Closed m-wagner98 closed 7 months ago
Hi @m-wagner98, thanks for bringing this to our attention. Let me communicate this with our engineers to update the dependency to the patched version. I’ll update this thread if I have any information to share.
In case it helps, the Steps to reproduce is just npm i firebase
And to see more details, followed by npm audit
Operating System
n/a
Browser Version
n/a
Firebase SDK Version
10.8.0
Firebase SDK Product:
Auth, Firestore, Functions, Storage
Describe your project's tooling
Angular app, built with ionic.
Describe the problem
The CI/CD pipeline fails because SonarQube detected a known vulnerability in the undici subdependency: https://github.com/advisories/GHSA-3787-6prv-h9w3
Steps and code to reproduce issue
Perform a SonarQube scan with the owasp dependency check plugin on a package.json where the "firebase": "^10.8.0" entry is present.