Skip to content

Updating vulnerable firebase-admin version from 10.0.0 -> 12.1.0 #646

Description

@JeronimasDargis

Version
@nuxtjs/firebase: 8.2.2

Hi! 👋

I have noticed that this package is using a vulnerable firebase-admin version. firebase-admin version and its peer dependencies currently used in nuxt/firebase are responsible for multiple critical vulnerabilities.

If you run npm audit you'll find these CVE's being referenced:

GHSA-4g6q-77j7-vvjc
GHSA-h755-8qp9-cq85

I want to propose updating firebase-admin to 12.1.0

diff --git a/node_modules/@nuxtjs/firebase/package.json b/node_modules/@nuxtjs/firebase/package.json
index eb1f421..159d339 100644
--- a/node_modules/@nuxtjs/firebase/package.json
+++ b/node_modules/@nuxtjs/firebase/package.json
@@ -69,6 +69,6 @@
     }
   },
   "optionalDependencies": {
-    "firebase-admin": "^10.0.0"
+    "firebase-admin": "^12.1.0"
   }
 }

This issue body was partially generated by patch-package.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions