search

anime-vsub / app

Free Anime watch app with no ads. Write with Kotlin & Java & Swift & Vue
https://app.animevsub.eu.org
GNU General Public License v3.0
33 stars 11 forks source link

[Snyk] Security upgrade @firebase/firestore from 3.13.0 to 4.1.1 #82

Closed tachibana-shin closed 1 month ago

tachibana-shin commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **791/1000**
**Why?** Currently trending on Twitter, Proof of Concept exploit, Has a fix available, CVSS 8.6 | Prototype Pollution
[SNYK-JS-PROTOBUFJS-5756498](https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-5756498) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @firebase/firestore The new version differs by 70 commits.
  • 03337aa Version Packages (#7560)
  • b6afe39 Merge master into release
  • d1eca54 Fix changeset checker to write to github output correctly (#7554)
  • 5dac8b3 [Auth] Fix auth event uncancellable bug (#7498)
  • 89fb9fd Upgrade webpack to v5 (#7540)
  • f497a40 Fix and skip flaky Firestore tests (#7552)
  • 040b0b4 Updates to our contributing guidance (#7526)
  • f73b24d Skip large sized bloom filter golden tests (#7537)
  • 6c7d079 Raise error if calling initializeRecaptchaConfig in node env (#7284)
  • 43e402f fix: Update proto loader (#7520)
  • c9e2b0b Add support for validating passwords against the password policy in auth (#7514)
  • 0038e11 Setup firestore tests for named db (#7505)
  • f9a232a Separate the implementation of initializeRecaptchaConfig (#7515)
  • b395277 Fix: Aggregate query order-by normalization (#7507)
  • e201e53 Firestore: equality_matcher.ts: fix missing custom assertion failure message in deep equals (#7519)
  • e037eee Export internal interface PrivateSettings for console (#7492)
  • 80a7f7c Pin the webdriver version in Firefox test to avoid install failures. (#7504)
  • b11cf61 Merge master into release
  • 146b699 Firestore: query_engine.test.ts: fix logic that checks `configureCsi` (#7501)
  • 503ca1e Increase GHA artifact retention from 2 to 14 days (#7495)
  • 66cebfb Run E2E tests on canary releases #7475
  • a5bf94c Firestore: query.test.ts: use a different Firestore instance instead of a WriteBatch
  • 223ac18 Merge branch 'release'
  • 1b9a21d Version Packages (#7478)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/tachibana-shin/project/fc75aa5c-072c-48bf-8fbb-6429386c87c4?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/tachibana-shin/project/fc75aa5c-072c-48bf-8fbb-6429386c87c4?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"38db7106-5cf8-4007-8336-f9c1a78aa1ff","prPublicId":"38db7106-5cf8-4007-8336-f9c1a78aa1ff","dependencies":[{"name":"@firebase/firestore","from":"3.13.0","to":"4.1.1"}],"packageManager":"npm","projectPublicId":"fc75aa5c-072c-48bf-8fbb-6429386c87c4","projectUrl":"https://app.snyk.io/org/tachibana-shin/project/fc75aa5c-072c-48bf-8fbb-6429386c87c4?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-PROTOBUFJS-5756498"],"upgrade":["SNYK-JS-PROTOBUFJS-5756498"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[791],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
stackblitz[bot] commented 1 year ago

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.