Skip to content

[Snyk] Upgrade firebase-admin from 5.8.2 to 8.6.1 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade firebase-admin from 5.8.2 to 8.6.1 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade firebase-admin from 5.8.2 to 8.6.1.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 29 versions ahead of your current version.
  • The recommended version was released 9 days ago, on 2019-10-16.

The recommended version fixes:

Severity Title Issue ID
Prototype Pollution npm:extend:20180424
Prototype Pollution npm:deep-extend:20180409
Arbitrary File Overwrite SNYK-JS-TAR-174125
Regular Expression Denial of Service (ReDoS) npm:protobufjs:20180305
Regular Expression Denial of Service (ReDoS) npm:protobufjs:20180305
Prototype Override Protection Bypass npm:qs:20170213
Prototype Pollution SNYK-JS-LODASHMERGE-173732
Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409
Arbitrary File Overwrite SNYK-JS-FSTREAM-174725
Timing Attack npm:http-signature:20150122
Uninitialized Memory Exposure npm:tunnel-agent:20170305
Remote Memory Exposure npm:request:20160119
Prototype Pollution SNYK-JS-LODASHMERGE-173733
Regular Expression Denial of Service (ReDoS) npm:node-forge:20180226
Insecure Randomness npm:cryptiles:20180710
Uninitialized Memory Exposure npm:stringstream:20180511
Regular Expression Denial of Service (ReDoS) npm:debug:20170905
Regular Expression Denial of Service (ReDoS) npm:mime:20170907
Regular Expression Denial of Service (DoS) npm:hawk:20160119
Release notes
  • Package name: firebase-admin
    • 8.6.1 - 2019-10-16

      Authentication

      • [Fixed] UserRecord no longer exposes password hashes that are redacted due to lack of permissions in the service account credentials.
      • [Fixed] Updated the typings of the setCustomUserClaims() API to accept null.
    • 8.6.0 - 2019-09-18
      • [Feature] Added a new admin.securityRules() API for managing Firebase security rules applied on services like Cloud Firestore and Cloud Storage.
      • [Feature] Added getFirestoreRuleset() and getStorageRuleset() methods for retrieving rulesets that are currently in effect.
      • [Feature] Added releaseFirestoreRuleset() and releaseStorageRuleset() methods for creating new rulesets and applying them to Firestore and Storage.
      • [Feature] Added getRuleset(), createRuleset() and deleteRuleset() methods for managing the lifecycle of a ruleset.

      Cloud Messaging

      • [Feature] Added new APIs for specifying an image URL in notifications.
    • 8.5.0 - 2019-09-05

      Authentication

      • [Feature] Added multi-tenancy support to the authentication service (Google Cloud Identity Platform project required). Tenant related APIs are exposed via tenantManager() on the admin.auth interface.
      • [Feature] Added tenant management APIs authForTenant(), getTenant(), listTenants(), deleteTenant(), createTenant() and updateTenant() to the newly defined TenantManager.
      • [Feature] Defined TenantAwareAuth interface retrieved via TenantManager#authForTenant() for managing users, configuring SAML/OIDC providers, generating email links for password reset, email verification, etc for specific tenants.

      Realtime Database

      • [Fixed] Upgraded @firebase/database dependency version to 0.5.1. This helps avoid some peer dependency warnings that were observed during package installation.
    • 8.4.0 - 2019-08-21

      Cloud Messaging

      • [Feature] Added support for specifying the analytics label for notifications. Thanks chemidy for the contribution.
    • 8.3.0 - 2019-07-24

      Realtime Database

      Authentication

      • Implemented additional argument validation in the admin.auth().importUsers() API.

      Cloud Storage

      • Upgraded the @google-cloud/storage dependency to v3.0.0. This new major version drops support for Node.js versions older than v8. Since firebase-admin already supports only Node.js v8 and above, this does not have a noticeable impact on users of the Admin SDK.
    • 8.2.0 - 2019-06-19
      • Updated the metadata server URL (used by the application default credentials) to the v1 endpoint. This makes it possible to use the SDK in Google Kubernetes Engine again.

      Realtime Database

      • Upgraded the @firebase/database dependency to v0.4.4.

      Cloud Messaging

      • Gracefully handling array-like objects in messaging.sendAll() and messaging.sendMulticast() APIs.
    • 8.1.0 - 2019-06-11
      • The SDK now automatically retries HTTP calls failing due to 503 errors.

      Project Management

    • 8.0.0 - 2019-05-23
      • The Admin SDK no longer supports Node 6. Developers must use Node 8.13.0 or higher when deploying the Admin SDK.

      Cloud Firestore

      • Upgraded the Cloud Firestore client dependency to v2.0.0. This upgrade comes with a pure JS gRPC client implementation that is much smaller on disk.

      Cloud Storage

      • Upgraded the Cloud Storage client dependency to v2.5.0.
    • 7.4.0 - 2019-05-21
      • Support for Node 6 is now deprecated. Developers are recommended to use Node 8 or higher when deploying the Admin SDK. An upcoming release will completely drop Node 6 support.

      Cloud Firestore

      • Upgraded the Cloud Firestore client dependency to v1.3.0. This upgrade comes with a new API for executing collection group queries.

      Realtime Database

      • Updated typings of the admin.database.ThenableReference type to extend from the built-in Promise type.
    • 7.3.0 - 2019-04-17

      Firebase Auth

      • [feature] Added the provider config management APIs for managing OIDC and SAML provider configurations (CRUD) via auth.listProviderConfigs(), auth.getProviderConfig(), auth.deleteProviderConfig(), auth.updateProviderConfig() and auth.createProviderConfig().
    • 7.2.0 - 2019-03-28 
        </li>
  <li>
    <b>7.1.1</b> - <a href="">2019-03-20</a>
    
  </li>
  <li>
    <b>7.1.0</b> - <a href="">2019-03-14</a>
    
  </li>
  <li>
    <b>7.0.0</b> - <a href="">2019-01-31</a>
    
  </li>
  <li>
    <b>6.5.1</b> - <a href="">2019-01-23</a>
    
  </li>
  <li>
    <b>6.5.0</b> - <a href="">2019-01-09</a>
    
  </li>
  <li>
    <b>6.4.0</b> - <a href="">2018-12-12</a>
    
  </li>
  <li>
    <b>6.3.0</b> - <a href="">2018-11-28</a>
    
  </li>
  <li>
    <b>6.2.0</b> - <a href="">2018-11-19</a>
    
  </li>
  <li>
    <b>6.1.0</b> - <a href="">2018-10-23</a>
    
  </li>
  <li>
    <b>6.0.0</b> - <a href="">2018-08-09</a>
    
  </li>
  <li>
    <b>5.13.1</b> - <a href="">2018-07-23</a>
    
  </li>
  <li>
    <b>5.13.0</b> - <a href="">2018-07-17</a>
    
  </li>
  <li>
    <b>5.12.1</b> - <a href="">2018-05-15</a>
    
  </li>
  <li>
    <b>5.12.0</b> - <a href="">2018-04-05</a>
    
  </li>
  <li>
    <b>5.11.0</b> - <a href="">2018-03-15</a>
    
  </li>
  <li>
    <b>5.10.0</b> - <a href="">2018-03-09</a>
    
  </li>
  <li>
    <b>5.9.1</b> - <a href="">2018-02-28</a>
    
  </li>
  <li>
    <b>5.9.0</b> - <a href="">2018-02-14</a>
    
  </li>
  <li>
    <b>5.8.2</b> - <a href="">2018-01-30</a>
    
  </li>
</ul>
      • from [`firebase-admin` GitHub Release Notes](https://github.com/firebase/firebase-admin-node/releases)
------------

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot