Skip to content

[Snyk] Upgrade firebase-admin from 11.3.0 to 11.11.1 #37

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade firebase-admin from 11.3.0 to 11.11.1 #37

wants to merge 1 commit into from

Conversation

jcharra
Copy link
Owner

@jcharra jcharra commented Sep 5, 2024

snyk-top-banner

Snyk has created this PR to upgrade firebase-admin from 11.3.0 to 11.11.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 11 versions ahead of your current version.

  • The recommended version was released on 9 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Internal Property Tampering
SNYK-JS-TAFFYDB-2992450		 559 Proof of Concept
high severity Infinite loop
SNYK-JS-MARKDOWNIT-6483324		 559 Proof of Concept
medium severity Uncontrolled Resource Consumption
SNYK-JS-GRPCGRPCJS-7242922		 559 No Known Exploit
medium severity Resource Exhaustion
SNYK-JS-JOSE-6419224		 559 No Known Exploit
medium severity Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 559 No Known Exploit
medium severity Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 559 No Known Exploit
medium severity Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 559 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973		 559 Proof of Concept
Release notes
Package name: firebase-admin
  • 11.11.1 - 2023-11-23

    Miscellaneous

    • [chore] Release 11.11.1 (#2387)
    • build(deps): bump jwks-rsa from 3.0.1 to 3.1.0 (#2381)
    • chore(deps): bump google-cloud/firestore to 6.8.0 (#2385)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.36.3 to 7.38.3 (#2380)
    • build(deps-dev): bump @ types/sinon-chai from 3.2.9 to 3.2.12 (#2366)
    • build(deps-dev): bump @ babel/traverse from 7.21.4 to 7.23.2 (#2343)
    • build(deps-dev): bump eslint from 8.50.0 to 8.51.0 (#2330)
    • build(deps-dev): bump @ types/firebase-token-generator (#2322)
    • Bug Fix for issue #2320 (#2321)
  • 11.11.0 - 2023-09-28

    New Features

    • feat(auth): Add Email Privacy support in Project and Tenant config (#2198)

    Miscellaneous

    • [chore] Release 11.11.0 (#2315)
    • build(deps-dev): bump @ types/lodash from 4.14.197 to 4.14.199 (#2309)
    • build(deps-dev): bump eslint from 8.47.0 to 8.50.0 (#2311)
    • Update github.ref value in release.yml (#2313)
    • build(deps-dev): bump nock from 13.3.2 to 13.3.3 (#2288)
    • build(deps-dev): bump bcrypt from 5.1.0 to 5.1.1 (#2289)
    • build(deps-dev): bump eslint from 8.43.0 to 8.47.0 (#2279)
    • build(deps-dev): bump @ types/lodash from 4.14.195 to 4.14.197 (#2280)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2282)
    • build(deps-dev): bump nock from 13.3.1 to 13.3.2 (#2270)
    • build(deps-dev): bump @ firebase/auth-compat from 0.4.3 to 0.4.4 (#2273)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.59.9 to 5.62.0 (#2264)
    • build(deps): bump @ google-cloud/firestore from 6.6.1 to 6.7.0 (#2265)
    • build(deps-dev): bump @ types/uuid from 9.0.1 to 9.0.2 (#2267)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.13 to 0.2.15 (#2263)
    • build(deps): bump @ google-cloud/storage from 6.11.0 to 6.12.0 (#2253)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.36.1 to 7.36.3 (#2261)
    • build(deps): bump word-wrap from 1.2.3 to 1.2.4 (#2256)
    • build(deps): bump @ types/node from 20.3.2 to 20.4.2 (#2255)
    • build(deps-dev): bump @ firebase/auth-compat from 0.4.2 to 0.4.3 (#2252)
  • 11.10.1 - 2023-07-13

    Miscellaneous

    • [chore] Release 11.10.1 (#2248)
    • Revert "chore: upgrade databse-compat (#2244)" (#2247)
  • 11.10.0 - 2023-07-12

    New Features

    • feat(functions): Add features to task queue functions (#2216)
    • feat(auth): Add TotpInfo field to UserRecord (#2197)
    • feat(storage): Add getDownloadUrl method to the Storage API (#2036)

    Bug Fixes

    • fix: Update TOTP docstrings (#2245)

    Miscellaneous

    • [chore] Release 11.10.0 (#2246)
    • chore: upgrade databse-compat (#2244)
    • build(deps): bump semver from 5.7.1 to 5.7.2 (#2242)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.36.0 to 7.36.1 (#2239)
    • build(deps-dev): bump sinon from 15.0.4 to 15.2.0 (#2240)
    • Fixed docgen for getDownloadURL (#2241)
    • Fix Memory Leak in AsyncHttpCall affecting auth.listUsers (#2236)
    • build(deps): bump @ google-cloud/storage from 6.9.5 to 6.11.0 (#2231)
    • build(deps): bump @ google-cloud/firestore from 6.6.0 to 6.6.1 (#2232)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.7 to 0.2.13 (#2233)
    • Fixes to password policy validation (#2227)
    • Fix nesting in auth config tests (#2228)
    • build(deps-dev): bump eslint from 8.41.0 to 8.43.0 (#2218)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2223)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.34.4 to 7.36.0 (#2219)
    • build(deps): bump @ types/node from 18.16.3 to 20.3.2 (#2224)
    • Expose MultiDB within Firestore (#2209)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.59.2 to 5.59.9 (#2205)
    • build(deps-dev): bump @ types/lodash from 4.14.194 to 4.14.195 (#2206)
    • build(deps-dev): bump @ firebase/auth-compat from 0.4.1 to 0.4.2 (#2208)
  • 11.9.0 - 2023-05-30

    New Features

    • feat(auth): Add Password Policies support in Project and Tenant config (#2107)

    Bug Fixes

    • fix(firestore): Export Filter type from Firestore (#2192)

    Miscellaneous

    • [chore] Release 11.9.0 (#2196)
    • build(deps-dev): bump yargs from 17.7.1 to 17.7.2 (#2199)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2200)
    • build(deps-dev): bump @ types/firebase-token-generator (#2201)
    • chore: Upgrade Firestore to v6.6.0 (#2193)
    • fix Unsafe JavaScript Equality Checking (#2183)
    • build(deps-dev): bump nock from 13.3.0 to 13.3.1 (#2187)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2188)
    • build(deps-dev): bump eslint from 8.40.0 to 8.41.0 (#2189)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2182)
    • build(deps-dev): bump @ types/chai from 4.3.4 to 4.3.5 (#2178)
    • build(deps-dev): bump eslint from 8.39.0 to 8.40.0 (#2177)
    • chore: Pin firebase-tools@11.30.0 to fix the CIs (#2185)
  • 11.8.0 - 2023-05-04

    New Features

    • feat(appcheck): Added replay protection feature to App Check verifyToken() API (#2148)

    Miscellaneous

    • [chore] Release 11.8.0 (#2175)
    • build(deps-dev): bump @ firebase/auth-compat from 0.3.7 to 0.4.1 (#2173)
    • build(deps): bump @ types/node from 18.16.1 to 18.16.3 (#2172)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.59.0 to 5.59.2 (#2171)
    • build(deps): bump @ types/node from 18.15.11 to 18.16.1 (#2166)
    • build(deps-dev): bump eslint from 8.38.0 to 8.39.0 (#2160)
    • build(deps-dev): bump sinon from 15.0.3 to 15.0.4 (#2162)
  • 11.7.0 - 2023-04-18

    New Features

    • feat(auth): reCAPTCHA Public preview (#2129)
    • feat(fcm): Add sendEach and sendEachForMulticast for FCM batch send (#2138)

    Miscellaneous

    • [chore] Release 11.7.0 (#2158)
    • build(deps-dev): bump @ types/sinon from 10.0.13 to 10.0.14 (#2157)
    • build(deps-dev): bump @ types/lodash from 4.14.192 to 4.14.194 (#2156)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.58.0 to 5.59.0 (#2154)
    • chore: Upgrade dependencies (#2147)
  • 11.6.0 - 2023-04-06

