[Snyk] Upgrade winston from 3.17.0 to 3.18.3

[rorysheldon-snyk]

Snyk has created this PR to upgrade winston from 3.17.0 to 3.18.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.

• The recommended version was released 2 months ago.

---

This is a minor version upgrade for winston. The changes between versions 3.17.0 and 3.18.3 consist of dependency updates, documentation improvements, and minor bug fixes. [2] No breaking changes have been documented in the official release notes.

Source: winston GitHub Releases

Notice 🤖: This content was generated using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

---

Release notes

Package name: winston

• 3.18.3 - 2025-09-30
  
  • Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

  ---

  v3.18.2...v3.18.3

• 3.18.2 - 2025-09-30
  
  • Bump diagnostics package to resolve #2583 (again) f4582c3

  ---

  v3.18.1...v3.18.2

• 3.18.1 - 2025-09-30
  
  • Bump diagnostics package to resolve #2583 e668c2c

  ---

  v3.18.0...v3.18.1

• 3.18.0 - 2025-09-30
  
  • Update diagnostics package to latest version to remove vulnerability 376e331
  • add @ initd.sg/winston-cloudwatch (#2532) 71ee92a
  • Update transports.md (#2549) 3547a95
  • docs: update transport.md (#2550) dc88db0
  • feat: adds helper function for highest log level (#2514) c69cdb0

  ---

  v3.17.0...v3.18.0

• 3.17.0 - 2024-11-10
  
  • Try winston-transport 4.9.0 3e87128
  • Revert "Try bumping winston-transport to 4.8.0" 69625fc
  • Revert "Try bumping winston-transport to 4.8.0" 876ef7a
  • Try bumping winston-transport to 4.8.0 7ef2c1d
  • Try bumping winston-transport to 4.8.0 fe4b64e
  • Bump logform c9fd9a4
  • Revert "Update logform and winston-transport" 14fef0f
  • Merge branch 'master' of github.com:winstonjs/winston 545b683
  • Update logform and winston-transport cceb265
  • Bump mocha from 10.7.3 to 10.8.2 (#2523) bb529b6
  • Bump async from 3.2.5 to 3.2.6 (#2516) ae847ab

  v3.16.0...v3.17.0

from winston GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Note

Upgrade winston to 3.18.3 and refresh lockfile with related transitive dependency updates.

• Dependencies:
  • Bump winston from ^3.17.0 to ^3.18.3 in package.json.
• Lockfile updates (transitives):
  • Update winston and its deps, including @dabh/diagnostics to 2.0.8 (switch to @so-ric/colorspace).
  • Upgrade color libs (color 5.x, color-string 2.x) with Node >=18 engine notes; remove legacy simple-swizzle path.
  • General package-lock.json refresh reflecting these changes.

^{Written by Cursor Bugbot for commit 4e56b51. This will update automatically on new commits. Configure here.}

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.