Recess icon indicating copy to clipboard operation
Recess copied to clipboard
verified publisher icon avinashkranjan

[Snyk] Security upgrade firebase from 4.8.0 to 10.9.0

Open avinashkranjan opened this issue 1 year ago • 2 comments

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Cross-site Scripting (XSS)
SNYK-JS-FIREBASEAUTH-8383231		   541  

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

Summary by Sourcery

Bug Fixes:

  • Upgrade firebase from version 4.8.0 to 10.9.0 to fix a Cross-site Scripting (XSS) vulnerability.

avinashkranjan avatar Nov 21 '24 23:11 avinashkranjan

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
recess ❌ Failed (Inspect) Nov 21, 2024 11:51pm

vercel[bot] avatar Nov 21 '24 23:11 vercel[bot]

Reviewer's Guide by Sourcery

This PR upgrades the firebase dependency from version 4.8.0 to 10.9.0 to address a medium severity Cross-site Scripting (XSS) vulnerability in the firebase-auth package. The upgrade is a major version jump that fixes the security issue SNYK-JS-FIREBASEAUTH-8383231 with a priority score of 541/1000.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Dependency version upgrade to patch security vulnerability
  • Updated firebase version from ^4.8.0 to ^10.9.0
  • Addresses Cross-site Scripting (XSS) vulnerability in firebase-auth package
  • Breaking change upgrade across multiple major versions
 package.json
package-lock.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in the pull request body to generate a PR summary at any time. You can also use this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

  • Contact our support team for questions or feedback.
  • Visit our documentation for detailed guides and information.
  • Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

sourcery-ai[bot] avatar Nov 21 '24 23:11 sourcery-ai[bot]

Thank you @avinashkranjan for taking out your valuable time in order to contribute to our project. Looking forward for more such amazing contributions :)

github-actions[bot] avatar Oct 22 '25 16:10 github-actions[bot]