[Snyk] Upgrade firebase-admin from 5.10.0 to 5.13.1 by Hawthorne001 · Pull Request #27 · Hawthorne001/quickstart-cpp

Hawthorne001 · 2024-05-15T05:49:58Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade firebase-admin from 5.10.0 to 5.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 6 years ago, on 2018-07-23.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary File Overwrite SNYK-JS-TAR-174125	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Uninitialized Memory Exposure npm:base64url:20180511	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Mature
Prototype Pollution npm:deep-extend:20180409	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-6139239	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-73638	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536531	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-567746	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution npm:extend:20180424	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:protobufjs:20180305	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Mature
Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579147	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-GRPC-598671	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579152	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Uninitialized Memory Exposure npm:stringstream:20180511	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Mature
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Uninitialized Memory Exposure npm:atob:20180429	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Mature
Insecure Randomness npm:cryptiles:20180710	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:node-forge:20180226	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0032, Social Trends: No, Days since published: 1865, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: firebase-admin

5.13.1 - 2018-07-23
- Upgraded Cloud Firestore client to v0.15.4.
- Exposed the Firestore Timestamp type from the admin.firestore namespace.
5.13.0 - 2018-07-17
- The Admin SDK can now read the Firebase/Google Cloud Platform project ID from both GCLOUD_PROJECT and GOOGLE_CLOUD_PROJECT environment variables.
- Upgraded the Cloud Firestore client from 0.14.0 to 0.15.2. This version of the Firestore client changes how date values are handled.
Authentication
- The Admin SDK can now create custom tokens without being initialized with service account credentials.
- The SDK accepts a new serviceAccountId app option, which can be used to specify just the client email of a service account.
- When deployed in an environment managed by Google (e.g. Google Cloud Functions), the SDK can auto discover a service account ID without any explicit configuration.
Database
- Updated typings of the admin.database.Query.once() method to return a more specific type.
Cloud Messaging
- Updated typings of the admin.messaging.WebpushNotification type to include all supported notification fields.
5.12.1 - 2018-05-15
- Admin SDK now lazy loads all child namespaces and certain heavy dependencies for faster load times. This change also ensures that only the sources for namespaces that are actually used get loaded into the Node.js process.
- Upgraded Cloud Firestore client to v0.14.0.
5.12.0 - 2018-04-05
Authentication
- A new auth.createSessionCookie() method for creating a session cookie from a Firebase ID token.
- A new auth.verifySessionCookie() method for validating a given session cookie string.
Cloud Messaging
- Added the mutableContent optional field to the messaging.Aps type. This can be used to set the mutable-content property when sending FCM messages to APNS targets.
- Added support for specifying arbitrary key-value fields in the messaging.Aps type.
5.11.0 - 2018-03-15
Firebase Auth
- A new auth.importUsers() method for importing users to Firebase Auth in bulk.
5.10.0 - 2018-03-09
- Upgraded Realtime Database client to v0.2.0. With this upgrade developers can call the admin.database().ref() method with another Reference instance as the argument.
- Upgraded Cloud Firestore client to v0.13.0.

from firebase-admin GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade firebase-admin from 5.10.0 to 5.13.1. See this package in npm: https://www.npmjs.com/package/firebase-admin See this project in Snyk: https://app.snyk.io/org/hawthorne001/project/6cb08067-7e0f-4511-9766-bfe74f81f1eb?utm_source=github&utm_medium=referral&page=upgrade-pr

socket-security · 2024-05-15T05:53:02Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@firebase/app-types@0.3.10	None	`0`	8.28 kB	feiyang.chen
npm/@firebase/app@0.3.17	None	`0`	334 kB	feiyang.chen
npm/@firebase/database-types@0.3.11	None	`0`	4.87 kB	feiyang.chen
npm/@firebase/database@0.3.20	eval	`0`	6.39 MB	feiyang.chen
npm/@firebase/logger@0.1.13	None	`0`	50.4 kB	feiyang.chen
npm/@firebase/util@0.2.14	None	`0`	635 kB	feiyang.chen
npm/@google-cloud/firestore@0.15.4	environment	`+5`	841 kB	google-node-team
npm/@mapbox/node-pre-gyp@1.0.11	environment, filesystem	`+2`	248 kB	mapbox-npm-01
npm/@nodelib/fs.stat@1.1.3	filesystem	`0`	8.88 kB	mrmlnc
npm/@types/bytebuffer@5.0.49	None	`0`	23.4 kB	types
npm/@types/caseless@0.12.5	None	`0`	4.72 kB	types
npm/@types/duplexify@3.6.4	None	`0`	4.29 kB	types
npm/@types/request@2.48.12	Transitive: filesystem, network	`+1`	61.1 kB	types
npm/@types/tough-cookie@4.0.5	None	`0`	13.5 kB	types
npm/abort-controller@3.0.0	None	`0`	76.3 kB	mysticatea
npm/acorn@5.7.4	None	`0`	2.02 MB	marijn
npm/agent-base@6.0.2	None	`0`	34.6 kB	tootallnate
npm/ajv@6.12.6	eval	`0`	929 kB	esp
npm/ansi-regex@5.0.1	None	`0`	5.61 kB	qix
npm/aproba@2.0.0	None	`0`	8.05 kB	iarna
npm/are-we-there-yet@2.0.0	Transitive: environment	`+3`	185 kB	gar
npm/array-buffer-byte-length@1.0.1	None	`0`	13.5 kB	ljharb
npm/arraybuffer.prototype.slice@1.0.3	None	`0`	20.2 kB	ljharb
npm/atob@2.1.2	None	`0`	36.2 kB	coolaj86
npm/available-typed-arrays@1.0.7	None	`0`	20.4 kB	ljharb
npm/aws4@1.12.0	environment	`0`	23.5 kB	hichaelmart
npm/balanced-match@1.0.2	None	`0`	6.94 kB	juliangruber
npm/braces@2.3.2	None	`+2`	69.6 kB	jonschlinkert
npm/call-bind@1.0.7	None	`0`	22.1 kB	ljharb
npm/call-me-maybe@1.0.2	None	`0`	3.79 kB	limulus
npm/chownr@2.0.0	filesystem	`0`	5.75 kB	isaacs
npm/color-support@1.1.3	None	`0`	9.23 kB	isaacs
npm/component-emitter@1.3.1	None	`0`	6.3 kB	sindresorhus
npm/core-js@2.6.12	environment, eval, filesystem	`0`	2.26 MB	zloirock
npm/data-view-buffer@1.0.1	None	`0`	12.3 kB	ljharb
npm/data-view-byte-length@1.0.1	None	`0`	9.99 kB	ljharb
npm/data-view-byte-offset@1.0.0	None	`0`	12.2 kB	ljharb
npm/decode-uri-component@0.2.2	None	`0`	6.09 kB	samverschueren
npm/deep-equal@1.1.2	None	`0`	75.3 kB	ljharb
npm/define-data-property@1.1.4	None	`0`	30.9 kB	ljharb
npm/define-properties@1.2.1	None	`0`	12.9 kB	ljharb
npm/detect-libc@2.0.3	filesystem, shell	`0`	23.6 kB	lovell
npm/diff-match-patch@1.0.5	None	`0`	97.4 kB	jackub
npm/dom-storage@2.1.0	filesystem	`0`	17.5 kB	coolaj86
npm/duplexify@3.7.1	None	`0`	17.1 kB	mafintosh
npm/eastasianwidth@0.2.0	None	`0`	13.6 kB	komagata
npm/ecdsa-sig-formatter@1.0.11	None	`0`	20.6 kB	d2l-travis-deploy
npm/emoji-regex@8.0.0	None	`0`	48.3 kB	mathias
npm/empower-core@1.2.0	None	`0`	26.1 kB	twada
npm/empower@1.3.1	None	`0`	70.9 kB	twada
npm/es-abstract@1.23.3	None	`0`	2.38 MB	ljharb
npm/es-define-property@1.0.0	None	`0`	11.8 kB	ljharb
npm/es-errors@1.3.0	None	`0`	12.3 kB	ljharb
npm/es-object-atoms@1.0.0	None	`0`	9.17 kB	ljharb
npm/es-set-tostringtag@2.0.3	None	`0`	13.9 kB	ljharb
npm/es-to-primitive@1.2.1	None	`0`	40.4 kB	ljharb
npm/es6-promise@4.2.8	None	`0`	315 kB	stefanpenner
npm/es6-promisify@5.0.0	None	`0`	7.76 kB	digitaldesignlabs
npm/espurify@1.8.1	None	`0`	78.9 kB	twada
npm/estraverse@4.3.0	None	`0`	36.3 kB	michaelficarra
npm/event-target-shim@5.0.1	None	`0`	189 kB	mysticatea
npm/extend@3.0.2	None	`0`	23.5 kB	ljharb
npm/fast-deep-equal@3.1.3	None	`0`	13 kB	esp
npm/fast-glob@2.2.7	None	`0`	126 kB	mrmlnc
npm/fast-json-stable-stringify@2.1.0	None	`0`	17 kB	esp
npm/find-up@2.1.0	None	`0`	4.8 kB	sindresorhus
npm/firebase-admin@5.13.1	environment, filesystem, network	`0`	351 kB	firebase-ops
npm/for-each@0.3.3	None	`0`	13 kB	ljharb
npm/fs-minipass@2.1.0	filesystem	`+2`	76.9 kB	isaacs
npm/function-bind@1.1.2	None	`0`	31.4 kB	ljharb
npm/function.prototype.name@1.1.6	None	`0`	25.5 kB	ljharb
npm/functions-have-names@1.2.3	None	`0`	16.7 kB	ljharb
npm/gauge@3.0.2	None	`0`	48.5 kB	gar
npm/gaxios@1.8.4	environment, network	`+2`	108 kB	justinbeckwith
npm/get-intrinsic@1.2.4	eval	`0`	41.6 kB	ljharb
npm/get-symbol-description@1.0.2	None	`0`	14.3 kB	ljharb
npm/glob@7.2.3	filesystem	`0`	55.1 kB	isaacs
npm/globalthis@1.0.4	None	`0`	23.7 kB	ljharb
npm/globby@8.0.2	filesystem	`0`	12.4 kB	sindresorhus
npm/google-auth-library@1.6.1	environment, filesystem, shell	`0`	269 kB	google-node-team
npm/google-gax@0.17.1	filesystem	`0`	315 kB	googleapis-packages
npm/google-p12-pem@1.0.5	filesystem	`+2`	1.71 MB	google-wombot
npm/google-proto-files@0.16.1	None	`0`	2.96 MB	fenster
npm/gopd@1.0.1	None	`0`	7.7 kB	ljharb
npm/grpc@1.24.11	filesystem	`+1`	26.5 MB	murgatroid99
npm/gtoken@2.3.3	filesystem	`0`	25.9 kB	google-node-team
npm/har-validator@5.1.5	None	`0`	8.22 kB	ahmadnassri
npm/has-bigints@1.0.2	None	`0`	12.8 kB	ljharb
npm/has-property-descriptors@1.0.2	None	`0`	10.9 kB	ljharb
npm/has-proto@1.0.3	None	`0`	12 kB	ljharb
npm/has-symbols@1.0.3	None	`0`	20.6 kB	ljharb
npm/has-tostringtag@1.0.2	None	`0`	17.6 kB	ljharb
npm/hasown@2.0.2	None	`0`	8.77 kB	ljharb
npm/http-parser-js@0.5.8	None	`0`	25.8 kB	jimbly
npm/https-proxy-agent@5.0.1	network	`0`	26 kB	tootallnate
npm/ignore@3.3.10	None	`0`	21.7 kB	kael
npm/internal-slot@1.0.7	None	`0`	20.5 kB	ljharb
npm/is-accessor-descriptor@1.0.1	None	`0`	20.3 kB	ljharb
npm/is-arguments@1.1.1	None	`0`	28.8 kB	ljharb
npm/is-array-buffer@3.0.4	None	`0`	17.6 kB	ljharb
npm/is-bigint@1.0.4	None	`0`	14.8 kB	ljharb
npm/is-boolean-object@1.1.2	None	`0`	22.1 kB	ljharb
npm/is-callable@1.2.7	None	`0`	28.9 kB	ljharb
npm/is-data-descriptor@1.0.1	None	`0`	18.8 kB	ljharb
npm/is-data-view@1.0.1	None	`0`	15.6 kB	ljharb
npm/is-date-object@1.0.5	None	`0`	20.8 kB	ljharb
npm/is-descriptor@1.0.3	None	`0`	20.6 kB	ljharb
npm/is-fullwidth-code-point@3.0.0	None	`0`	4.99 kB	sindresorhus
npm/is-glob@4.0.3	None	`0`	13.6 kB	phated
npm/is-negative-zero@2.0.3	None	`0`	27.1 kB	ljharb
npm/is-number-object@1.0.7	None	`0`	22.2 kB	ljharb
npm/is-regex@1.1.4	None	`0`	30.1 kB	ljharb
npm/is-shared-array-buffer@1.0.3	None	`0`	18.7 kB	ljharb
npm/is-stream-ended@0.1.4	None	`0`	2.68 kB	stephenplusplus
npm/is-string@1.0.7	None	`0`	19.1 kB	ljharb
npm/is-symbol@1.0.4	None	`0`	22 kB	ljharb
npm/is-typed-array@1.1.13	None	`0`	23.3 kB	ljharb
npm/is-weakref@1.0.2	None	`0`	12.1 kB	ljharb
npm/json-schema-traverse@0.4.1	None	`0`	19.6 kB	esp
npm/jwa@1.4.1	None	`0`	13.7 kB	omsmith
npm/jws@3.2.2	None	`0`	17.7 kB	omsmith
npm/kind-of@6.0.3	None	`0`	22.8 kB	doowb
npm/locate-path@2.0.0	None	`0`	3.97 kB	sindresorhus
npm/lodash.camelcase@4.3.0	None	`0`	21.9 kB	jdalton
npm/lodash.clone@4.5.0	None	`0`	48.6 kB	jdalton
npm/lodash.merge@4.6.2	None	`0`	54.1 kB	jdalton
npm/lodash@4.17.21	None	`0`	1.41 MB	bnjmnt4n
npm/lru-cache@4.1.5	environment	`0`	17.8 kB	isaacs
npm/merge2@1.4.1	None	`0`	8.9 kB	zensh
npm/micromatch@3.1.10	None	`0`	84.8 kB	jonschlinkert
npm/mime-db@1.52.0	None	`0`	206 kB	dougwilson
npm/mime-types@2.1.35	None	`0`	18.3 kB	dougwilson
npm/minimatch@3.1.2	None	`0`	34.9 kB	isaacs
npm/minipass@5.0.0	None	`0`	69.5 kB	isaacs
npm/minizlib@2.1.2	None	`0`	17.3 kB	isaacs
npm/mixin-deep@1.3.2	None	`0`	7.22 kB	doowb
npm/mkdirp@1.0.4	environment, filesystem	`0`	19.1 kB	isaacs
npm/nan@2.19.0	None	`0`	429 kB	kkoopa
npm/nanomatch@1.2.13	None	`0`	86.3 kB	jonschlinkert
npm/node-fetch@2.7.0	network	`0`	162 kB	node-fetch-bot
npm/nopt@5.0.0	environment	`0`	25.8 kB	isaacs
npm/npmlog@5.0.1	None	`0`	16.6 kB	gar
npm/oauth-sign@0.9.0	None	`0`	13.8 kB	simov
npm/object-inspect@1.13.1	None	`0`	97.2 kB	ljharb
npm/object-is@1.1.6	None	`0`	27 kB	ljharb
npm/object-keys@1.1.1	None	`0`	26.5 kB	ljharb
npm/object.assign@4.1.5	None	`0`	72.7 kB	ljharb
npm/p-limit@1.3.0	None	`0`	3.96 kB	sindresorhus
npm/p-locate@2.0.0	None	`0`	5.05 kB	sindresorhus
npm/p-try@1.0.0	None	`0`	2.8 kB	sindresorhus
npm/path-exists@3.0.0	filesystem	`0`	3.32 kB	sindresorhus
npm/pkg-up@2.0.0	None	`0`	3.28 kB	sindresorhus
npm/possible-typed-array-names@1.0.0	None	`0`	10.9 kB	ljharb
npm/power-assert-context-formatter@1.2.0	None	`0`	9.78 kB	twada
npm/power-assert-context-reducer-ast@1.2.0	None	`0`	7.44 kB	twada
npm/power-assert-context-traversal@1.2.0	None	`0`	9.5 kB	twada
npm/power-assert-renderer-assertion@1.2.0	None	`0`	4.17 kB	twada
npm/power-assert-renderer-comparison@1.2.0	None	`0`	9.14 kB	twada
npm/power-assert-renderer-diagram@1.2.0	None	`0`	8.43 kB	twada
npm/power-assert-renderer-file@1.2.0	None	`0`	2.85 kB	twada
npm/power-assert-util-string-width@1.2.0	None	`0`	3.19 kB	twada
npm/power-assert@1.6.1	None	`0`	651 kB	twada
npm/protobufjs@6.11.4	filesystem, network	`+2`	16.7 MB	google-wombot
npm/psl@1.9.0	None	`0`	461 kB	lupomontero
npm/punycode@2.3.1	None	`0`	33.5 kB	google-wombot
npm/regexp.prototype.flags@1.5.2	None	`0`	40.4 kB	ljharb
npm/repeat-element@1.1.4	None	`0`	5.39 kB	jonschlinkert
npm/request@2.88.2	environment, filesystem, network	`+1`	335 kB	mikeal
npm/rimraf@3.0.2	filesystem	`0`	17.3 kB	isaacs
npm/safe-array-concat@1.1.2	None	`+1`	19.8 kB	ljharb
npm/safe-regex-test@1.0.3	None	`0`	10.2 kB	ljharb
npm/semver@7.6.2	None	`0`	95.4 kB	npm-cli-ops
npm/set-function-length@1.2.2	None	`0`	14.7 kB	ljharb
npm/set-function-name@2.0.2	None	`0`	16.7 kB	ljharb
npm/set-value@2.0.1	None	`0`	10.3 kB	doowb
npm/side-channel@1.0.6	None	`0`	23.2 kB	ljharb
npm/source-map-resolve@0.5.3	None	`0`	34.3 kB	lydell
npm/source-map-url@0.4.1	None	`0`	7.66 kB	lydell
npm/stream-events@1.0.5	None	`0`	3.03 kB	stephenplusplus
npm/string-width@4.2.3	None	`0`	5.16 kB	sindresorhus
npm/string.prototype.trim@1.2.9	None	`0`	33.5 kB	ljharb
npm/string.prototype.trimend@1.0.8	None	`0`	22.1 kB	ljharb
npm/string.prototype.trimstart@1.0.8	None	`0`	22.9 kB	ljharb
npm/stringifier@1.4.1	None	`0`	81.3 kB	twada
npm/strip-ansi@6.0.1	None	`0`	4.03 kB	sindresorhus
npm/tar@6.2.1	environment, filesystem	`0`	167 kB	isaacs
npm/tough-cookie@2.5.0	network	`0`	86.6 kB	jstash
npm/tr46@0.0.3	None	`0`	268 kB	sebmaster
npm/traverse@0.6.9	None	`0`	83.4 kB	ljharb
npm/tslib@1.9.3	None	`0`	58.4 kB	typescript
npm/typed-array-buffer@1.0.2	None	`0`	13.1 kB	ljharb
npm/typed-array-byte-length@1.0.1	None	`0`	20 kB	ljharb
npm/typed-array-byte-offset@1.0.2	None	`0`	20.3 kB	ljharb
npm/typed-array-length@1.0.6	None	`0`	23.3 kB	ljharb
npm/typedarray.prototype.slice@1.0.3	None	`0`	20.6 kB	ljharb
npm/unbox-primitive@1.0.2	None	`0`	14.9 kB	ljharb
npm/undici-types@5.26.5	None	`0`	73.1 kB	ethan_arrowood
npm/union-value@1.0.1	None	`0`	6.83 kB	doowb
npm/uri-js@4.4.1	None	`0`	470 kB	garycourt
npm/use@3.1.1	None	`0`	9.51 kB	jonschlinkert
npm/uuid@3.4.0	None	`0`	34.3 kB	ctavan
npm/webidl-conversions@3.0.1	None	`0`	12.4 kB	sebmaster
npm/websocket-driver@0.7.4	network	`0`	67.4 kB	jcoglan
npm/websocket-extensions@0.1.4	None	`0`	55 kB	jcoglan
npm/whatwg-url@5.0.0	None	`0`	49.9 kB	domenic
npm/which-boxed-primitive@1.0.2	None	`0`	15 kB	ljharb
npm/which-typed-array@1.1.15	None	`0`	40.7 kB	ljharb
npm/wide-align@1.1.5	None	`0`	4.47 kB	iarna
npm/xmlhttprequest@1.8.0	filesystem, network, shell	`0`	21.7 kB	driverdan
npm/y18n@3.2.2	filesystem	`0`	9.01 kB	oss-bot

