[Snyk] Upgrade winston from 3.17.0 to 3.18.3

[pavel-snyk]

Snyk has created this PR to upgrade winston from 3.17.0 to 3.18.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.

• The recommended version was released a month ago.

---

This is a minor version upgrade with minimal impact. The main change is the removal of the LogCallback type from TypeScript definitions in version 3.18.0, as the underlying functionality was not present. [3] If you use TypeScript, you may need to remove references to this type. Other changes consist of dependency updates.
Source: Release notes

Notice 🤖: This content was generated using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

---

Release notes

Package name: winston

• 3.18.3 - 2025-09-30
  
  • Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

  ---

  v3.18.2...v3.18.3

• 3.18.2 - 2025-09-30
  
  • Bump diagnostics package to resolve #2583 (again) f4582c3

  ---

  v3.18.1...v3.18.2

• 3.18.1 - 2025-09-30
  
  • Bump diagnostics package to resolve #2583 e668c2c

  ---

  v3.18.0...v3.18.1

• 3.18.0 - 2025-09-30
  
  • Update diagnostics package to latest version to remove vulnerability 376e331
  • add @ initd.sg/winston-cloudwatch (#2532) 71ee92a
  • Update transports.md (#2549) 3547a95
  • docs: update transport.md (#2550) dc88db0
  • feat: adds helper function for highest log level (#2514) c69cdb0

  ---

  v3.17.0...v3.18.0

• 3.17.0 - 2024-11-10
  
  • Try winston-transport 4.9.0 3e87128
  • Revert "Try bumping winston-transport to 4.8.0" 69625fc
  • Revert "Try bumping winston-transport to 4.8.0" 876ef7a
  • Try bumping winston-transport to 4.8.0 7ef2c1d
  • Try bumping winston-transport to 4.8.0 fe4b64e
  • Bump logform c9fd9a4
  • Revert "Update logform and winston-transport" 14fef0f
  • Merge branch 'master' of github.com:winstonjs/winston 545b683
  • Update logform and winston-transport cceb265
  • Bump mocha from 10.7.3 to 10.8.2 (#2523) bb529b6
  • Bump async from 3.2.5 to 3.2.6 (#2516) ae847ab

  v3.16.0...v3.17.0

from winston GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Note

Upgrade winston to 3.18.3 and refresh transitive dependencies in the lockfile.

• Dependencies:
  • Bump winston to ^3.18.3 in package.json.
  • Lockfile refresh updates transitive packages:
    • @dabh/diagnostics → ^2.0.8; adds @so-ric/colorspace (replacing colorspace).
    • color → 5.x with color-convert 3.x and color-string 2.x; removes simple-swizzle; updates color-name to 2.x.

^{Written by Cursor Bugbot for commit 422148c. This will update automatically on new commits. Configure here.}

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Licenses	0	0	0	0	0 issues
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.