chore(deps): Update winston-cloudwatch #2726
Conversation
|
Sigh, there is a type upgrade to do... Doing it now |
…ypescript compiler happy
|
Looks like the type upgrade might be wrong in the typescript definition... 😢 I've opened an issue upstream here But for now, to unblock this PR, I have added a dummy |
There was a problem hiding this comment.
just to be sure, we should probably test this on staging by making sure that public-facing email notifications (i.e. for email confirmations and verified email fields) go to the custom Cloudwatch log group rather than the main log group. we do this so that we can make email data for public users expire after 1 week instead of the standard 1 year for logs, so we don't keep public user data around for unnecessarily long (the 1 week is useful e.g. when there are outages with SGmail causing submissions to be lost because they don't reach admins' email inboxes, upon which we can check that custom log group to find email addresses of respondents).
|
Thanks for the advice, I'll push this to staging and try it out. I hesitated to provide an empty string in |
|
Verified that logs still end up in cloudwatch log below: Tested with a dummy staging form. I'll be merging now |
Context
Snyk reports a vulnerability in dependencies of [email protected]. See report here.
Approach
Upgrade winston-cloudwatch to 3.0.2
Instantiation signature stays the same so upgrade should be backward compatible.
winston-cloudwatch@3 no longer lists aws-sdk as a direct dependency (set as a peer dependency instead), but since Form does list
aws-sdkas a dependency, we're good to go.cc @mantariksh @karrui