google-oss-bot
commented
7 years ago Hey there! I couldn't figure out what this issue is about, so I've labeled it for a human to triage. Hang tight.
Closed motss closed 7 years ago
google-oss-bot
commented
7 years ago Hey there! I couldn't figure out what this issue is about, so I've labeled it for a human to triage. Hang tight.
hiranya911
commented
7 years ago What exactly is the problem here? Can you provide more details about the type of error/vulnerability found in jsonwebtoken?
motss
commented
7 years ago @hiranya911 When running snyk test command, it will check all the NPM dependencies and it hit the jsonwebtoken dependency inside the firebase-admin with the error Invalid error: Invalid version: "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-7.2.0.tgz and the snyk check stops and never able to complete the vulnerability check.
Is this something related to firebase-admin?
hiranya911
commented
7 years ago I still don't understand what the problem is. Why is 7.2.0 an invalid version? It is not the latest version available (latest seems to be 7.4.1). But it should be fine to depend on an older version.
hiranya911
commented
7 years ago I'm closing this, as it appears this is not a Firebase SDK issue. Check the referenced snyk issue for more context.
[READ] Step 1: Are you in the right place?
[REQUIRED] Step 2: Describe your environment
[REQUIRED] Step 3: Describe the problem
Steps to reproduce:
As a regular snyk user, running
snyk testto check for vulnerabilities of all NPM dependencies and the latest Firebase Admin could not pass the test and discovered thatjsonwebtokenis the culprit. See the image below for more details: