-JS-UNDERSCORE-1080984
SNYK-JS-UNDERSCORE-1080984
SNYK-JS-VUETEMPLATECOMPILER-7554675
SNYK-JS-MARKED-584281
SNYK-JS-LODASH-1018905
SNYK-JS-NWSAPI-2841516
SNYK-JS-PATHPARSE-1077067
SNYK-JS-PROMPTS-1729737
SNYK-JS-MINIMIST-2429795
SNYK-JS-WORDWRAP-3149973
Release notes
Package name: winston-transport
v4.7.0...v4.7.1
v4.6.0...v4.7.0
v4.5.0...v4.6.0
process.nextTick
(#81) 65665184.4.2...v4.5.0
Version 4.4.2
Updates to dependencies and Typescript support for last feature release.
4.3.0...v4.4.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"winston-transport","from":"4.4.0","to":"4.7.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ENGINEIO-1056749","issue_id":"SNYK-JS-ENGINEIO-1056749","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ENGINEIO-3136336","issue_id":"SNYK-JS-ENGINEIO-3136336","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ASYNC-2441827","issue_id":"SNYK-JS-ASYNC-2441827","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIO-7278048","issue_id":"SNYK-JS-SOCKETIO-7278048","priority_score":649,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.7","score":435},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncaught Exception"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SOCKETIOPARSER-1056752","issue_id":"SNYK-JS-SOCKETIOPARSER-1056752","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SOCKETIOPARSER-5596892","issue_id":"SNYK-JS-SOCKETIOPARSER-5596892","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SSH2-1656673","issue_id":"SNYK-JS-SSH2-1656673","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scor...