🚮 Removed packages: npm/@firebase/app-types@0.1.2, npm/@firebase/app@0.1.10, npm/@firebase/database-types@0.2.0, npm/@firebase/database@0.2.1, npm/@firebase/logger@0.1.0, npm/@firebase/util@0.1.10, npm/@google-cloud/common-grpc@0.6.0, npm/@google-cloud/firestore@0.13.0, npm/acorn@4.0.13, npm/ajv@5.5.2, npm/atob@2.0.3, npm/aws4@1.6.0, npm/bad-words@1.6.1, npm/badwords-list@1.0.0, npm/balanced-match@1.0.0, npm/base64url@2.0.0, npm/boom@4.3.1, npm/braces@2.3.1, npm/call-me-maybe@1.0.1, npm/capitalize-sentence@0.1.5, npm/co@4.6.0, npm/component-emitter@1.2.1, npm/core-js@2.5.3, npm/cryptiles@3.1.2, npm/decode-uri-component@0.2.0, npm/deep-equal@1.0.1, npm/define-properties@1.1.2, npm/diff-match-patch@1.0.0, npm/duplexify@3.5.4, npm/eastasianwidth@0.1.1, npm/ecdsa-sig-formatter@1.0.9, npm/empower-core@0.6.2, npm/empower@1.2.3, npm/espurify@1.7.0, npm/estraverse@4.2.0, npm/extend@3.0.1, npm/fast-deep-equal@1.1.0, npm/fast-glob@2.2.0, npm/fast-json-stable-stringify@2.0.0, npm/faye-websocket@0.9.3, npm/firebase-admin@5.10.0, npm/foreach@2.0.5, npm/glob@7.1.2, npm/globby@8.0.1, npm/google-auth-library@1.3.2, npm/google-gax@0.15.0, npm/google-p12-pem@1.0.2, npm/google-proto-files@0.15.1, npm/grpc@1.9.1, npm/gtoken@2.2.0, npm/har-validator@5.0.3, npm/hawk@6.0.2, npm/hoek@4.2.1, npm/http-parser-js@0.4.11, npm/ignore@3.3.7, npm/is-accessor-descriptor@1.0.0, npm/is-data-descriptor@1.0.0, npm/is-descriptor@1.0.2, npm/is-glob@4.0.0, npm/is-odd@2.0.0, npm/is-stream-ended@0.1.3, npm/json-schema-traverse@0.3.1, npm/jwa@1.1.5, npm/jws@3.1.4, npm/kind-of@6.0.2, npm/lodash@4.17.5, npm/lru-cache@4.1.2, npm/merge2@1.2.1, npm/micromatch@3.1.9, npm/mime-db@1.33.0, npm/mime-types@2.1.18, npm/minimatch@3.0.4, npm/mixin-deep@1.3.1, npm/nan@2.10.0, npm/nanomatch@1.2.9, npm/node-forge@0.7.1, npm/npm@5.8.0, npm/oauth-sign@0.8.2, npm/object-keys@1.0.11, npm/power-assert-context-formatter@1.1.1, npm/power-assert-context-reducer-ast@1.1.2, npm/power-assert-context-traversal@1.1.1, npm/power-assert-renderer-assertion@1.1.1, npm/power-assert-renderer-comparison@1.1.1, npm/power-assert-renderer-diagram@1.1.2, npm/power-assert-renderer-file@1.1.1, npm/power-assert-util-string-width@1.1.1, npm/power-assert@1.4.4, npm/protobufjs@5.0.2, npm/punycode@1.4.1, npm/repeat-element@1.1.2, npm/request@2.85.0, npm/set-value@2.0.0, npm/sntp@2.1.0, npm/source-map-resolve@0.5.1, npm/source-map-url@0.4.0, npm/stream-events@1.0.2, npm/stringifier@1.3.0, npm/stringstream@0.0.5, npm/tough-cookie@2.3.4, npm/traverse@0.6.6, npm/tslib@1.9.0, npm/union-value@1.0.0, npm/use@3.1.0, npm/uuid@3.2.1, npm/websocket-driver@0.7.0, npm/websocket-extensions@0.1.3, npm/y18n@3.2.1

