Skip to content

Bump the npm_and_yarn group across 1 directories with 11 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group across 1 directories with 11 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 20, 2024

Bumps the npm_and_yarn group with 5 updates in the /functions/functions directory:

Package From To
@firebase/util 0.3.1 1.9.4
firebase-admin 9.1.1 9.12.0
jsonwebtoken 8.5.1 9.0.2
firebase-admin 9.12.0 12.0.0
qs 6.7.0 6.11.0
express 4.17.1 4.18.2

Updates @firebase/util from 0.3.1 to 1.9.4

Changelog

Sourced from @​firebase/util's changelog.

1.9.4

Patch Changes

1.9.3

Patch Changes

  • c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

  • d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

  • 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

  • 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

  • d4114a4f7 #6874 (fixes #6838) - Reformat a comment that causes compile errors in some build toolchains.

1.8.0

Minor Changes

Patch Changes

  • c20633ed3 #6841 - Fix for third party window content that cannot access IndexedDB if the browser is set to never accept third party cookies on Firefox.

1.7.3

Patch Changes

... (truncated)

Commits

Updates firebase-admin from 9.1.1 to 9.12.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v9.12.0

New Features

  • feat(rc): Add Remote Config Parameter Value Type Support (#1424)

Bug Fixes

  • fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours (#1439)
  • fix(rtdb): Changed admin.database to use database-compat package (#1437)

Miscellaneous

  • [chore] Release 9.12.0 (#1442)
  • Pin @​types/jsonwebtoken to 8.5.1 (#1438)
  • build(deps): bump tar from 6.1.3 to 6.1.11 (#1430)
  • build(deps-dev): bump @​types/lodash from 4.14.171 to 4.14.173 (#1435)
  • build(deps-dev): bump @​microsoft/api-extractor from 7.18.4 to 7.18.7 (#1423)
  • fix typo (#1420)

Firebase Admin Node.js SDK v9.11.1

Bug Fixes

  • fix: Update comments in index files (#1414)
  • fix: Throw error on user disabled and check revoked set true (#1401)

Miscellaneous

  • [chore] Release 9.11.1 (#1415)
  • build(deps): bump path-parse from 1.0.6 to 1.0.7 (#1413)
  • build(deps-dev): bump yargs from 17.0.1 to 17.1.1 (#1412)
  • chore: Add emulator tests to nightlies (#1409)
  • build(deps-dev): bump ts-node from 9.0.0 to 10.2.0 (#1402)
  • build(deps): bump tar from 6.1.0 to 6.1.3 (#1399)
  • build(deps-dev): bump @​microsoft/api-extractor from 7.15.2 to 7.18.4 (#1379)
  • build(deps): bump jwks-rsa from 2.0.3 to 2.0.4 (#1393)
  • build(deps-dev): bump @​types/minimist from 1.2.1 to 1.2.2 (#1388)
  • build(deps-dev): bump @​types/request from 2.48.5 to 2.48.6 (#1387)
  • build(deps-dev): bump @​types/lodash from 4.14.157 to 4.14.171 (#1386)
  • build(deps): bump @​firebase/database from 0.10.6 to 0.10.7 (#1385)
  • build(deps-dev): bump @​types/bcrypt from 2.0.0 to 5.0.0 (#1384)
  • build(deps-dev): bump nock from 13.1.0 to 13.1.1 (#1370)

Firebase Admin Node.js SDK v9.11.0

New Features

  • feat(fac): Add custom TTL options for App Check (#1363)

Miscellaneous

  • [chore] Release 9.11.0 (#1376)

... (truncated)

Commits
  • 137905c [chore] Release 9.12.0 (#1442)
  • a0b71a2 fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours ...
  • 894b04a fix(rtdb): Changed admin.database to use database-compat package (#1437)
  • d96e61b Pin @​types/jsonwebtoken to 8.5.1 (#1438)
  • 8610b94 build(deps): bump tar from 6.1.3 to 6.1.11 (#1430)
  • b4b220c build(deps-dev): bump @​types/lodash from 4.14.171 to 4.14.173 (#1435)
  • 82391d5 feat(rc): Add Remote Config Parameter Value Type Support (#1424)
  • bb1fb6f build(deps-dev): bump @​microsoft/api-extractor from 7.18.4 to 7.18.7 (#1423)
  • 3f432df fix typo (#1420)
  • ceaad33 [chore] Release 9.11.1 (#1415)
  • Additional commits viewable in compare view

Updates @google-cloud/firestore from 4.2.0 to 4.15.1

Release notes

Sourced from @​google-cloud/firestore's releases.

@​google-cloud/firestore v4.15.1

Bug Fixes

@​google-cloud/firestore v4.15.0

Features

Bug Fixes

  • Handles identical document ids from different collections. (#1599) (745b608)

@​google-cloud/firestore v4.14.2

Bug Fixes

@​google-cloud/firestore v4.14.1

Bug Fixes

  • avoid destructuring undefined timestamps (#1575) (a61a24a)

v4.14.0

Features

  • add "NON_EMPTY_DEFAULT" FieldBehavior (#1554) (8d9c503)
  • allow UnhandledPromiseRejection errors in BulkWriter if no error handler is specified (#1572) (e862ac8)

v4.13.2

Bug Fixes

  • deps: google-gax v2.17.1 (#1557) (866bd25)
  • lower batch size on BulkWriter retry to stay under throughput limits (#1556) (f17a36e)

v4.13.1

Bug Fixes

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

4.15.1 (2021-09-03)

Bug Fixes

4.15.0 (2021-08-26)

Features

Bug Fixes

  • Handles identical document ids from different collections. (#1599) (745b608)

4.14.2 (2021-08-17)

Bug Fixes

4.14.1 (2021-08-02)

Bug Fixes

  • avoid destructuring undefined timestamps (#1575) (a61a24a)

4.14.0 (2021-07-30)

Features

  • add "NON_EMPTY_DEFAULT" FieldBehavior (#1554) (8d9c503)
  • allow UnhandledPromiseRejection errors in BulkWriter if no error handler is specified (#1572) (e862ac8)

4.13.2 (2021-07-14)

Bug Fixes

  • deps: google-gax v2.17.1 (#1557) (866bd25)
  • lower batch size on BulkWriter retry to stay under throughput limits (#1556) (f17a36e)

4.13.1 (2021-07-01)

... (truncated)

Commits

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

Updates dicer from 0.3.0 to 0.3.1

Commits
  • c64ada8 package: bump version to v0.3.1
  • 0a6700c package: bump dev/non-dev dependency versions
  • fe52713 readme: fix quote
  • a2a0463 readme: update requirements, modernize example
  • 2e369e3 ci: switch to Github Actions
  • ca20fd2 benchmarks: update benchmarking code
  • 01dedb1 lib,test: modernize codebase
  • See full diff in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

  • security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
  • refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

  • fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.


Updates firebase-admin from 9.12.0 to 12.0.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v9.12.0

New Features

  • feat(rc): Add Remote Config Parameter Value Type Support (#1424)

Bug Fixes

  • fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours (#1439)
  • fix(rtdb): Changed admin.database to use database-compat package (#1437)

Miscellaneous

  • [chore] Release 9.12.0 (#1442)
  • Pin @​types/jsonwebtoken to 8.5.1 (#1438)
  • build(deps): bump tar from 6.1.3 to 6.1.11 (#1430)
  • build(deps-dev): bump @​types/lodash from 4.14.171 to 4.14.173 (#1435)
  • build(deps-dev): bump @​microsoft/api-extractor from 7.18.4 to 7.18.7 (#1423)
  • fix typo (#1420)

Firebase Admin Node.js SDK v9.11.1

Bug Fixes

  • fix: Update comments in index files (#1414)
  • fix: Throw error on user disabled and check revoked set true (#1401)

Miscellaneous

  • [chore] Release 9.11.1 (#1415)
  • build(deps): bump path-parse from 1.0.6 to 1.0.7 (#1413)
  • build(deps-dev): bump yargs from 17.0.1 to 17.1.1 (#1412)
  • chore: Add emulator tests to nightlies (#1409)
  • build(deps-dev): bump ts-node from 9.0.0 to 10.2.0 (#1402)
  • build(deps): bump tar from 6.1.0 to 6.1.3 (#1399)
  • build(deps-dev): bump @​microsoft/api-extractor from 7.15.2 to 7.18.4 (#1379)
  • build(deps): bump jwks-rsa from 2.0.3 to 2.0.4 (#1393)
  • build(deps-dev): bump @​types/minimist from 1.2.1 to 1.2.2 (#1388)
  • build(deps-dev): bump @​types/request from 2.48.5 to 2.48.6 (#1387)
  • build(deps-dev): bump @​types/lodash from 4.14.157 to 4.14.171 (#1386)
  • build(deps): bump @​firebase/database from 0.10.6 to 0.10.7 (#1385)
  • build(deps-dev): bump @​types/bcrypt from 2.0.0 to 5.0.0 (#1384)
  • build(deps-dev): bump nock from 13.1.0 to 13.1.1 (#1370)

Firebase Admin Node.js SDK v9.11.0

New Features

  • feat(fac): Add custom TTL options for App Check (#1363)

Miscellaneous

  • [chore] Release 9.11.0 (#1376)

... (truncated)

Commits
  • 137905c [chore] Release 9.12.0 (#1442)
  • a0b71a2 fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours ...
  • 894b04a fix(rtdb): Changed admin.database to use database-compat package (#1437)
  • d96e61b Pin @​types/jsonwebtoken to 8.5.1 (#1438)
  • 8610b94 build(deps): bump tar from 6.1.3 to 6.1.11 (#1430)
  • b4b220c build(deps-dev): bump @​types/lodash from 4.14.171 to 4.14.173 (#1435)
  • 82391d5 feat(rc): Add Remote Config Parameter Value Type Support (#1424)
  • bb1fb6f build(deps-dev): bump @​microsoft/api-extractor from 7.18.4 to 7.18.7 (#1423)
  • 3f432df fix typo (#1420)
  • ceaad33 [chore] Release 9.11.1 (#1415)
  • Additional commits viewable in compare view

Updates semver from 5.7.1 to 7.6.0

Release notes

Sourced from semver's releases.

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.0 (2024-01-31)

Features

Chores

7.5.4 (2023-07-07)

Bug Fixes

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

... (truncated)

Commits
  • 377f709 chore: release 7.6.0 (#661)
  • a7ab13a feat: preserve pre-release and build parts of a version on coerce (#671)
  • 816c7b2 chore: postinstall for dependabot template-oss PR
  • 0bd24d9 chore: bump @​npmcli/template-oss from 4.21.1 to 4.21.3
  • e521932 chore: postinstall for dependabot template-oss PR
  • 8873991 chore: chore: chore: postinstall for dependabot template-oss PR
  • f317dc8 chore: bump @​npmcli/template-oss from 4.19.0 to 4.21.0
  • 7303db1 chore: add clean() test for build metadata (#658)
  • 6240d75 chore: add missing quotes in README.md (#656)
  • 14d263f chore: postinstall for dependabot template-oss PR
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates node-forge from 0.9.1 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

  • RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

  • Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
  • HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • MEDIUM: Leniency in checking type octet.
    • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
    • CVE ID: CVE-2022-24773
    • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

  • [asn1] Add fallback to pretty print invalid UTF8 data.
  • [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
    • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
  • [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

Commits

@dependabot
Bump the npm_and_yarn group across 1 directories with 11 updates
7736c72 
Bumps the npm_and_yarn group with 5 updates in the /functions/functions directory:

| Package | From | To |
| --- | --- | --- |
| [@firebase/util](https://github.com/firebase/firebase-js-sdk/tree/HEAD/packages/util) | `0.3.1` | `1.9.4` |
| [firebase-admin](https://github.com/firebase/firebase-admin-node) | `9.1.1` | `9.12.0` |
| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.2` |
| [firebase-admin](https://github.com/firebase/firebase-admin-node) | `9.12.0` | `12.0.0` |
| [qs](https://github.com/ljharb/qs) | `6.7.0` | `6.11.0` |
| [express](https://github.com/expressjs/express) | `4.17.1` | `4.18.2` |


Updates `@firebase/util` from 0.3.1 to 1.9.4
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/packages/util/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/commits/@firebase/util@1.9.4/packages/util)

Updates `firebase-admin` from 9.1.1 to 9.12.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Commits](firebase/firebase-admin-node@v9.1.1...v9.12.0)

Updates `@google-cloud/firestore` from 4.2.0 to 4.15.1
- [Release notes](https://github.com/googleapis/nodejs-firestore/releases)
- [Changelog](https://github.com/googleapis/nodejs-firestore/blob/main/CHANGELOG.md)
- [Commits](googleapis/nodejs-firestore@v4.2.0...v4.15.1)

Updates `ansi-regex` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v5.0.0...v5.0.1)

Updates `dicer` from 0.3.0 to 0.3.1
- [Commits](mscdex/dicer@v0.3.0...v0.3.1)

Updates `jsonwebtoken` from 8.5.1 to 9.0.2
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.2)

Updates `firebase-admin` from 9.12.0 to 12.0.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Commits](firebase/firebase-admin-node@v9.1.1...v9.12.0)

Updates `semver` from 5.7.1 to 7.6.0
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v7.6.0)

Updates `node-forge` from 0.9.1 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.9.1...v1.3.1)

Updates `protobufjs` from 6.11.3 to 7.2.6
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@v6.11.3...protobufjs-v7.2.6)

Updates `qs` from 6.7.0 to 6.11.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.11.0)

Updates `express` from 4.17.1 to 4.18.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.17.1...4.18.2)

---
updated-dependencies:
- dependency-name: "@firebase/util"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: firebase-admin
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@google-cloud/firestore"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: ansi-regex
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: dicer
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: jsonwebtoken
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: firebase-admin
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: node-forge
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: protobufjs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 20, 2024
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 27, 2024

Superseded by #2.

@dependabot dependabot bot closed this Mar 27, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/functions/functions/npm_and_yarn-security-group-b66946f413 branch March 27, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant