[Snyk] Upgrade winston from 2.4.4 to 2.4.7

[weinrich15]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade winston from 2.4.4 to 2.4.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released a year ago, on 2022-11-15.

Release notes

Package name: winston

• 2.4.7 - 2022-11-15
  

  What's Changed

  • Utilizing async 2.6.4 for node 4 compatibility by @ ansmithf5 in #2166
  • Update lodash to fix audit failures by @ ansmithf5 in #2167

  New Contributors

  • @ ansmithf5 made their first contribution in #2166

  Full Changelog: v2.4.6...v2.4.7

• 2.4.6 - 2022-04-28
  

  This updates a dependency to address https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827. See #2112 by @bacali95.

• 2.4.5 - 2020-06-22
• 2.4.4 - 2018-08-21

from winston GitHub release notes

Commit messages

Package name: winston

• b8baf4c Add dist to ignore file
• 62f00cc Bump version number
• 6d967ef Update lodash to fix audit failures (#2167)
• b896150 Update CHANGELOG entry to unrelease version
• f8e1164 Utilizing async 2.6.4 for node 4 compatibility
• d6d620f Merge branch '2.x' of https://github.com/winstonjs/winston into 2.x
• cd7c60b Update version # & changelog
• b17beca Update async to 3.2.3
• 52060d6 2.4.5
• d9ff3d6 use a different vows reporter because the spec reporter doesn't seem to work with recent Node versions
• a69d202 Prepare for v2.4.5
• 1db00d8 Silence node.js 14 non-existent property warning (Added a tcp keep alive to the socket BallAerospace/COSMOS#1800)
• 542f2b9 Fixing path for example (#1756)
• 9659197 Update README.md (UDP Separete Read and Write IP's BallAerospace/COSMOS#1448)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[weinrich15]

Checkmarx One – Scan Summary & Details – 4ef2e4e2-e9ef-4e14-9a55-71fb41e8504e

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2016-10707	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2017-12964	Ruby-sassc-2.4.0	Vulnerable Package
	CVE-2018-20834	Npm-tar-2.2.1	Vulnerable Package
	CVE-2019-13173	Npm-fstream-1.0.11	Vulnerable Package
	CVE-2019-20149	Npm-kind-of-6.0.2	Vulnerable Package
	CVE-2020-28469	Npm-glob-parent-3.1.0	Vulnerable Package
	CVE-2020-28469	Npm-glob-parent-2.0.0	Vulnerable Package
	CVE-2020-8164	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2020-8165	Ruby-activesupport-5.1.7	Vulnerable Package
	CVE-2021-22880	Ruby-activerecord-5.1.7	Vulnerable Package
	CVE-2021-22885	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2021-22904	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2021-29509	Ruby-puma-3.12.6	Vulnerable Package
	CVE-2021-32803	Npm-tar-2.2.1	Vulnerable Package
	CVE-2021-32804	Npm-tar-2.2.1	Vulnerable Package
	CVE-2021-37701	Npm-tar-2.2.1	Vulnerable Package
	CVE-2021-37712	Npm-tar-2.2.1	Vulnerable Package
	CVE-2021-37713	Npm-tar-2.2.1	Vulnerable Package
	CVE-2021-3918	Npm-json-schema-0.2.3	Vulnerable Package
	CVE-2021-44906	Npm-minimist-0.0.8	Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.4.4	Vulnerable Package
	CVE-2022-24790	Ruby-puma-3.12.6	Vulnerable Package
	CVE-2022-24999	Npm-qs-6.5.2	Vulnerable Package
	CVE-2022-25883	Npm-semver-5.6.0	Vulnerable Package
	CVE-2022-30122	Ruby-rack-2.2.3.1	Vulnerable Package
	CVE-2022-32224	Ruby-activerecord-5.1.7	Vulnerable Package
	CVE-2022-3517	Npm-minimatch-3.0.4	Vulnerable Package
	CVE-2022-43357	Ruby-sassc-2.4.0	Vulnerable Package
	CVE-2022-44566	Ruby-activerecord-5.1.7	Vulnerable Package
	CVE-2022-44570	Ruby-rack-2.2.3.1	Vulnerable Package
	CVE-2022-44571	Ruby-rack-2.2.3.1	Vulnerable Package
	CVE-2022-44572	Ruby-rack-2.2.3.1	Vulnerable Package
	CVE-2023-22792	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2023-22795	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2023-22796	Ruby-activesupport-5.1.7	Vulnerable Package
	CVE-2023-26136	Npm-tough-cookie-2.4.3	Vulnerable Package
	CVE-2023-27530	Ruby-rack-2.2.3.1	Vulnerable Package
	CVE-2023-40175	Ruby-puma-3.12.6	Vulnerable Package
	Cx2d55b83a-7aa0	Npm-braces-1.8.5	Vulnerable Package
	Cx89601373-08db	Npm-debug-3.1.0	Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-3.1.0	Vulnerable Package
	Cxb3ca64d2-9cd1	Npm-mocha-4.1.0	Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	Vulnerable Package
	Cxf6e7f2c1-dc59	Npm-yauzl-2.10.0	Vulnerable Package
	Missing User Instruction	/Dockerfile: 4	A user should be specified in the dockerfile, otherwise the image will run as root
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	Apt Get Install Pin Version Not Defined	/Dockerfile: 6	When installing a package, its pin version should be defined
	CVE-2007-2379	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2014-6071	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2015-9251	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2018-1109	Npm-braces-1.8.5	Vulnerable Package
	CVE-2019-11358	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2020-11022	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2020-11023	Npm-jquery-1.10.2	Vulnerable Package
	CVE-2020-15169	Ruby-actionview-5.1.7	Vulnerable Package
	CVE-2020-15366	Npm-ajv-6.5.5	Vulnerable Package
	CVE-2020-5267	Ruby-actionview-5.1.7	Vulnerable Package
	CVE-2020-7598	Npm-minimist-0.0.8	Vulnerable Package
	CVE-2020-8124	Npm-url-parse-1.4.4	Vulnerable Package
	CVE-2021-27515	Npm-url-parse-1.4.4	Vulnerable Package
	CVE-2021-3664	Npm-url-parse-1.4.4	Vulnerable Package
	CVE-2022-0512	Npm-url-parse-1.4.4	Vulnerable Package
	CVE-2022-0639	Npm-url-parse-1.4.4	Vulnerable Package
	CVE-2022-23633	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2022-23634	Ruby-puma-3.12.6	Vulnerable Package
	CVE-2022-27777	Ruby-actionview-5.1.7	Vulnerable Package
	CVE-2022-3704	Ruby-actionpack-5.1.7	Vulnerable Package
	CVE-2023-23913	Ruby-actionview-5.1.7	Vulnerable Package
	CVE-2023-27539	Ruby-rack-2.2.3.1	Vulnerable Package
	CVE-2023-28120	Ruby-activesupport-5.1.7	Vulnerable Package
	CVE-2023-28155	Npm-request-2.88.0	Vulnerable Package
	CVE-2023-28362	Ruby-actionpack-5.1.7	Vulnerable Package
	Cx435a6fda-ca38	Npm-commander-2.11.0	Vulnerable Package
	Cxf0b588a3-5c6f	Npm-jquery-1.10.2	Vulnerable Package
	Gem Install Without Version	/Dockerfile: 55	Instead of 'gem install ' we should use 'gem install :'
	Gem Install Without Version	/Dockerfile: 35	Instead of 'gem install ' we should use 'gem install :'
	Not Using JSON In CMD And ENTRYPOINT Arguments	/Dockerfile: 69	Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments
	CVE-2021-41136	Ruby-puma-3.12.6	Vulnerable Package
	Healthcheck Instruction Missing	/Dockerfile: 4	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 55	Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.