Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: firebase-admin, firebase-functions #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: firebase-admin, firebase-functions #2

wants to merge 1 commit into from

Conversation

yash509
Copy link
Owner

@yash509 yash509 commented Sep 16, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

firebase-admin
from 10.0.2 to 10.3.0 | 3 versions ahead of your current version | 2 years ago
on 2022-06-09
firebase-functions
from 3.18.1 to 3.24.1 | 10 versions ahead of your current version | 2 years ago
on 2022-09-30

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-DICER-2311764		 761 Mature
high severity Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339		 761 No Known Exploit
medium severity Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337		 761 No Known Exploit
medium severity Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341		 761 No Known Exploit
Release notes
Package name: firebase-admin
  • 10.3.0 - 2022-06-09

    Bug Fixes

    • fix: Add type declarations to exports fields (#1758)
    • fix: Switch to @ fastify/busboy (#1757)

    Miscellaneous

    • [chore] Release 10.3.0 (#1759)
    • build(deps): bump jwks-rsa from 2.1.0 to 2.1.4 (#1747)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.24.2 to 7.25.0 (#1750)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.25 to 0.1.26 (#1746)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.25.0 to 5.27.1 (#1751)
    • build(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (#1749)
    • build(deps): bump @ types/node from 17.0.38 to 17.0.41 (#1748)
    • build(deps-dev): bump eslint from 8.16.0 to 8.17.0 (#1745)
    • build(deps-dev): bump nock from 13.2.4 to 13.2.6 (#1744)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1743)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.14 to 0.2.15 (#1735)
    • build(deps-dev): bump ts-node from 10.7.0 to 10.8.0 (#1737)
    • build(deps): bump @ types/node from 17.0.35 to 17.0.38 (#1736)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.24.1 to 7.24.2 (#1734)
    • build(deps-dev): bump @ types/lodash from 4.14.178 to 4.14.182 (#1731)
    • build(deps-dev): bump del from 6.1.0 to 6.1.1 (#1725)
    • build(deps): bump @ types/node from 17.0.34 to 17.0.35 (#1720)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.24.0 to 7.24.1 (#1721)
    • build(deps-dev): bump eslint from 8.15.0 to 8.16.0 (#1722)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1719)
    • chore: Run nightly builds on Node 14 (#1717)
    • build(deps): bump @ types/node from 17.0.33 to 17.0.34 (#1716)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1715)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.23.2 to 7.24.0 (#1714)
    • build(deps-dev): bump yargs from 17.3.1 to 17.5.1 (#1711)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.23.0 to 5.25.0 (#1713)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.19 to 0.1.25 (#1709)
    • build(deps-dev): bump del from 6.0.0 to 6.1.0 (#1708)
    • build(deps): bump @ firebase/database-compat from 0.1.8 to 0.2.0 (#1706)
    • build(deps-dev): bump eslint from 8.14.0 to 8.15.0 (#1702)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.8 to 0.2.14 (#1701)
    • build(deps): bump @ types/node from 17.0.10 to 17.0.33 (#1700)
    • build(deps): bump @ firebase/database-types from 0.9.7 to 0.9.8 (#1699)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1705)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.19.4 to 7.23.2 (#1698)
    • build(deps-dev): bump @ types/chai-as-promised from 7.1.4 to 7.1.5 (#1697)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1696)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.12.0 to 5.23.0 (#1695)
    • build(deps-dev): bump sinon from 13.0.2 to 14.0.0 (#1692)
    • build(deps-dev): bump nock from 13.2.2 to 13.2.4 (#1691)
    • build(deps-dev): bump ts-node from 10.5.0 to 10.7.0 (#1690)
    • build(deps-dev): bump chai from 4.3.4 to 4.3.6 (#1689)
  • 10.2.0 - 2022-05-05

    New Features

    • feat: Add Task Queue API (#1674)
    • feat(auth): Support generate oob code request type VERIFY_AND_CHANGE_EMAIL (#1633)

    Miscellaneous

    • [chore] Release 10.2.0 (#1688)
    • Fix markdown lists in reference docs (#1687)
    • Added support for calling Eventarc emulator (#1686)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1682)
    • Implemented eventarc event publishing API (#1617) (#1644)
    • build(deps-dev): bump mocha from 9.2.2 to 10.0.0 (#1681)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.22 to 0.1.23 (#1680)
    • build(deps): bump @ google-cloud/storage from 5.19.3 to 5.19.4 (#1679)
    • build(deps): bump @ types/node from 17.0.27 to 17.0.31 (#1678)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.21.0 to 5.22.0 (#1677)
    • chore: Update App Check to V1 endpoints (#1632)
    • Revert "feat(auth): Support sms region config change on Tenant and Project level." (#1676)
    • build(deps): bump jwks-rsa from 2.0.5 to 2.1.0 (#1671)
    • build(deps-dev): bump @ types/chai from 4.3.0 to 4.3.1 (#1670)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1669)
    • build(deps-dev): bump @ types/lodash from 4.14.181 to 4.14.182 (#1672)
    • build(deps-dev): bump @ types/mocha from 9.1.0 to 9.1.1 (#1668)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.19.0 to 5.21.0 (#1667)
    • build(deps): bump @ google-cloud/storage from 5.19.2 to 5.19.3 (#1665)
    • build(deps-dev): bump eslint from 8.13.0 to 8.14.0 (#1664)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.21.3 to 7.23.0 (#1663)
    • build(deps): bump @ types/node from 17.0.25 to 17.0.27 (#1662)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.11 to 0.2.12 (#1661)
    • chore: Update database-compat and database-types (#1660)
  • 10.1.0 - 2022-04-21

    Miscellaneous

    • [chore] Release 10.1.0 (#1654)
    • Adding in alpha interface for blocking token verification (#1635)
    • build(deps): bump @ types/node from 17.0.23 to 17.0.25 (#1650)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1649)
    • build(deps-dev): bump sinon from 13.0.1 to 13.0.2 (#1648)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.21 to 0.1.22 (#1647)
    • build(deps): bump @ google-cloud/storage from 5.19.1 to 5.19.2 (#1646)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.20.0 to 7.21.3 (#1643)
    • build(deps-dev): bump yargs from 17.4.0 to 17.4.1 (#1642)
    • build(deps-dev): bump eslint from 8.12.0 to 8.13.0 (#1641)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1639)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.18.0 to 5.19.0 (#1638)
    • chore: Updating node-forge to 1.3.1 (#1636)
    • build(deps): bump @ google-cloud/storage from 5.18.3 to 5.19.1 (#1637)
    • build(deps-dev): bump sinon from 12.0.1 to 13.0.1 (#1630)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.17.0 to 5.18.0 (#1629)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1631)
    • chore: bump eslint from 7.32.0 to 8.12.0 (#1626)
    • chore: Update storage and firestore dependencies (#1625)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.10 to 0.2.11 (#1619)
    • build(deps-dev): bump chai from 4.3.4 to 4.3.6 (#1590)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.8 to 0.2.10 (#1610)
    • build(deps): bump node-forge from 1.2.1 to 1.3.0 (#1611)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.17 to 0.1.19 (#1594)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.16 to 0.1.17 (#1581)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.10.1 to 5.12.0 (#1578)
    • build(deps): bump node-fetch from 2.6.6 to 2.6.7 (#1576)
    • build(deps): bump ajv in /.github/actions/send-tweet (#1575)
    • build(deps-dev): bump @ types/mocha from 9.0.0 to 9.1.0 (#1571)
    • build(deps-dev): bump ts-node from 10.4.0 to 10.5.0 (#1570)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.7 to 0.2.8 (#1573)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1569)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.14 to 0.1.16 (#1565)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1564)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.5 to 0.2.7 (#1563)
    • build(deps-dev): bump sinon from 9.2.4 to 12.0.1 (#1542)
    • build(deps-dev): bump mocha from 9.1.3 to 9.2.0 (#1561)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.10.0 to 5.10.1 (#1560)
  • 10.0.2 - 2022-01-21

    Miscellaneous

    • [chore] Release 10.0.2 (#1558)
    • Revert TS4 and Firestore 5.x updates (#1557)
    • Revert "[chore] Release 10.1.0 (#1553)" (#1555)
    • [chore] Release 10.1.0 (#1553)
    • (fix): Add new Firestore types to the firestore module (#1554)
    • build(deps): bump @ google-cloud/storage from 5.17.0 to 5.18.0 (#1551)
    • build(deps-dev): bump @ firebase/auth-types from 0.10.3 to 0.11.0 (#1550)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.13 to 0.1.14 (#1549)
    • build(deps): bump @ types/node from 17.0.8 to 17.0.10 (#1548)
    • build(deps): bump @ google-cloud/firestore from 5.0.1 to 5.0.2 (#1545)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.9.1 to 5.10.0 (#1544)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1543)
    • version update @ google-cloud/firestore to 5.x (#1525)
    • chore: Update Typescript to 4.x (#1541)
    • chore: Update ESLint and @ typescript-eslint dependencies (#1540)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.19.3 to 7.19.4 (#1539)
    • build(deps-dev): bump nock from 13.1.3 to 13.2.1 (#1538)
    • build(deps-dev): bump mocha from 9.1.2 to 9.1.3 (#1537)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.3 to 0.1.13 (#1535)
    • build(deps-dev): bump @ firebase/auth-compat from 0.1.4 to 0.2.5 (#1534)
    • build(deps): bump @ google-cloud/storage from 5.14.4 to 5.16.1 (#1528)
    • build(deps): bump node-forge from 0.10.0 to 1.0.0 (#1533)
    • build(deps): bump @ firebase/database-types from 0.7.3 to 0.9.3 (#1500)
    • build(deps): bump @ firebase/database-compat from 0.1.1 to 0.1.4 (#1499)
    • Remove delayed response message for holidays (#1527)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.18.11 to 7.19.3 (#1526)
    • Fix the delayed response message
    • Add delayed response message for holidays (#1521)
from fireba...

@snyk-bot
fix: upgrade multiple dependencies with Snyk
a9cdd37 
Snyk has created this PR to upgrade:
  - firebase-admin from 10.0.2 to 10.3.0.
    See this package in npm: https://www.npmjs.com/package/firebase-admin
  - firebase-functions from 3.18.1 to 3.24.1.
    See this package in npm: https://www.npmjs.com/package/firebase-functions

See this project in Snyk:
https://app.snyk.io/org/yash509-FLozTNRih4edwndPjnPymy/project/4b299d33-ba06-4fd7-987e-9b417f8090d7?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yash509 @snyk-bot