New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency firebase to v10 [SECURITY] #137

Open

renovate wants to merge 1 commit into master from renovate/npm-firebase-vulnerability

renovate bot commented Nov 19, 2024 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
firebase (source, changelog)	`^7.18.0` -> `^10.9.0`
firebase (source, changelog)	`^8.0.1` -> `^10.9.0`

GitHub Vulnerability Alerts

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.

Release Notes

firebase/firebase-js-sdk (firebase)

`v10.9.0`

`v10.8.1`

`v10.8.0`

`v10.7.2`

`v10.7.1`

`v10.7.0`

`v10.6.0`

`v10.5.2`

`v10.5.1`

`v10.5.0`

`v10.4.0`

`v10.3.1`

`v10.3.0`

`v10.2.0`

`v10.1.0`

`v10.0.0`

`v9.23.0`

`v9.22.2`

`v9.22.1`

`v9.22.0`

`v9.21.0`

`v9.20.0`

`v9.19.1`

`v9.19.0`

`v9.18.0`

`v9.17.2`

`v9.17.1`

`v9.17.0`

`v9.16.0`

`v9.15.0`

`v9.14.0`

`v9.13.0`

`v9.12.1`

`v9.12.0`

`v9.11.0`

`v9.10.0`

`v9.9.4`

`v9.9.3`

`v9.9.0`

`v9.8.4`

`v9.8.3`

`v9.8.2`

`v9.8.1`

`v9.8.0`

`v9.7.0`

`v9.6.11`

`v9.6.10`

`v9.6.9`

`v9.6.8`

`v9.6.7`

`v9.6.6`

`v9.6.5`

`v9.6.4`

`v9.6.3`

`v9.6.2`

`v9.6.1`

`v9.6.0`

`v9.5.0`

`v9.4.1`

`v9.4.0`

`v9.3.0`

`v9.2.0`

`v9.1.3`

`v9.1.2`

`v9.1.1`

`v9.1.0`

`v9.0.2`

`v9.0.1`

`v9.0.0`

`v8.10.1`

`v8.10.0`

`v8.9.1`

`v8.9.0`

`v8.8.1`

`v8.8.0`

`v8.7.1`

`v8.7.0`

`v8.6.8`

`v8.6.7`

`v8.6.6`

`v8.6.5`

`v8.6.4`

`v8.6.3`

`v8.6.2`

`v8.6.1`

`v8.6.0`

`v8.5.0`

`v8.4.3`

`v8.4.2`

`v8.4.1`

`v8.4.0`

`v8.3.3`

`v8.3.2`

`v8.3.1`

`v8.3.0`

`v8.2.10`

`v8.2.9`

`v8.2.8`

`v8.2.7`

`v8.2.6`

`v8.2.5`

`v8.2.4`

`v8.1.2`

`v8.1.1`

`v8.1.0`

`v8.0.2`

`v8.0.1`

`v8.0.0`

`v7.24.0`

`v7.23.0`

`v7.22.1`

`v7.22.0`

`v7.21.1`

`v7.21.0`

`v7.20.0`

`v7.19.1`

`v7.19.0`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from c06320e to ea13659 Compare

December 3, 2024 05:40

renovate bot changed the title ~~Update dependency firebase to v10 [SECURITY]~~ Update dependency firebase to v11 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from ea13659 to 2df5d11 Compare

December 3, 2024 06:14

renovate bot changed the title ~~Update dependency firebase to v11 [SECURITY]~~ Update dependency firebase to v10 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 2df5d11 to e609983 Compare

December 19, 2024 05:56

renovate bot changed the title ~~Update dependency firebase to v10 [SECURITY]~~ Update dependency firebase to v11 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from e609983 to c2b500a Compare

December 21, 2024 20:33

renovate bot changed the title ~~Update dependency firebase to v11 [SECURITY]~~ Update dependency firebase to v10 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from c2b500a to 5dde978 Compare

December 23, 2024 02:52

renovate bot changed the title ~~Update dependency firebase to v10 [SECURITY]~~ Update dependency firebase to v11 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 5dde978 to 2f04c05 Compare

December 24, 2024 23:44

renovate bot changed the title ~~Update dependency firebase to v11 [SECURITY]~~ Update dependency firebase to v10 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 2f04c05 to a06e37d Compare

January 15, 2025 23:09

renovate bot changed the title ~~Update dependency firebase to v10 [SECURITY]~~ Update dependency firebase to v11 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from a06e37d to 380d697 Compare

January 17, 2025 03:39

renovate bot changed the title ~~Update dependency firebase to v11 [SECURITY]~~ Update dependency firebase to v10 [SECURITY]

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 380d697 to 016de85 Compare

January 25, 2025 03:37

renovate bot changed the title ~~Update dependency firebase to v10 [SECURITY]~~ Update dependency firebase to v11 [SECURITY]


          Update dependency firebase to v10 [SECURITY]

0c2fd39

renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 016de85 to 0c2fd39 Compare

January 26, 2025 07:44

renovate bot changed the title ~~Update dependency firebase to v11 [SECURITY]~~ Update dependency firebase to v10 [SECURITY]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet