search

nuxt-community / firebase-module

🔥 Easily integrate Firebase into your Nuxt project. 🔥
https://firebase.nuxtjs.org
MIT License
640 stars 99 forks source link

Updating vulnerable firebase-admin version from 10.0.0 -> 12.1.0 #646

Open JeronimasDargis opened 1 month ago

JeronimasDargis commented 1 month ago

Version @nuxtjs/firebase: 8.2.2

Hi! 👋

I have noticed that this package is using a vulnerable firebase-admin version. firebase-admin version and its peer dependencies currently used in nuxt/firebase are responsible for multiple critical vulnerabilities.

If you run npm audit you'll find these CVE's being referenced:

https://github.com/advisories/GHSA-4g6q-77j7-vvjc https://github.com/advisories/GHSA-h755-8qp9-cq85

I want to propose updating firebase-admin to 12.1.0

diff --git a/node_modules/@nuxtjs/firebase/package.json b/node_modules/@nuxtjs/firebase/package.json
index eb1f421..159d339 100644
--- a/node_modules/@nuxtjs/firebase/package.json
+++ b/node_modules/@nuxtjs/firebase/package.json
@@ -69,6 +69,6 @@
     }
   },
   "optionalDependencies": {
-    "firebase-admin": "^10.0.0"
+    "firebase-admin": "^12.1.0"
   }
 }

This issue body was partially generated by patch-package.