search

Jblew / firebase-functions-rate-limiter

Js/ts library that allows you to set per-time, per-user or per-anything limits for calling Firebase cloud functions
MIT License
100 stars 15 forks source link

Please update deps #36

Closed spicemix closed 2 years ago

spicemix commented 2 years ago

You're still on firebase-admin 9, which has a "high severity vulnerability" on node-forge as reported by npm audit:

# npm audit report

node-forge  <=1.2.1
Severity: high
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
No fix available
node_modules/firebase-functions-rate-limiter/node_modules/node-forge
  firebase-admin  5.0.0 - 10.0.1
  Depends on vulnerable versions of node-forge
  node_modules/firebase-functions-rate-limiter/node_modules/firebase-admin
    firebase-functions-rate-limiter  *
    Depends on vulnerable versions of firebase-admin
    node_modules/firebase-functions-rate-limiter

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Best way for us to keep working with this is if you would kindly update to firebase-admin 10 etc. and send out a new release. Thanks!

Jblew commented 2 years ago

Thanks for reaching to me, I'll try to do it asap. Sorry for making you wait so long

github-actions[bot] commented 2 years ago

:tada: This issue has been resolved in version 3.9.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket: