Commit ac90030
authored
chore: upgrade js-yaml to v4 and resolve Docker vulnerabilities (#10677)
* chore: upgrade js-yaml to v4 and resolve Docker vulnerabilities
### Description
This change upgrades `js-yaml` from version 3 to version 4 to address a security vulnerability (CVE-2026-53550).
To make the codebase compatible with the new major version of `js-yaml`:
- Replaced deprecated `safeLoad` calls with `load` (safe by default in v4).
- Replaced deprecated `safeDump` calls with `dump`.
- Added casts where needed as `load` in v4 returns `unknown` instead of `any`.
- Added package overrides in `scripts/publish/firebase-docker-image/package.json` to enforce vulnerability-free versions of `js-yaml` (`^4.2.0`) and `@opentelemetry/core` (`^2.8.0`) during the Docker image build.
- Regenerated `npm-shrinkwrap.json`.
### Scenarios Tested
- Ran unit tests locally: `npm run test:compile`, `npx mocha -r ts-node/register src/appdistribution/yaml_helper.spec.ts src/init/features/dataconnect/resolver.spec.ts src/init/features/dataconnect/sdk.spec.ts src/mcp/tools/apptesting/tests.spec.ts`. All passed.
- Built and published the Docker image to the staging repository: `./scripts/publish/firebase-docker-image/run.sh --build-project fir-tools-builds --repo staging --target firebase-cli`.
- Verified that the new container image vulnerability report is completely free of vulnerabilities in `@opentelemetry/core` and `js-yaml`.
### Sample Commands
`gcloud artifacts vulnerabilities list us-docker.pkg.dev/firebase-cli/staging/firebase@sha256:5a92b73fc382923834fc396eccbd11ac60c7ae69fecf1df293acf7a1670d7f4f`
* chore: address review feedback and align npm-shrinkwrap formatting
* chore: add @opentelemetry/core override to root package.json1 parent 2da66b6 commit ac90030
8 files changed
Lines changed: 215 additions & 182 deletions
File tree
- scripts/publish/firebase-docker-image
- src
- appdistribution
- init/features/dataconnect
- mcp/tools/apptesting
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
139 | 139 | | |
140 | 140 | | |
141 | 141 | | |
142 | | - | |
| 142 | + | |
143 | 143 | | |
144 | 144 | | |
145 | 145 | | |
| |||
198 | 198 | | |
199 | 199 | | |
200 | 200 | | |
201 | | - | |
| 201 | + | |
202 | 202 | | |
203 | 203 | | |
204 | 204 | | |
| |||
286 | 286 | | |
287 | 287 | | |
288 | 288 | | |
| 289 | + | |
289 | 290 | | |
290 | 291 | | |
291 | 292 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
11 | 13 | | |
12 | 14 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
70 | | - | |
| 70 | + | |
71 | 71 | | |
72 | 72 | | |
73 | 73 | | |
| |||
167 | 167 | | |
168 | 168 | | |
169 | 169 | | |
170 | | - | |
| 170 | + | |
171 | 171 | | |
172 | 172 | | |
173 | 173 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
51 | | - | |
| 51 | + | |
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
| |||
100 | 100 | | |
101 | 101 | | |
102 | 102 | | |
103 | | - | |
| 103 | + | |
104 | 104 | | |
105 | 105 | | |
106 | 106 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
341 | 341 | | |
342 | 342 | | |
343 | 343 | | |
344 | | - | |
| 344 | + | |
345 | 345 | | |
346 | 346 | | |
347 | 347 | | |
| |||
368 | 368 | | |
369 | 369 | | |
370 | 370 | | |
371 | | - | |
| 371 | + | |
372 | 372 | | |
373 | 373 | | |
374 | 374 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
609 | 609 | | |
610 | 610 | | |
611 | 611 | | |
612 | | - | |
613 | | - | |
| 612 | + | |
| 613 | + | |
614 | 614 | | |
615 | 615 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
8 | | - | |
| 8 | + | |
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| |||
0 commit comments