Skip to content

[Snyk] Upgrade firebase-admin from 5.10.0 to 8.12.1 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade firebase-admin from 5.10.0 to 8.12.1 #2

wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

Snyk has created this PR to upgrade firebase-admin from 5.10.0 to 8.12.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 35 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2020-05-08.

The recommended version fixes:

Severity Issue Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:sshpk:20180409		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:protobufjs:20180305		 Mature
Prototype Pollution
npm:extend:20180424		 No Known Exploit
Prototype Pollution
npm:deep-extend:20180409		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WEBSOCKETEXTENSIONS-570623		 Proof of Concept
Arbitrary File Overwrite
SNYK-JS-TAR-174125		 No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213		 Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212		 Proof of Concept
Arbitrary File Overwrite
SNYK-JS-FSTREAM-174725		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 No Known Exploit
Uninitialized Memory Exposure
npm:stringstream:20180511		 Mature
Regular Expression Denial of Service (ReDoS)
npm:node-forge:20180226		 Proof of Concept
Insecure Randomness
npm:cryptiles:20180710		 No Known Exploit
Uninitialized Memory Exposure
npm:atob:20180429		 Mature
Prototype Pollution
SNYK-JS-MINIMIST-559764		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764		 Proof of Concept
Prototype Pollution
SNYK-JS-DOTPROP-543489		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-AXIOS-174505		 No Known Exploit
Information Exposure
SNYK-JS-KINDOF-537849		 Proof of Concept
Release notes
Package name: firebase-admin
  • 8.12.1 - 2020-05-08

    Miscellaneous

    • [chore] Release 8.12.1 (#883)
    • Mark UserMetadata::lastRefreshTime as optional. (#881)
    • Remove type aliases from toc.yaml (#877)
  • 8.12.0 - 2020-05-06

    New Features

    • feat(auth): Add bulk get/delete methods (#726)

    Miscellaneous

    • [chore] Release 8.12.0 (#878)
    • Bump jquery from 3.4.1 to 3.5.0 (#873)
    • Fixed lint (#868)
    • Refines UserRecord.customClaims type. (#866)
    • Generate camelcase doc paths for machineLearning module (#863)
    • Fix typo in release.yml (#862)
  • 8.11.0 - 2020-04-22

    New Features

    • feat: Remote Config Management API (#845)
    • feat(machine-learning): Adding Firebase ML management APIs (#850)

    Bug Fixes

    • fix(rtdb): Upgraded @firebase/database dependency to latest available (#859)
    • fix(auth): Defines missing DecodedIdToken types. (#852)
    • fix(auth): Fixing UserImportRecord typings declaration (#835)

    Miscellaneous

    • [chore] Release 8.11.0 (#861)
    • Update toc.yaml (#860)
    • Update Database types (#830)
    • Bump minimist from 1.2.0 to 1.2.3 (#839)
    • chore: Cleaning up package verification scripts (#822)
    • chore: Splitting the index.d.ts file into smaller files (#751)
    • Fixing Android notification options descriptions (#820)
    • Bump acorn from 6.1.1 to 6.4.1 (#815)
  • 8.10.0 - 2020-03-12

    New Features

    • feat(auth): Multi-factor Auth support with SMS for Google Cloud Identity Platform (#804)

    Miscellaneous

    • [chore] Release 8.10.0 (take 2) (#812)
    • [chore] Release 8.10.0 (#811)
    • chore: Adding a .npmrc file to the root of the repo (#810)
    • Defines MultiFactor{Create|Update}Settings interfaces. (#809)
    • Removes special char from index.d.ts. (#808)
    • Defines new MFA types in toc.yaml. (#807)
    • Fix revokeRefreshTokens to round consistently with the other platforms. (#801)
    • Build integration tests during CI (and release) (#800)
    • Fix compilation error in integration tests (#798)
    • chore: Enabling more ESLint checks and fixing errors (#797)
    • Enabling additional ESLint checks (#794)
    • chore: Migrated to ESlint (#790)
    • chore: Experimental release flow based on Actions (#780)
    • Improve customClaims Typing (#768)
    • Custom Action for sending Tweets (#784)
  • 8.9.2 - 2020-01-23
    • Fixed a credential loading issue that prevented some functions from being deployed via the Firebase CLI.
  • 8.9.1 - 2020-01-15

    Authentication

    • [Fixed] Fixed the inability to discover the project ID when running on GCP managed environments.
  • 8.9.0 - 2019-12-19
    • Fixed a bug in the admin.instanceId().deleteInstanceId() API that caused errors even when the operation completed successfully in the backend.
    • Upgraded the @google-cloud/firestore dependency to v3.0.0. See Firestore release notes for more details.

    Cloud Messaging

    • The sendMulticast() API now correctly copies the fcmOptions when sending a message to multiple recipients.

    Realtime Database

    • Upgraded the @firebase/database dependency to v0.5.17.
  • 8.8.0 - 2019-11-19

    Cloud Firestore

    • [Feature] Upgraded @google-cloud/firestore dependency version to 2.6.0.
      Thanks arjunyel for the contribution.

    Cloud Storage

    • [Changed] Upgraded @google-cloud/storage dependency version to 4.1.2. This version contains some minor breaking changes. Check the release notes of the dependency for more information. Thanks arjunyel for the contribution.

    Authentication

    • [Fixed] The verifyIdToken() method now correctly uses the http.Agent configured during SDK initialization.

    Cloud Messaging

    • [Fixed] Batch messaging APIs sendAll() and sendMulticast() now support sending up to 500 messages in a single call.
  • 8.7.0 - 2019-10-30

    Cloud Messaging

    • Added a series of new parameters to the AndroidNotification class
      that allow further customization of notifications that target Android devices.
  • 8.6.1 - 2019-10-16

    Authentication

    • [Fixed] UserRecord no longer exposes password hashes that are redacted due to lack of permissions in the service account credentials.
    • [Fixed] Updated the typings of the setCustomUserClaims() API to accept null.
  • 8.6.0 - 2019-09-18
  • 8.5.0 - 2019-09-05
  • 8.4.0 - 2019-08-21
  • 8.3.0 - 2019-07-24
  • 8.2.0 - 2019-06-19
  • 8.1.0 - 2019-06-11
  • 8.0.0 - 2019-05-23
  • 7.4.0 - 2019-05-21
  • 7.3.0 - 2019-04-17
  • 7.2.0 - 2019-03-28
  • 7.1.1 - 2019-03-20
  • 7.1.0 - 2019-03-14
  • 7.0.0 - 2019-01-31
  • 6.5.1 - 2019-01-23
  • 6.5.0 - 2019-01-09
  • 6.4.0 - 2018-12-12
  • 6.3.0 - 2018-11-28
  • 6.2.0 - 2018-11-19
  • 6.1.0 - 2018-10-23
  • 6.0.0 - 2018-08-09
  • 5.13.1 - 2018-07-23
  • 5.13.0 - 2018-07-17
  • 5.12.1 - 2018-05-15
  • 5.12.0 - 2018-04-05
  • 5.11.0 - 2018-03-15
  • 5.10.0 - 2018-03-09
from firebase-admin GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot