Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade firebase-admin from 10.0.0 to 11.0.0 #88

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade firebase-admin from 10.0.0 to 11.0.0 #88

wants to merge 1 commit into from

Conversation

aravindvnair99
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade firebase-admin from 10.0.0 to 11.0.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 6 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2022-06-16.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-PROTOBUFJS-2441248		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 Proof of Concept
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-DICER-2311764		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 Mature
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 No Known Exploit
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 No Known Exploit
Prototype Pollution
SNYK-JS-NODEFORGE-2331908		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 No Known Exploit
Open Redirect
SNYK-JS-NODEFORGE-2330875		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 Proof of Concept
Information Exposure
SNYK-JS-NODEFETCH-2342118		 517/1000
Why? Proof of Concept exploit, CVSS 8.2		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: firebase-admin
  • 11.0.0 - 2022-06-16

    Breaking Changes

    • change: Upgrade Firestore and Storage Dependencies (#1760)

    Miscellaneous

    • [chore] Release 11.0.0 (#1770)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1768)
    • build(deps): bump @ types/node from 17.0.41 to 17.0.42 (#1769)
    • build(deps): bump @ firebase/database-compat from 0.2.0 to 0.2.1 (#1765)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.27.1 to 5.28.0 (#1764)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.15 to 0.2.16 (#1766)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.26 to 0.1.27 (#1767)
    • build(deps): bump @ firebase/database-types from 0.9.8 to 0.9.9 (#1763)
  • 10.3.0 - 2022-06-09

    Bug Fixes

    • fix: Add type declarations to exports fields (#1758)
    • fix: Switch to @ fastify/busboy (#1757)

    Miscellaneous

    • [chore] Release 10.3.0 (#1759)
    • build(deps): bump jwks-rsa from 2.1.0 to 2.1.4 (#1747)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.24.2 to 7.25.0 (#1750)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.25 to 0.1.26 (#1746)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.25.0 to 5.27.1 (#1751)
    • build(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (#1749)
    • build(deps): bump @ types/node from 17.0.38 to 17.0.41 (#1748)
    • build(deps-dev): bump eslint from 8.16.0 to 8.17.0 (#1745)
    • build(deps-dev): bump nock from 13.2.4 to 13.2.6 (#1744)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1743)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.14 to 0.2.15 (#1735)
    • build(deps-dev): bump ts-node from 10.7.0 to 10.8.0 (#1737)
    • build(deps): bump @ types/node from 17.0.35 to 17.0.38 (#1736)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.24.1 to 7.24.2 (#1734)
    • build(deps-dev): bump @ types/lodash from 4.14.178 to 4.14.182 (#1731)
    • build(deps-dev): bump del from 6.1.0 to 6.1.1 (#1725)
    • build(deps): bump @ types/node from 17.0.34 to 17.0.35 (#1720)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.24.0 to 7.24.1 (#1721)
    • build(deps-dev): bump eslint from 8.15.0 to 8.16.0 (#1722)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1719)
    • chore: Run nightly builds on Node 14 (#1717)
    • build(deps): bump @ types/node from 17.0.33 to 17.0.34 (#1716)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1715)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.23.2 to 7.24.0 (#1714)
    • build(deps-dev): bump yargs from 17.3.1 to 17.5.1 (#1711)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.23.0 to 5.25.0 (#1713)
    • build(deps-dev): bump @ firebase/app-compat from 0.1.19 to 0.1.25 (#1709)
    • build(deps-dev): bump del from 6.0.0 to 6.1.0 (#1708)
    • build(deps): bump @ firebase/database-compat from 0.1.8 to 0.2.0 (#1706)
    • build(deps-dev): bump eslint from 8.14.0 to 8.15.0 (#1702)
    • build(deps-dev): bump @ firebase/auth-compat from 0.2.8 to 0.2.14 (#1701)
    • build(deps): bump @ types/node from 17.0.10 to 17.0.33 (#1700)
    • build(deps): bump @ firebase/database-types from 0.9.7 to 0.9.8 (#1699)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1705)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.19.4 to 7.23.2 (#1698)
    • build(deps-dev): bump @ types/chai-as-promised from 7.1.4 to 7.1.5 (#1697)
    • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#1696)
    • build(deps-dev): bump @ typescript-eslint/parser from 5.12.0 to 5.23.0 (#1695)
    • build(deps-dev): bump sinon from 13.0.2 to 14.0.0 (#1692)
    • build(deps-dev): bump nock from 13.2.2 to 13.2.4 (#1691)
    • build(deps-dev): bump ts-node from 10.5.0 to 10.7.0 (#1690)
    • build(deps-dev): bump chai from 4.3.4 to 4.3.6 (#1689)
  • 10.2.0 - 2022-05-05
    Read more
  • 10.1.0 - 2022-04-21
    Read more
  • 10.0.2 - 2022-01-21
    Read more
  • 10.0.1 - 2021-12-15
    Read more
  • 10.0.0 - 2021-10-14
    Read more
from firebase-admin GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@guardrails
Copy link

guardrails bot commented Aug 2, 2022

⚠️ We detected 9 security issues in this pull request:

Insecure Processing of Data (1)
Docs Details
💡 Title: XSS - Reflected Cross Site Scripting, Severity: Medium

Email-Application/functions/index.js

Line 216 in 4e1be18

res.send(req.decodedClaims.uid);

More info on how to fix Insecure Processing of Data in JavaScript.

Vulnerable Libraries (8)
Severity Details
Critical [email protected] (t) - no patch available
Critical [email protected] (t) - no patch available
High [email protected] (t) - no patch available
High [email protected] (t) - no patch available
High [email protected] (t) - no patch available
Low [email protected] (t) - no patch available
Medium [email protected] (t) - no patch available
Critical [email protected] upgrade to: >=3.1.7

More info on how to fix Vulnerable Libraries in General and JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aravindvnair99 @snyk-bot