View full report↗︎

socket-security · 2024-05-15T05:53:05Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/core-js@2.6.12	Install script: postinstall Source: `node -e "try{require('./postinstall')}catch(e){}"`	`functions/testapp/functions/package-lock.json`
Install scripts	npm/grpc@1.24.11	Install script: install Source: `node-pre-gyp install --fallback-to-build --library=static_library`	`functions/testapp/functions/package-lock.json`

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/core-js@2.6.12
@SocketSecurity ignore npm/grpc@1.24.11

Hawthorne001 merged commit 62c091c into main May 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade firebase-admin from 5.10.0 to 5.13.1#27

[Snyk] Upgrade firebase-admin from 5.10.0 to 5.13.1#27
Hawthorne001 merged 1 commit intomainfrom
snyk-upgrade-5036a15392c1236e0897c78dd9718bc3

Hawthorne001 commented May 15, 2024

Authentication

Database

Cloud Messaging

Authentication

Cloud Messaging

Firebase Auth

Uh oh!

socket-security bot commented May 15, 2024

Uh oh!

socket-security bot commented May 15, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Hawthorne001 commented May 15, 2024

Snyk has created this PR to upgrade firebase-admin from 5.10.0 to 5.13.1.

Authentication

Database

Cloud Messaging

Authentication

Cloud Messaging

Firebase Auth

Uh oh!

socket-security bot commented May 15, 2024

Uh oh!

socket-security bot commented May 15, 2024

Next steps

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants