[Snyk] Upgrade winston from 3.3.3 to 3.12.0

[MRdevX]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade winston from 3.3.3 to 3.12.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2024-03-04.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-SYSTEMINFORMATION-1074913	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Command Injection SNYK-JS-VIZION-565230	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-SYSTEMINFORMATION-1050436	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1050858	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1089718	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-NODEMAILER-1038834	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-SYSTEMINFORMATION-1078290	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Command Injection SNYK-JS-SYSTEMINFORMATION-1243748	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-2314884	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-6056393	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-SYSTEMINFORMATION-1244526	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SYSTEMINFORMATION-1043753	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-SYSTEMINFORMATION-1047312	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SYSTEMINFORMATION-1073627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: winston

• 3.12.0 - 2024-03-04
  
  • missing timestamp format in ready-to-use-pattern example (#2421) 9e5b407
  • bump deps (#2422) 4a85e6b
  • [chore] Run coveralls CI check on Node 20 not 16 (#2418) e153c68
  • Bump @ types/node from 20.8.6 to 20.11.19 (#2413) 587f40f
  • Update README.md (#2417) 8e99a00
  • docs: fix anchor in transports docs (#2416) 0bde36b
  • add winston-transport-vscode to transports docs (#2411) 8fb5b41
  • Bump @ babel/cli from 7.23.0 to 7.23.9 (#2406) a326743
  • Add winston-newrelic-agent-transport to transport documentation (#2382) cc731ef
  • Remove newrelic-winston transport entry. (#2405) f077f30
  • Bump eslint from 8.55.0 to 8.56.0 (#2397) 3943c41
  • Bump the npm_and_yarn group group with 1 update (#2391) 8260866
  • Fix unhandled rejection handling (#2390) 333b763
  • Fix all rimraf usages to the best of my ability; glob is not true by default in rimraf; file archive test only passed every other time using async rimraf, could use further investigation c3f3b5b
  • Fix rimraf usage in new test 8f3c653
  • Fix rimraf import in test (why didn't this break in PR CI?) f3836aa
  • Added functionality to long broken zippedArchive option (#2337) 02d4267
  • Bump async from 3.2.4 to 3.2.5 (#2378) 069a40d
  • Bump @ babel/preset-env from 7.23.2 to 7.23.7 (#2384) 79282e1
  • Bump winston-transport; fix test issue (#2386) 05788b9
  • Bump eslint from 8.51.0 to 8.55.0 (#2375) a7c2eec
  • Bump std-mocks from 1.0.1 to 2.0.0 (#2361) 85c336e
  • Bump actions/setup-node from 3 to 4 (#2362) 448d11c
  • chore(README.md): adds documentation around coloring json formatted logs 91ec069
  • Remove nonexistent Logger methods from types c3c3911
  • Update dependencies caf2df6

  v3.11.0...v3.12.0

• 3.11.0 - 2023-10-07
  
  • Bump split2 from 4.1.0 to 4.2.0 (#2336) 37f4282
  • Bump actions/checkout from 3 to 4 (#2346) fdcc893
  • Bump @ colors/colors packgae to 1.6.0 (#2353) dcbec34
  • Bump rimraf from 3.0.2 to 5.0.5 (#2357) aaaa4c0
  • feat: add guardrails to the instantiation of a Profiler (#2226) 914b846
  • Bump @ types/node from 20.3.1 to 20.4.2 (#2329) 23cb80c
  • Bug Fix: FileTransportOptions type missing lazy:boolean option (#2334) 1c43f7b

  v3.10.0...v3.11.0

• 3.10.0 - 2023-07-10
  Read more
• 3.9.0 - 2023-05-26
  Read more
• 3.8.2 - 2022-09-07
  Read more
• 3.8.1 - 2022-06-30
  

  Patch-level changes

  • Update types to match in-code definitions in #2157; thanks to new contributor @ flappyBug

  Dependency updates by @ dependabot + CI autotesting

  • Bump logform from 2.4.0 to 2.4.1 in #2156
  • Bump async from 3.2.3 to 3.2.4 in #2147

  Full Changelog: v3.8.0...v3.8.1

• 3.8.0 - 2022-06-23
  Read more
• 3.7.2 - 2022-04-04
  

  What's Changed

  • Revert for #2103 in #2104

  Full Changelog: v3.7.1...v3.7.2

  The release announcement on GitHub is 24 days behind the NPM release in this case, sorry for the confusion!

• 3.7.1 - 2022-04-04
• 3.6.0 - 2022-02-12
• 3.5.1 - 2022-01-31
• 3.5.0 - 2022-01-27
• 3.4.0 - 2022-01-10
• 3.3.4 - 2022-01-10
• 3.3.3 - 2020-06-23

from winston GitHub release notes

Commit messages

Package name: winston

• 7816869 3.12.0
• 9e5b407 missing timestamp format in ready-to-use-pattern example (#2421)
• 4a85e6b bump deps (#2422)
• e153c68 [chore] Run coveralls CI check on Node 20 not 16 (#2418)
• 587f40f Bump @ types/node from 20.8.6 to 20.11.19 (#2413)
• 8e99a00 Update README.md (#2417)
• 0bde36b docs: fix anchor in transports docs (#2416)
• 8fb5b41 add winston-transport-vscode to transports docs (#2411)
• a326743 Bump @ babel/cli from 7.23.0 to 7.23.9 (#2406)
• cc731ef Add winston-newrelic-agent-transport to transport documentation (#2382)
• f077f30 Remove newrelic-winston transport entry. (#2405)
• 3943c41 Bump eslint from 8.55.0 to 8.56.0 (#2397)
• 8260866 Bump the npm_and_yarn group group with 1 update (#2391)
• 333b763 Fix unhandled rejection handling (#2390)
• c3f3b5b Fix all rimraf usages to the best of my ability; glob is not true by default in rimraf; file archive test only passed every other time using async rimraf, could use further investigation
• 8f3c653 Fix rimraf usage in new test
• f3836aa Fix rimraf import in test (why didn't this break in PR CI?)
• 02d4267 Added functionality to long broken zippedArchive option (#2337)
• 069a40d Bump async from 3.2.4 to 3.2.5 (#2378)
• 79282e1 Bump @ babel/preset-env from 7.23.2 to 7.23.7 (#2384)
• 05788b9 Bump winston-transport; fix test issue (#2386)
• a7c2eec Bump eslint from 8.51.0 to 8.55.0 (#2375)
• 85c336e Bump std-mocks from 1.0.1 to 2.0.0 (#2361)
• 448d11c Bump actions/setup-node from 3 to 4 (#2362)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs