search

lansingcodes / api

Where we gather up and share what we know about coding events and organizations in Lansing, Michigan.
Other
2 stars 6 forks source link

Bump jsonwebtoken, firebase-admin and firebase-tools #103

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps jsonwebtoken to 9.0.0 and updates ancestor dependencies jsonwebtoken, firebase-admin and firebase-tools. These dependencies need to be updated together.

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates firebase-admin from 9.2.0 to 11.5.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v11.5.0

New Features

  • feat: Fix impersonated service account parsing exception (#1862)

Bug Fixes

  • fix(firestore): Fix PreferRest caching (#2040)

Miscellaneous

  • [chore] Release 11.5.0 (#2049)
  • chore: Increase test coverage for service account impersonation support (#2047)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2045)
  • build(deps): bump jwks-rsa from 2.1.5 to 3.0.1 (#2046)
  • build(deps-dev): bump @​typescript-eslint/parser from 5.47.0 to 5.48.2 (#2044)
  • build(deps): bump @​firebase/database-types from 0.9.17 to 0.10.0 (#2030)
  • build(deps): bump json5 from 2.2.1 to 2.2.3 (#2038)
  • build(deps-dev): bump eslint from 8.29.0 to 8.31.0 (#2033)
  • build(deps): bump @​firebase/database-compat from 0.2.10 to 0.3.0 (#2029)
  • build(deps-dev): bump sinon from 14.0.2 to 15.0.1 (#2028)

Firebase Admin Node.js SDK v11.4.1

Bug Fixes

  • fix: Update jsonwebtoken to v9.0.0 (#2025)

Miscellaneous

  • [chore] Release 11.4.1 (#2026)
  • build(deps-dev): bump mocha from 10.1.0 to 10.2.0 (#2019)
  • build(deps-dev): bump @​typescript-eslint/parser from 5.42.1 to 5.47.0 (#2020)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2018)

Firebase Admin Node.js SDK v11.4.0

Breaking Changes

  • change: Deprecate AutoML model support (#2013)

New Features

  • feat(fs): preferRest app option for Firestore (#1901)

Bug Fixes

  • fix(fcm): Increase batch send timeout to 15 seconds (#1999)
  • fix: Unregister socket timeout listener to prevent MaxListenersExceededWarning (#1993)

Miscellaneous

... (truncated)

Commits
  • 49251a8 [chore] Release 11.5.0 (#2049)
  • 1896500 chore: Increase test coverage for service account impersonation support (#2047)
  • dd98704 build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2045)
  • 46ad67c build(deps): bump jwks-rsa from 2.1.5 to 3.0.1 (#2046)
  • 71d0d14 build(deps-dev): bump @​typescript-eslint/parser from 5.47.0 to 5.48.2 (#2044)
  • b5c4f5a build(deps): bump @​firebase/database-types from 0.9.17 to 0.10.0 (#2030)
  • 63adec1 build(deps): bump json5 from 2.2.1 to 2.2.3 (#2038)
  • 6061ff6 fix(firestore): Fix PreferRest caching (#2040)
  • c81f572 feat: Fix impersonated service account parsing exception (#1862)
  • dc1d320 build(deps-dev): bump eslint from 8.29.0 to 8.31.0 (#2033)
  • Additional commits viewable in compare view


Updates firebase-tools from 8.12.1 to 11.21.0

Release notes

Sourced from firebase-tools's releases.

v11.21.0

  • Fix bug where CLI was unable to deploy Firebase Functions in some monorepo setups (#5391)
  • Upgrade Storage Rules Runtime to v1.1.3 to support ternary operators (#5370)
  • Fixes an issue where already deployed functions with the same remote configuration do not get skipped (#5354)
  • App Distribution: Links to new releases are now available. These links help you manage binaries and ensure that testers and other developers have the right release. (#5405)

v11.20.0

  • Fixes a bug in the pubsub emulator by forcing a shutdown if it didn't end cleanly. (#5294)
  • Fixes an issue where dependencies for emulated Extensions would not be installed on Windows - thanks @​stfsy! (#5372)
  • Adds emulator support for Extensions with schedule triggers - thanks @​stsfy! (#5374)
  • Update the Emulator Suite UI to v1.11.2 to capture a set of accessibility improvements. (#5394)
  • Fixes an issue in the Functions emulator where secret values were undefined after hot reload with the --inspect-functions flag. (#5384)
  • Fixes a bug where functions:delete command did not recognize '-' as delimiter. (#5290)
  • Reintroduces an updated Hosting emulator with i18n (#4879) and Windows path (#5133) fixes.

v11.19.0

  • Support for string list typed parameters in functions deployment (#5137)
  • Respect .npmrc in backends spun up for web frameworks (#5235)
  • Remove esbuild dependency, instead bundle Next.js configuration on deploy with NPX (#5336)
  • Add sharp NPM module to Cloud Functions when using Next.js Image Optimization (#5238)
  • Adds user-defined env vars into the functions emulator (#5330).
  • Support Next.js Middleware (#5320)
  • Log the reason for a Cloud Function if needed in Next.js (#5320)
  • Fixed service enablement when installing extensions with v2 functions (#5338)
  • Fix bug where functions:shell command didn't connect to emulators running on other processes. (#5269)
  • Fixed bug with Cross-Service Rules integration for Firestore documents containing nulls (#5342)

v11.18.0

  • Add support for Firestore TTL (#5267)
  • Fix bug where secrets were not loaded when emulating functions with --inpsect-functions. (#4605)
  • Handle Next.js rewrites/redirects/headers incompatible with firebase.json in Cloud Functions (#5212)
  • Filter out Next.js prerendered routes that matches rewrites/redirects/headers rules from SSG content directory (#5212)
  • Warn if a web framework's package.json contains anything other than the framework default build command.
  • Add support for nodejs18 for Cloud Functions for Firebase (#5319)

v11.17.0

  • Fix bug where disabling background triggers did nothing. (#5221)
  • Fix bug in auth emulator where empty string should throw invalid email instead of missing email. (#3898)
  • Fix bug in auth emulator in which createdAt was not set for signInWithIdp new users. (#5203)
  • Add region warning for emulated database functions (#5143)
  • Default to --no-localhost when calling login from Google Cloud Workstations
  • Support the x-goog-api-key header in auth emulator. (#5249)
  • Fix bug in deploying web frameworks when a predeploy hook was configured in firebase.json (#5199)
  • Fix bug where function deployments using --only filter sometimes failed deployments. (#5280)
  • Fix bug where ext:install would sometimes fail if no version was specified. (#5305)

v11.16.1

  • Updated the pubsub emulator to v0.7.1.
  • Updated some emulator download logic to pause after unzipping to avoid a file not found issue.
  • Fixes gzipped file handling in Storage Emulator.

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/lansingcodes/api/network/alerts).