[Snyk] Upgrade @google-cloud/logging-winston from 4.1.0 to 4.2.4

[luan-dev]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @google-cloud/logging-winston from 4.1.0 to 4.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2022-05-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @google-cloud/logging-winston

• 4.2.4 - 2022-05-24
  

  4.2.4 (2022-05-23)

  Bug Fixes

  • LoggingWinston log test 'should work correctly with winston formats' failed (#710) (9549b41)
• 4.2.3 - 2022-04-21
  

  4.2.3 (2022-04-21)

  Bug Fixes

  • Reenable staleness bot (#691) (2470dbc)
• 4.2.2 - 2022-03-23
  

  4.2.2 (2022-03-23)

  Bug Fixes

  • Error: write after end when handling SIGINT (#684) (acc1933)
• 4.2.1 - 2022-03-21
  

  4.2.1 (2022-03-21)

  Bug Fixes

  • Add missing closure for code snippet in README (#682) (71158c8)
• 4.2.0 - 2022-03-18
  

  4.2.0 (2022-03-18)

  Features

  • Add support to print structured logging to STDOUT (#676) (76135ca)
• 4.1.3 - 2022-03-09
  

  4.1.3 (2022-03-09)

  Bug Fixes

  • Use defaultCallback in LoggingCommon class (#672) (4bc7baa)
• 4.1.2 - 2022-02-16
  

  4.1.2 (2022-02-16)

  Bug Fixes

  • Update dependency @ google-cloud/logging from 9.0.0 to 9.6.9 (#667) (6fcda1e)
• 4.1.1 - 2021-09-08
  

  Bug Fixes

  • build: update branch to main (#624) (00771be)
• 4.1.0 - 2021-06-14
  

  Features

  • propagate spanIds (#599) (6a34151)

from @google-cloud/logging-winston GitHub release notes

Commit messages

Package name: @google-cloud/logging-winston

• 433cc45 chore(main): release 4.2.4 (#711)
• 9549b41 fix: LoggingWinston log test 'should work correctly with winston formats' failed (#710)
• ca4c9eb build: update auto approve to v2, remove release autoapproving (#1432) (#705)
• 17d4786 chore(deps): update dependency @ types/mocha to v9 (#702)
• f277995 build: sdd srs yaml file (#1419) (#694)
• 4a3733b build: make ci testing conditional on engines field in package.json, move configs to Node 12 (#1418) (#693)
• 0828d51 chore(main): release 4.2.3 (#699)
• 3dec8ac build(node): update client library version in samples metadata (#1356) (#700)
• 2470dbc fix: Reenable staleness bot (#691)
• a76167f chore(deps): update actions/checkout action to v3 (#1392) (#689)
• 9548088 chore(deps): update actions/setup-node action to v3 (#1393) (#688)
• 5ca50bb chore(main): release 4.2.2 (#685)
• acc1933 fix: Error: write after end when handling SIGINT (#684)
• 2301beb chore(main): release 4.2.1 (#683)
• 71158c8 fix: Add missing closure for code snippet in README (#682)
• b192301 chore(main): release 4.2.0 (#677)
• 76135ca feat: Add support to print structured logging to STDOUT (#676)
• 077960d chore(main): release 4.1.3 (#673)
• 4bc7baa fix: Use defaultCallback in LoggingCommon class (#672)
• 52676bf chore(deps): update actions/checkout action to v3 (#670)
• d1cad8d chore(deps): update actions/setup-node action to v3 (#669)
• 0e9c573 chore(main): release 4.1.2 (#668)
• 6fcda1e fix: Update dependency @ google-cloud/logging from 9.0.0 to 9.6.9 (#667)
• 2519fcd docs(nodejs): version support policy edits (#1346) (#665)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs