-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
firebase-admin snyk issues #1718
Comments
I found a few problems with this issue:
|
This is duplicate of #1512 |
Thank you @harshagarwal00 for reporting this issue. firebase-admin-node/src/utils/api-request.ts Line 592 in 94dd7c3
IIUC the threat introduced by the vulnerability in dicer is pretty low here as we can trust the responses from the BE servers. However, if you are using the dicer package to parse responses in your own code then you might be at a higher risk. Having said that, we are looking into the fixes mentioned in #1512 and the potential to use the fixed version of dicer in Admin SDK. I will use this issue to update the progress.
|
Thanks @lahirumaramba -- I recognize this is a low vulnerability point, but given that Github/Dependabot are alerting, it'd be great to address this issue permanently. |
Another reason to fix this quickly is that some people block our releases on "npm audit" results to make sure we don't have high vulnerabilities in our release build. Currently, our releases are blocked or must be worked around until firebase-admin stops being reported as being with a high vulnerability in the audit. |
Rightly said @Corrob . We are also facing the same issue. We are blocked for deployment on production environment because of |
@lahirumaramba : brilliant but its not tagged as a release... by when will we get that :) |
This should be fixed in v10.3.0. Thanks everyone for you patience while we were working on the fix. |
The alert is still showng, both in Github and nodejs. Do you have any news about the solution? |
Because multer vulnerability issue was being classified as severity:high in my nodejs application, i resolved by upgrading to another version "multer": "^1.4.5-lts.1" as an alternative and all seemed to work well. |
Snyk is throwing a warning how to fix it ?
Link: https://snyk.io/test/npm/firebase-admin/10.2.0
node: v16.14.2
npm: 8.5.0
The text was updated successfully, but these errors were encountered: