search

noovil / chrome-extension-manifestv3

11 stars 3 forks source link

Webpack and firebase version not in sync? #3

Open gedeon93 opened 2 years ago

gedeon93 commented 2 years ago

This was working fine a week ago. Webpack updated from 5.66.0 to 5.67.0 and Firebase from 9.6.3 to 9.6.4 inside package.json and the entire setup broke with 10 high severity issues. I am very new to working with npm and firebase. Hopefully my relative ignorance is just a simple fix.

MacBook-Pro ChromeExtensionFirebase % npm install firebase

added 113 packages, and audited 234 packages in 9s

22 packages are looking for funding
  run `npm fund` for details

10 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run npm audit for details.
MacBook-Pro ChromeExtensionFirebase % npm audit
npm audit report

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via npm audit fix --force
Will install firebase@8.10.0, which is a breaking change
node_modules/node-fetch
  @firebase/auth  <=0.0.900-exp.f919db6a9 || >=0.17.0-20217250818
  Depends on vulnerable versions of node-fetch
  node_modules/@firebase/auth
    firebase  0.800.3 - 0.900.25 || 7.9.1-0 - 7.9.1-canary.0396117e || 7.17.1-20206244562 - 7.17.1-canary.f1299756 || >=7.17.2-20206291717
    Depends on vulnerable versions of @firebase/auth
    Depends on vulnerable versions of @firebase/auth-compat
    Depends on vulnerable versions of @firebase/firestore
    Depends on vulnerable versions of @firebase/functions
    Depends on vulnerable versions of @firebase/storage
    Depends on vulnerable versions of @firebase/storage-compat
    node_modules/firebase
  @firebase/auth-compat  *
  Depends on vulnerable versions of node-fetch
  node_modules/@firebase/auth-compat
  @firebase/firestore  <=0.0.900-exp.f919db6a9 || 1.16.2-20206244562 - 1.16.2-canary.f1299756 || >=1.16.3-20206291717
  Depends on vulnerable versions of node-fetch
  node_modules/@firebase/firestore
    @firebase/firestore-compat  *
    Depends on vulnerable versions of @firebase/firestore
    node_modules/@firebase/firestore-compat
  @firebase/functions  <=0.0.900-exp.f919db6a9 || 0.4.51-202088235442 - 0.4.51-eap-auth-emulator.df41ee388 || >=0.5.0-20209118324
  Depends on vulnerable versions of node-fetch
  node_modules/@firebase/functions
    @firebase/functions-compat  *
    Depends on vulnerable versions of @firebase/functions
    node_modules/@firebase/functions-compat
  @firebase/storage  <=0.0.900-exp.f43d0c698 || 0.5.5-202151602035 - 0.5.5-canary.f6e1645ef || 0.5.6-20216122160 - 0.9.1
  Depends on vulnerable versions of node-fetch
  node_modules/@firebase/storage
    @firebase/storage-compat  *
    Depends on vulnerable versions of @firebase/storage
    node_modules/@firebase/storage-compat

10 high severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
noovil commented 2 years ago

@gedeon93 Hmm I'm not sure what the issue is. Do you have to use the updated version? If not, you can uninstall webpack and firebase first, then reinstall the previous version with 

npm i webpack@[version number]
npm i firebase@[version number]