Skip to content

build(deps): Bump winston from 3.11.0 to 3.19.0 in /packages/agent-os/extensions/mcp-server#876

Merged
imran-siddique merged 1 commit intomainfrom
dependabot/npm_and_yarn/packages/agent-os/extensions/mcp-server/winston-3.19.0
Apr 8, 2026
Merged

build(deps): Bump winston from 3.11.0 to 3.19.0 in /packages/agent-os/extensions/mcp-server#876
imran-siddique merged 1 commit intomainfrom
dependabot/npm_and_yarn/packages/agent-os/extensions/mcp-server/winston-3.19.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2026

Bumps winston from 3.11.0 to 3.19.0.

Release notes

Sourced from winston's releases.

v3.19.0

  • Run npm audit fix e7ccdc4
  • Don't include jest.config.js in npm package 5a63c8c
  • fix: append error cause when using logger.child() (#2467) e74a7ae
  • Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
  • fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
  • Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
  • Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
  • Bump actions/checkout from 4 to 6 (#2593) dd7906e
  • chore: migrate test runner from mocha to jest (#2567) 2e9eb18

winstonjs/winston@v3.18.3...v3.19.0

v3.18.3

  • Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

winstonjs/winston@v3.18.2...v3.18.3

v3.18.2

  • Bump diagnostics package to resolve #2583 (again) f4582c3

winstonjs/winston@v3.18.1...v3.18.2

v3.18.1

  • Bump diagnostics package to resolve #2583 e668c2c

winstonjs/winston@v3.18.0...v3.18.1

v3.18.0

  • Update diagnostics package to latest version to remove vulnerability 376e331
  • add @​initd.sg/winston-cloudwatch (#2532) 71ee92a
  • Update transports.md (#2549) 3547a95
  • docs: update transport.md (#2550) dc88db0
  • feat: adds helper function for highest log level (#2514) c69cdb0

winstonjs/winston@v3.17.0...v3.18.0

v3.17.0

  • Try winston-transport 4.9.0 3e87128
  • Revert "Try bumping winston-transport to 4.8.0" 69625fc

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump winston in /packages/agent-os/extensions/mcp-server
3f17264 
Bumps [winston](https://github.com/winstonjs/winston) from 3.11.0 to 3.19.0.
- [Release notes](https://github.com/winstonjs/winston/releases)
- [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md)
- [Commits](winstonjs/winston@v3.11.0...v3.19.0)

---
updated-dependencies:
- dependency-name: winston
  dependency-version: 3.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 7, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 7, 2026

Welcome to the Agent Governance Toolkit! Thanks for your first pull request.
Please ensure tests pass, code follows style (ruff check), and you have signed the CLA.
See our Contributing Guide.

@github-actions github-actions bot removed the dependencies Pull requests that update a dependency file label Apr 7, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 7, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3f17264.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/winston 3.19.0 🟢 4.2
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Security-Policy🟢 3security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 7/26 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • packages/agent-os/extensions/mcp-server/package.json

@github-actions github-actions bot added the size/XS Extra small PR (< 10 lines) label Apr 7, 2026
@imran-siddique imran-siddique merged commit e73368c into main Apr 8, 2026
73 of 84 checks passed
@imran-siddique imran-siddique deleted the dependabot/npm_and_yarn/packages/agent-os/extensions/mcp-server/winston-3.19.0 branch April 8, 2026 04:01
harinarayansrivatsan pushed a commit to harinarayansrivatsan/agent-governance-toolkit that referenced this pull request Apr 9, 2026
@dependabot @harinarayansrivatsan
build(deps): Bump winston in /packages/agent-os/extensions/mcp-server (
4f6eab7 
…microsoft#876)

Bumps [winston](https://github.com/winstonjs/winston) from 3.11.0 to 3.19.0.
- [Release notes](https://github.com/winstonjs/winston/releases)
- [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md)
- [Commits](winstonjs/winston@v3.11.0...v3.19.0)

---
updated-dependencies:
- dependency-name: winston
  dependency-version: 3.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS Extra small PR (< 10 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@imran-siddique