[Snyk] Upgrade firebase-admin from 5.10.0 to 5.13.1 #1

armandRobled · 2024-02-24T03:15:31Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade firebase-admin from 5.10.0 to 5.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 6 years ago, on 2018-07-23.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Uninitialized Memory Exposure npm:base64url:20180511	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-174125	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution npm:deep-extend:20180409	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-GRPC-598671	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution npm:extend:20180424	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:protobufjs:20180305	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Uninitialized Memory Exposure npm:atob:20180429	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Regular Expression Denial of Service (ReDoS) npm:node-forge:20180226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Insecure Randomness npm:cryptiles:20180710	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Uninitialized Memory Exposure npm:stringstream:20180511	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: firebase-admin

5.13.1 - 2018-07-23
- Upgraded Cloud Firestore client to v0.15.4.
- Exposed the Firestore Timestamp type from the admin.firestore namespace.
5.13.0 - 2018-07-17
- The Admin SDK can now read the Firebase/Google Cloud Platform project ID from both GCLOUD_PROJECT and GOOGLE_CLOUD_PROJECT environment variables.
- Upgraded the Cloud Firestore client from 0.14.0 to 0.15.2. This version of the Firestore client changes how date values are handled.
Authentication
- The Admin SDK can now create custom tokens without being initialized with service account credentials.
- The SDK accepts a new serviceAccountId app option, which can be used to specify just the client email of a service account.
- When deployed in an environment managed by Google (e.g. Google Cloud Functions), the SDK can auto discover a service account ID without any explicit configuration.
Database
- Updated typings of the admin.database.Query.once() method to return a more specific type.
Cloud Messaging
- Updated typings of the admin.messaging.WebpushNotification type to include all supported notification fields.
5.12.1 - 2018-05-15
- Admin SDK now lazy loads all child namespaces and certain heavy dependencies for faster load times. This change also ensures that only the sources for namespaces that are actually used get loaded into the Node.js process.
- Upgraded Cloud Firestore client to v0.14.0.
5.12.0 - 2018-04-05
Authentication
- A new auth.createSessionCookie() method for creating a session cookie from a Firebase ID token.
- A new auth.verifySessionCookie() method for validating a given session cookie string.
Cloud Messaging
- Added the mutableContent optional field to the messaging.Aps type. This can be used to set the mutable-content property when sending FCM messages to APNS targets.
- Added support for specifying arbitrary key-value fields in the messaging.Aps type.
5.11.0 - 2018-03-15
Firebase Auth
- A new auth.importUsers() method for importing users to Firebase Auth in bulk.
5.10.0 - 2018-03-09
- Upgraded Realtime Database client to v0.2.0. With this upgrade developers can call the admin.database().ref() method with another Reference instance as the argument.
- Upgraded Cloud Firestore client to v0.13.0.