New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency firebase to v10 [security] #353

Open

renovate wants to merge 1 commit into master from renovate/npm-firebase-vulnerability

Contributor

renovate bot commented Nov 18, 2024

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
firebase (source, changelog)	`^9.0.0` -> `^10.0.0`

GitHub Vulnerability Alerts

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.

Release Notes

firebase/firebase-js-sdk (firebase)

`v10.9.0`

`v10.8.1`

`v10.8.0`

`v10.7.2`

`v10.7.1`

`v10.7.0`

`v10.6.0`

`v10.5.2`

`v10.5.1`

`v10.5.0`

`v10.4.0`

`v10.3.1`

`v10.3.0`

`v10.2.0`

`v10.1.0`

`v10.0.0`

`v9.23.0`

`v9.22.2`

`v9.22.1`

`v9.22.0`

`v9.21.0`

`v9.20.0`

`v9.19.1`

`v9.19.0`

`v9.18.0`

`v9.17.2`

`v9.17.1`

`v9.17.0`

`v9.16.0`

`v9.15.0`

`v9.14.0`

`v9.13.0`

`v9.12.1`

`v9.12.0`

`v9.11.0`

`v9.10.0`

`v9.9.4`

`v9.9.3`

`v9.9.0`

`v9.8.4`

`v9.8.3`

`v9.8.2`

`v9.8.1`

`v9.8.0`

`v9.7.0`

`v9.6.11`

`v9.6.10`

`v9.6.9`

`v9.6.8`

`v9.6.7`

`v9.6.6`

`v9.6.5`

`v9.6.4`

`v9.6.3`

`v9.6.2`

`v9.6.1`

`v9.6.0`

`v9.5.0`

`v9.4.1`

`v9.4.0`

`v9.3.0`

`v9.2.0`

`v9.1.3`

`v9.1.2`

`v9.1.1`

`v9.1.0`

`v9.0.2`

`v9.0.1`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot changed the title ~~fix(deps): update dependency firebase to v10 [security]~~ fix(deps): update dependency firebase to v10 [security] - autoclosed

renovate bot closed this

renovate bot deleted the renovate/npm-firebase-vulnerability branch

December 8, 2024 18:37

renovate bot changed the title ~~fix(deps): update dependency firebase to v10 [security] - autoclosed~~ fix(deps): update dependency firebase to v10 [security]

renovate bot reopened this

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 12ef5f7 to b5f6f1f Compare

December 8, 2024 22:37


          fix(deps): update dependency firebase to v10 [security]

5372a2e

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from b5f6f1f to 5372a2e Compare

December 10, 2024 16:32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet