[Snyk] Upgrade pino from 5.6.2 to 5.17.0

[EitanGayor]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade pino from 5.6.2 to 5.17.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 38 versions ahead of your current version.
• The recommended version was released 4 years ago, on 2020-02-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	375/1000 Why? CVSS 7.5	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-GRPC-598671	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-Y18N-1021887	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	375/1000 Why? CVSS 7.5	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	375/1000 Why? CVSS 7.5	Proof of Concept
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: pino

• 5.17.0 - 2020-02-28
  
  • Fix two broken links in the documentation (#769)
  • api.md - fix wrong letter case (#770)
  • Fixed stream metadata loss during prettification (#780)
  • Deprecate the changeLevelName option and alias it to levelKey (#772)
  • Bind pino instance to prettifier (#721)
• 5.16.0 - 2020-01-11
  
  • add nestedKey option #759
• 5.15.0 - 2019-12-13
  

  📚 PR:

  • test(mixin): improve object test to ensure proper object assign order (#745)
  • CI : Move from sleep to watch exists (#748)
  • feat(bindings): allow setting of bindings (#754)
• 5.14.0 - 2019-11-21
  

  📚 PR:

  • catch potential write errors on fatal flush sync (#740)
  • feat(mixin): add mixin config option (#741)
• 5.13.6 - 2019-11-08
  

  📚 PR:

  • Bumped dependencies
  • fix(redaction): fix corner cases with paths (#732)
  • Add MySQL/MariaDB transport (#708)
• 5.13.5 - 2019-10-14
  
  • always sync flush on fatal log – #730
  • fastify integration clarification - #729
• 5.13.4 - 2019-09-27
  
  • bump fast redact #714
• 5.13.3 - 2019-09-13
  

  📚 PR:

  • docs(transports): add CloudWatch (#696)
  • docs(api): remove Lambda note in pino-destination (#697)
  • fix(serializers): properly transfer Symbol based serializers (#707)
  • docs(api): fix binding example (#700)
• 5.13.2 - 2019-08-07
  
  • docs update #690
• 5.13.1 - 2019-07-23
  
  • #684
  • flatstr 0.7.5
• 5.13.0 - 2019-07-17
• 5.12.6 - 2019-05-25
• 5.12.5 - 2019-05-16
• 5.12.4 - 2019-05-14
• 5.12.3 - 2019-04-24
• 5.12.2 - 2019-04-05
• 5.12.1 - 2019-04-04
• 5.12.0 - 2019-03-27
• 5.11.3 - 2019-03-22
• 5.11.2 - 2019-03-20
• 5.11.1 - 2019-01-25
• 5.11.0 - 2019-01-24
• 5.10.10 - 2019-01-23
• 5.10.9 - 2019-01-23
• 5.10.8 - 2019-01-18
• 5.10.7 - 2019-01-16
• 5.10.6 - 2019-01-02
• 5.10.5 - 2018-12-23
• 5.10.4 - 2018-12-21
• 5.10.3 - 2018-12-21
• 5.10.2 - 2018-12-19
• 5.10.1 - 2018-12-12
• 5.9.0 - 2018-11-22
• 5.8.1 - 2018-11-06
• 5.8.0 - 2018-10-16
• 5.7.0 - 2018-10-05
• 5.6.4 - 2018-10-05
• 5.6.3 - 2018-10-03
• 5.6.2 - 2018-09-24

from pino GitHub release notes

Commit messages

Package name: pino

• c4fbfdb Bumped v5.17.0
• 092eb8b Bind pino instance to prettifier ([Snyk] Upgrade marked from 0.3.5 to 0.8.2 #721)
• 72eb875 Deprecate the `changeLevelName` option and alias it to `levelKey` ([Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #772)
• 8ab8595 Fixed stream metadata loss during prettification ([Snyk] Fix for 1 vulnerabilities #780)
• d237668 api.md - fix wrong letter case ([Snyk] Upgrade @grpc/proto-loader from 0.1.0 to 0.7.5 #770)
• 6c2de4a Fix two broken links in the documentation ([Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #769)
• 6068257 5.16.0
• 6fae12a Merge pull request [Snyk] Fix for 1 vulnerabilities #759 from northscaler/object-key
• 542e165 add pino-http-send to transport list ([Snyk] Fix for 1 vulnerabilities #760)
• e39774e fix(redaction): remove undefined entries for removed number and boolean values ([Snyk] Upgrade @grpc/proto-loader from 0.1.0 to 0.7.5 #756)
• 6d80dbf fix typos
• 5d35a08 objectKey -> nestedKey, no "you" in docs
• 7538351 provide ISO8601 time format ([Snyk] Upgrade snyk from 1.101.1 to 1.1103.0 #757)
• 6076625 revert minor version bump
• be9464a support objectKey config
• d54a017 docs: fix logo display in sidebar ([Snyk] Upgrade snyk-nodejs-lockfile-parser from 1.17.0 to 1.47.1 #755)
• 8e11dc9 Bumped v5.15.0
• 1586df3 feat(bindings): allow setting of bindings ([Snyk] Upgrade snyk-gradle-plugin from 3.2.4 to 3.26.0 #754)
• 6fe7476 CI : Move from sleep to watch exists ([Snyk] Upgrade snyk from 1.101.1 to 1.1097.0 #748)
• 29ceca4 test(mixin): improve object test to ensure proper object assign order ([Snyk] Upgrade @grpc/proto-loader from 0.1.0 to 0.7.4 #745)
• 84e2dc2 5.14.0
• f66326a feat(mixin): add mixin config option ([Snyk] Upgrade grpc from 1.22.2 to 1.24.11 #741)
• b03028a ci(travis): add Node.js 12+13 to Travis CI test matrix ([Snyk] Upgrade snyk-mvn-plugin from 2.7.0 to 2.32.2 #742)
• 29a2419 CI : Github action improvement ([Snyk] Upgrade grpc from 1.22.2 to 1.24.11 #744)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs