Snyk reports new security vulnerability for firebase 7.17.2

mhnsn commented 3 years ago

[REQUIRED] Describe your environment

Operating System version: Windows
Browser version: Electron (Chromium)
Firebase SDK version: 7.17.2
Firebase Product: Auth? (The current release of firebase in npm)

[REQUIRED] Describe the problem

Snyk.io, an integration we use for security auditing, reports a new vulnerability in the version of node-fetch that firebase 7.17.2 uses. In our case, any new security vulnerability causes our CI pipeline to fail.

Steps to reproduce:

Run a snyk security audit on any nodejs project with firebase 7.17.2 installed.

Relevant Code:

package.json

hsubox76 commented 3 years ago

This has been fixed. Please update to the latest version of Firebase (currently 7.21.1)

mhnsn commented 3 years ago

Wonderful, thank you.

firebase / firebase-js-sdk