npm install reports high severity vulnerability of dicer in firebase-admin 10.2.0

[owaineevans]

Describe your environment

• Operating System version: debian stable
• Firebase SDK version: 10.2.0
• Firebase Product: firebase-admin
• Node.js version: 18
• NPM version: 8.11.0

Describe the problem

npm install reports:

2 high severity vulnerabilities

npm audit reports:

npm audit
# npm audit report

dicer  *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/dicer
  firebase-admin  >=7.1.0
  Depends on vulnerable versions of dicer
  node_modules/firebase-admin

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Steps to reproduce:

1. Create a project.
2. Run npm install firebase-admin
3. Run npm audit

Relevant Code:

{
    "name": "audit",
    "main": "lib/index.js",
    "scripts": {
        "start": "node lib/index.js",
    },
    "dependencies": {
        "firebase-admin": "^10.2.0",
    },
    "devDependencies": {
        "@types/node": "^17.0.21",
        "typescript": "^4.5.4"
    },
    "engines": {
        "node": "18.x"
    },
    "private": true
}

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[owaineevans]

Whoops - duplicate of #1718 Sorry!

[taishi55]

Hi @owaineevans,

I'm having the same issue!
Did you find a solution for this?

[PedroEmanuelMoreiraCarvalho]

I'm with the exactly same issue :/ some help?

[taishi55]

@PedroEmanuelMoreiraCarvalho

This post seems the only related comment I found so far. But I still have no idea to fix the error. Let me know if you find something!