[Snyk] Upgrade firebase-admin from 11.3.0 to 12.1.0 #530

aravindvnair99 · 2024-05-07T21:38:41Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade firebase-admin from 11.3.0 to 12.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 13 versions ahead of your current version.
The recommended version was released 21 days ago, on 2024-04-16.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Infinite loop SNYK-JS-MARKDOWNIT-6483324	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Internal Property Tampering SNYK-JS-TAFFYDB-2992450	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Resource Exhaustion SNYK-JS-JOSE-6419224	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: firebase-admin

12.1.0 - 2024-04-16
New Features
- feat(rc): Add server side Remote Config support (#2529)
Miscellaneous
- [chore] Release 12.1.0 (#2532)
- Fix minor typo (#2533)
- chore: Excluding certain event_types from processing uid (#2370)
- build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
- build(deps-dev): bump @ firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
- build(deps): bump @ google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
- build(deps): bump undici in /.github/actions/send-email (#2521)
- build(deps-dev): bump @ firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
- build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
- build(deps): bump @ types/node from 20.11.30 to 20.12.2 (#2516)
- build(deps): bump @ google-cloud/firestore from 7.4.0 to 7.5.0 (#2517)
- build(deps-dev): bump @ firebase/app-compat from 0.2.28 to 0.2.29 (#2510)
- build(deps): bump @ google-cloud/storage from 7.7.0 to 7.9.0 (#2509)
- build(deps-dev): bump @ microsoft/api-extractor from 7.42.3 to 7.43.0 (#2511)
- build(deps): bump @ types/node from 20.11.24 to 20.11.30 (#2508)
- [chore] Fixed links to rtdb api docs (#2501)
- issue 2467: add async to send each loop to prevent local validation from throwing in an unknown state (#2469)
- build(deps): bump @ fastify/busboy from 2.1.0 to 2.1.1 (#2491)
- build(deps): bump follow-redirects in /.github/actions/send-email (#2497)
- build(deps): bump @ google-cloud/firestore from 7.3.0 to 7.4.0 (#2499)
- build(deps): bump jose from 4.15.4 to 4.15.5 (#2489)
- build(deps-dev): bump @ microsoft/api-extractor from 7.42.0 to 7.42.3 (#2485)
- build(deps): bump @ types/node from 20.11.19 to 20.11.24 (#2484)
- build(deps-dev): bump @ firebase/app-compat from 0.2.27 to 0.2.28 (#2483)
- build(deps-dev): bump @ microsoft/api-extractor from 7.40.3 to 7.42.0 (#2480)
- build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2473)
- build(deps-dev): bump nock from 13.5.3 to 13.5.4 (#2475)
- build(deps-dev): bump @ microsoft/api-extractor from 7.40.1 to 7.40.3 (#2465)
- build(deps-dev): bump nock from 13.5.1 to 13.5.3 (#2463)
- build(deps): bump @ types/node from 20.11.17 to 20.11.19 (#2464)
- build(deps): bump undici in /.github/actions/send-email (#2459)
- build(deps): bump @ types/node from 20.11.5 to 20.11.17 (#2455)
- build(deps-dev): bump mocha from 10.2.0 to 10.3.0 (#2454)
- build(deps-dev): bump @ microsoft/api-extractor from 7.39.4 to 7.40.1 (#2452)
- [chore] Update Github action workflows to fix node version and set-output deprecation warnings (#2431)
- [chore] Bump mailgun.js to v10.1.0 (#2451)
- build(deps): bump @ google-cloud/firestore from 7.1.0 to 7.3.0 (#2446)
- build(deps-dev): bump @ types/uuid from 9.0.7 to 9.0.8 (#2445)
- build(deps-dev): bump @ firebase/app-compat from 0.2.25 to 0.2.27 (#2443)
- build(deps-dev): bump @ types/sinon from 17.0.2 to 17.0.3 (#2442)
- [chore] Bump @ actions/core to ^1.10.1 to remove set-output warning and set action to use Node 20 (#2432)
- build(deps-dev): bump ts-node from 10.9.1 to 10.9.2 (#2435)
- build(deps-dev): bump @ firebase/api-documenter from 0.3.0 to 0.4.0 (#2433)
- build(deps-dev): bump nock from 13.4.0 to 13.5.1 (#2434)
- build(deps-dev): bump @ microsoft/api-extractor from 7.39.0 to 7.39.4 (#2436)
- build(deps-dev): bump eslint from 8.55.0 to 8.56.0 (#2422)
- build(deps-dev): bump chai from 4.3.10 to 4.4.1 (#2424)
- build(deps): bump @ types/node from 20.10.6 to 20.11.5 (#2428)
- build(deps-dev): bump @ microsoft/api-extractor from 7.38.4 to 7.39.0 (#2416)
- build(deps): bump @ fastify/busboy from 1.2.1 to 2.1.0 (#2406)
- build(deps): bump @ types/node from 20.10.3 to 20.10.6 (#2417)
- chore: Update Firebase integration test project setup instructions. (#2395)
12.0.0 - 2023-12-07
Read more
11.11.1 - 2023-11-23
Read more
11.11.0 - 2023-09-28
Read more
11.10.1 - 2023-07-13
Read more
11.10.0 - 2023-07-12
Read more
11.9.0 - 2023-05-30
Read more
11.8.0 - 2023-05-04
Read more
11.7.0 - 2023-04-18
Read more
11.6.0 - 2023-04-06
Read more
11.5.0 - 2023-01-19
11.4.1 - 2022-12-22
11.4.0 - 2022-12-15
11.3.0 - 2022-11-17