search

angular / angularfire

Angular + Firebase = ❤️
https://firebaseopensource.com/projects/angular/angularfire2
MIT License
7.64k stars 2.2k forks source link

@angular/fire has a transitive vulnerable dependency to protobufjs 6.11.* #3438

Open Arsnj opened 10 months ago

Arsnj commented 10 months ago

Version info

Angular: 16.2.5

Firebase: 10.4.0

AngularFire: 7.6.1

Other (e.g. Ionic/Cordova, Node, browser, operating system): a

How to reproduce these conditions

Failing test unit, Stackblitz demonstrating the problem a

Steps to set up and reproduce a Sample data and security rules

a

Debug output

Errors in the JavaScript console

a

Output from firebase.database().enableLogging(true); a Screenshots image image

Expected behavior

firestore > 4.2.*

protobufjs >7.2.4

Actual behavior

angular/fire depends on firestore 3.13.0 and protobufjs 6.11.*

Arsnj commented 10 months ago

firebase initial issue: #7484

rgant commented 9 months ago

firebase@10 is not appropriate for @angular/fire@7.6.1 https://github.com/angular/angularfire#angular-and-firebase-versions

Galileon-venta commented 2 months ago

The Fix was backported to latest v8, v9, or v10 Firebase JS SDK.