angularfire icon indicating copy to clipboard operation
angularfire copied to clipboard

Published 20 hours ago verified publisher icon angular

@angular/fire has a transitive vulnerable dependency to protobufjs 6.11.*

Open Arsnj opened this issue 10 months ago • 3 comments

Version info

Angular: 16.2.5

Firebase: 10.4.0

AngularFire: 7.6.1

Other (e.g. Ionic/Cordova, Node, browser, operating system): a

How to reproduce these conditions

Failing test unit, Stackblitz demonstrating the problem a

Steps to set up and reproduce a Sample data and security rules

a

Debug output

** Errors in the JavaScript console **

a

** Output from firebase.database().enableLogging(true); ** a ** Screenshots ** image image

Expected behavior

firestore > 4.2.*

protobufjs >7.2.4

Actual behavior

angular/fire depends on firestore 3.13.0 and protobufjs 6.11.*

Arsnj avatar Sep 19 '23 14:09 Arsnj

firebase initial issue: #7484

Arsnj avatar Sep 19 '23 14:09 Arsnj

firebase@10 is not appropriate for @angular/[email protected] https://github.com/angular/angularfire#angular-and-firebase-versions

rgant avatar Oct 07 '23 11:10 rgant

The Fix was backported to latest v8, v9, or v10 Firebase JS SDK.

Galileon-venta avatar May 08 '24 12:05 Galileon-venta