nextauthjs
bump(firebase-adapter): update firebase-admin dependency to version 12.0.0
☕️ Reasoning
There is a dependency resolution issue when trying to use @auth/firebase-adapter alongside firebase-admin.
Specifically "@auth/firebase-adapter": "^2.4.1" doesn't seem to support firebase-admin version 12 such as "firebase-admin": "^12.2.0"
Issue:
firebase-adapter peerDependencies and devDependancies of firebase-admin were update to v12.
🧢 Checklist
- [x] Documentation
- [x] Tests
- [x] Ready to be merged
🎫 Affected issues
None
📌 Resources
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| auth-docs | 🛑 Canceled (Inspect) | Aug 28, 2024 7:36pm |
1 Skipped Deployment
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| next-auth-docs | ⬜️ Ignored (Inspect) | Visit Preview | Aug 28, 2024 7:36pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
@tomas-mikula is attempting to deploy a commit to the authjs Team on Vercel.
A member of the Team first needs to authorize it.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@auth/[email protected]), npm/@radix-ui/[email protected]), npm/@radix-ui/[email protected]), npm/@radix-ui/[email protected]), npm/@types/[email protected]), npm/@types/[email protected]), npm/@types/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected]), npm/[email protected])
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
| Alert | Package | Note | Source | CI |
|---|---|---|---|---|
| Install scripts | npm/@swc/[email protected] |
| 🚫 | |
| Install scripts | npm/@sveltejs/[email protected] |
| 🚫 |
Next steps
What is an install script?
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/@swc/[email protected]@SocketSecurity ignore npm/@sveltejs/[email protected]
@thomas-desmond can change this peer dependency limit to something like >= 12, in order to allow any 12.x version?
Also you don't have to manually bump the version of the @auth/firebase-adapter package, that'll happen automatically in the CI release job :pray:
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 39.47%. Comparing base (
5122d2e) to head (bec43d9). Report is 1 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #11293 +/- ##
=======================================
Coverage 39.47% 39.47%
=======================================
Files 184 184
Lines 29262 29262
Branches 1263 1269 +6
=======================================
Hits 11552 11552
Misses 17710 17710
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey folks, any updates on this? I had hard time playing with the example repo and firebase adapter (tldr; it doesn't work) and fixing this would be really helpful Thanks!
@ndom91 is it now considered ready? Or do we wait for someone specific?