Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerable dependencies #226

Closed
wants to merge 1 commit into from
Closed

Update vulnerable dependencies #226

wants to merge 1 commit into from

Conversation

mriedem
Copy link

@mriedem mriedem commented Apr 22, 2022

Related db-migrate/node-db-migrate#779
Related 4736c82
Closes #195

@mriedem
Copy link
Author

mriedem commented Apr 22, 2022

This will need work for the winston upgrade:

$ npm run test

> prompt@1.3.0 test
> vows test/prompt-test.js --spec

/home/osboxes/ibmq/prompt/lib/prompt.js:39
var logger = prompt.logger = new winston.Logger({
                             ^

TypeError: winston.Logger is not a constructor
    at Object.<anonymous> (/home/osboxes/ibmq/prompt/lib/prompt.js:39:30)
    at Module._compile (node:internal/modules/cjs/loader:1103:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/home/osboxes/ibmq/prompt/test/prompt-test.js:10:14)
    at Module._compile (node:internal/modules/cjs/loader:1103:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1157:10)

@mriedem mriedem mentioned this pull request Apr 22, 2022
Closed
@caub
Copy link
Contributor

caub commented Apr 23, 2022
edited

you probably need to remove the new https://github.com/winstonjs/winston/blob/master/CHANGELOG.md#if-a-tree-falls-in-the-forrest-does-it-make-a-log-edition

@bacali95
Copy link

Hello there, upgrading to winston@3 can be a bit challenging as it brings a ton of breaking changes.
@mriedem I did the migration as a task at work so I can help here if you don't mind?

@mriedem
Copy link
Author

mriedem commented Apr 27, 2022

Hello there, upgrading to winston@3 can be a bit challenging as it brings a ton of breaking changes. @mriedem I did the migration as a task at work so I can help here if you don't mind?

Hi, yes feel free to jump in here. Thanks!

@bacali95
Copy link

I have made this MR winstonjs/winston#2112 a while ago and I was waiting for it to get merged and released, it is about backport the async vulnerability fox to the winston 2.x so intead of upgrading it to 3.x in this MR and suffer we can set the version to ^2.4.6 which has the fix

@mriedem
Copy link
Author

mriedem commented May 5, 2022

I have made this MR winstonjs/winston#2112 a while ago and I was waiting for it to get merged and released, it is about backport the async vulnerability fox to the winston 2.x so intead of upgrading it to 3.x in this MR and suffer we can set the version to ^2.4.6 which has the fix

Thank you! I'll close this PR. Can #195 also be closed?

@mriedem mriedem closed this May 5, 2022
@mriedem mriedem deleted the npm-audit-fix-force branch May 5, 2022 15:40
@mriedem mriedem mentioned this pull request May 5, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Please upgrade to winston 3.x to avoid licensing issue
3 participants
@mriedem @caub @bacali95