    New Features

    • feat(auth): Add TOTP support in Project and Tenant config (#1989)

    Changed

    • Deprecate sendToDevice and sendToDeviceGroup and their response classes (#2090)

    Miscellaneous

    • [chore] Release 11.6.0 (#2139)
    • chore: update app check integration tests (#2140)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2134)
    • build(deps-dev): bump @ firebase/auth-compat from 0.3.5 to 0.3.7 (#2133)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.56.0 to 5.57.1 (#2135)
    • build(deps): bump @ google-cloud/storage from 6.9.4 to 6.9.5 (#2136)
    • build(deps-dev): bump sinon from 15.0.2 to 15.0.3 (#2126)
    • build(deps): bump @ firebase/database-compat from 0.3.1 to 0.3.4 (#2125)
    • build(deps): bump @ types/node from 18.15.5 to 18.15.10 (#2123)
    • build(deps-dev): bump eslint from 8.35.0 to 8.36.0 (#2124)
    • build(deps-dev): bump @ firebase/auth-compat from 0.3.1 to 0.3.5 (#2127)
    • build(deps-dev): bump sinon from 15.0.1 to 15.0.2 (#2120)
    • build(deps): bump @ google-cloud/storage from 6.9.3 to 6.9.4 (#2119)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.3 to 0.2.5 (#2118)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2121)
    • build(deps): bump @ types/node from 18.15.3 to 18.15.5 (#2117)
    • build(deps): bump @ firebase/database-types from 0.10.3 to 0.10.4 (#2101)
    • build(deps-dev): bump yargs from 17.6.0 to 17.7.1 (#2099)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.48.2 to 5.56.0 (#2115)
    • build(deps): bump @ types/node from 18.14.2 to 18.15.3 (#2114)
    • build(deps): bump @ google-cloud/firestore from 6.4.3 to 6.5.0 (#2102)
    • build(deps): bump @ types/node from 18.13.0 to 18.14.2 (#2088)
    • build(deps-dev): bump @ types/uuid from 8.3.4 to 9.0.1 (#2086)
    • build(deps-dev): bump minimist from 1.2.7 to 1.2.8 (#2081)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2087)
    • build(deps-dev): bump eslint from 8.33.0 to 8.35.0 (#2089)
    • Fixing links to externally defined RTDB APIs. (#2085)
    • build(deps): bump @ google-cloud/storage from 6.8.0 to 6.9.3 (#2082)
    • build(deps): bump @ google-cloud/firestore from 6.4.2 to 6.4.3 (#2079)
    • build(deps): bump @ google-cloud/firestore from 6.4.0 to 6.4.2 (#2074)
    • build(deps-dev): bump @ firebase/auth-types from 0.11.1 to 0.12.0 (#2072)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.1 to 0.2.3 (#2071)
    • build(deps): bump @ firebase/database-types from 0.10.0 to 0.10.3 (#2073)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.34.3 to 7.34.4 (#2070)
    • build(deps): bump @ types/node from 18.11.14 to 18.13.0 (#2067)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.33.5 to 7.34.3 (#2064)
    • build(deps): bump @ fastify/busboy from 1.1.0 to 1.2.1 (#2066)
    • build(deps-dev): bump eslint from 8.31.0 to 8.33.0 (#2060)
    • build(deps): bump @ firebase/database-compat from 0.3.0 to 0.3.1 (#2059)
    • build(deps-dev): bump nock from 13.2.9 to 13.3.0 (#2058)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.24 to 0.3.1 (#2053)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.37 to 0.2.1 (#2052)
  • 11.5.0 - 2023-01-19

    New Features

    • feat: Fix impersonated service account parsing exception (#1862)

    Bug Fixes

    • fix(firestore): Fix PreferRest caching (

@snyk-bot
fix: upgrade firebase-admin from 11.3.0 to 11.11.1
de54463 
Snyk has created this PR to upgrade firebase-admin from 11.3.0 to 11.11.1.

See this package in npm:
firebase-admin

See this project in Snyk:
https://app.snyk.io/org/jcharra/project/c377aae5-689c-433c-96a7-b9f970b5b646?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jcharra @snyk-bot