[Snyk] Security upgrade firebase-admin from 10.2.0 to 11.4.1

[ashea29]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • functions/package.json
  • functions/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Bidirectional unicode control characters	entities	2.1.0	Location: lib/maps/entities.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Zero width unicode chars	entities	2.1.0	Location: lib/maps/entities.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/app-types	0.9.0	Previous Chronological: @firebase/app-types@0.8.1-canary.734fdcd91 (12/7/2022, 10:25:15 PM) Previous Semver: @firebase/app-types@0.9.0-20221206221533 (12/6/2022, 10:46:39 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/app-types	0.8.1	Previous Chronological: @firebase/app-types@0.8.0-canary.bf7cc8f69 (10/27/2022, 1:22:32 AM) Previous Semver: @firebase/app-types@0.8.1-20221025194556 (10/25/2022, 8:08:50 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	minimatch	5.1.6	Previous Chronological: minimatch@6.1.4 (1/17/2023, 5:46:31 PM) Previous Semver: minimatch@5.1.5 (1/17/2023, 3:04:11 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	minimatch	3.1.2	Previous Chronological: minimatch@5.0.0 (2/15/2022, 4:50:03 PM) Previous Semver: minimatch@3.1.1 (2/13/2022, 4:01:44 AM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/logger	0.3.4	Previous Chronological: @firebase/logger@0.3.3-canary.bf7cc8f69 (10/27/2022, 1:19:40 AM) Previous Semver: @firebase/logger@0.3.4-20221025194556 (10/25/2022, 8:05:46 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	minimist	1.2.8	Previous Chronological: minimist@0.2.3 (2/9/2023, 8:11:17 PM) Previous Semver: minimist@1.2.7 (10/11/2022, 1:21:52 AM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	jose	2.0.6	Previous Chronological: jose@1.28.2 (9/1/2022, 8:01:31 AM) Previous Semver: jose@2.0.5 (4/9/2021, 8:11:36 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	mkdirp	1.0.4	Previous Chronological: mkdirp@0.5.4 (3/23/2020, 5:53:03 PM) Previous Semver: mkdirp@1.0.3 (1/24/2020, 9:00:54 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Environment variable access	mkdirp	1.0.4	Env Vars: Location: lib/path-arg.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	mkdirp	1.0.4	Module: fs Location: lib/opts-arg.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No contributors or author data	mkdirp	1.0.4	Location: package.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/database-compat	0.2.10	Previous Chronological: @firebase/database-compat@0.2.9-canary.bf7cc8f69 (10/27/2022, 1:23:02 AM) Previous Semver: @firebase/database-compat@0.2.10-20221025194556 (10/25/2022, 8:09:21 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/database-types	0.9.17	Previous Chronological: @firebase/database-types@0.9.16-canary.bf7cc8f69 (10/27/2022, 1:22:54 AM) Previous Semver: @firebase/database-types@0.9.17-20221025194556 (10/25/2022, 8:09:12 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	fast-text-encoding	1.0.6	Previous Chronological: fast-text-encoding@0.0.0-empty (8/30/2022, 10:27:59 PM) Previous Semver: fast-text-encoding@1.0.4 (6/20/2022, 11:47:36 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Major refactor	fast-text-encoding	1.0.6	Change Percentage: 104.18 Current Line Count: 13 Previous Line Count: 274 Lines Changed: 299	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No tests	fast-text-encoding	1.0.6	Location: package.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Trivial Package	fast-text-encoding	1.0.6	Location: text.min.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@types/glob	8.1.0	Previous Chronological: @types/glob@5.0.38 (1/20/2023, 10:02:55 AM) Previous Semver: @types/glob@8.0.1 (1/20/2023, 10:02:38 AM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No website	@types/glob	8.1.0	Location: glob/package.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/component	0.5.21	Previous Chronological: @firebase/component@0.5.20-canary.bf7cc8f69 (10/27/2022, 1:19:48 AM) Previous Semver: @firebase/component@0.5.21-20221025194556 (10/25/2022, 8:05:56 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@types/rimraf	3.0.2	Previous Chronological: @types/rimraf@2.0.5 (7/7/2021, 6:07:42 PM) Previous Semver: @types/rimraf@3.0.1 (7/7/2021, 6:07:30 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No website	@types/rimraf	3.0.2	Location: rimraf/package.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	glob	8.1.0	Previous Chronological: glob@7.2.3 (5/15/2022, 2:44:04 PM) Previous Semver: glob@8.0.3 (5/13/2022, 5:08:32 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	glob	8.1.0	Module: fs Location: common.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
URL strings	glob	8.1.0	URL: https://github.com/Upgrading from 4.0.5 to 4.4.0 isaacs/node-glob#167 Location: sync.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	glob	7.2.3	Previous Chronological: glob@8.0.3 (5/13/2022, 5:08:32 PM) Previous Semver: glob@7.2.2 (5/13/2022, 5:07:53 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	glob	7.2.3	Module: fs Location: common.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
URL strings	glob	7.2.3	URL: https://github.com/Upgrading from 4.0.5 to 4.4.0 isaacs/node-glob#167 Location: sync.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/database	0.13.10	Previous Chronological: @firebase/database@0.13.9-canary.bf7cc8f69 (10/27/2022, 1:22:43 AM) Previous Semver: @firebase/database@0.13.10-20221025194556 (10/25/2022, 8:09:02 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/auth-interop-types	0.1.7	Previous Chronological: @firebase/auth-interop-types@0.1.6-canary.bf7cc8f69 (10/27/2022, 1:21:06 AM) Previous Semver: @firebase/auth-interop-types@0.1.7-20221025194556 (10/25/2022, 8:07:20 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Chronological version anomaly	@firebase/util	1.7.3	Previous Chronological: @firebase/util@1.7.2-canary.bf7cc8f69 (10/27/2022, 1:19:32 AM) Previous Semver: @firebase/util@1.7.3-20221025194556 (10/25/2022, 8:05:34 PM)	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Environment variable access	@firebase/util	1.7.3	Env Vars: Location: dist/index.esm5.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Debug access	bluebird	3.7.2	Module: async_hooks Location: js/release/promise.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Environment variable access	bluebird	3.7.2	Env Vars: Location: js/release/util.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Long strings	bluebird	3.7.2	Location: js/release/call_get.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Unmaintained	bluebird	3.7.2	Last Publish: 11/28/2019, 10:55:40 PM	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
URL strings	bluebird	3.7.2	URL: Promise.map Location: js/release/map.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Uses eval	bluebird	3.7.2	Eval Type: Function Location: js/release/call_get.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Debug access	requizzle	0.2.4	Module: module Location: lib/loader.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Dynamic require	requizzle	0.2.4	Location: lib/requizzle.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	requizzle	0.2.4	Module: fs Location: lib/loader.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No v1	requizzle	0.2.4	Location: Package overview	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Dynamic require	escodegen	1.14.3	Location: bin/escodegen.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	escodegen	1.14.3	Module: fs Location: bin/escodegen.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No contributors or author data	escodegen	1.14.3	Location: package.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Unmaintained	escodegen	1.14.3	Last Publish: 8/5/2020, 11:19:25 PM	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Dynamic require	jsdoc	4.0.2	Location: cli.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	jsdoc	4.0.2	Module: fs Location: cli.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
URL strings	jsdoc	4.0.2	URL: https://jsdoc.app/ Location: cli.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Dynamic require	protobufjs-cli	1.1.1	Location: pbjs.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	protobufjs-cli	1.1.1	Module: fs Location: lib/tsd-jsdoc/publish.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Mixed license	protobufjs-cli	1.1.1	License: BSD,BSD-3-Clause	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
No tests	protobufjs-cli	1.1.1	Location: package.json	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Obfuscated require	protobufjs-cli	1.1.1	Location: pbts.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Shell access	protobufjs-cli	1.1.1	Module: child_process Location: pbts.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Dynamic require	yargs	17.7.2	Location: build/index.cjs	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Environment variable access	yargs	17.7.2	Env Vars: Location: build/index.cjs	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	yargs	17.7.2	Module: fs Location: build/index.cjs	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Minified code	yargs	17.7.2	Confidence: 1.00 Location: build/index.cjs	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Obfuscated require	yargs	17.7.2	Location: build/index.cjs	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
URL strings	yargs	17.7.2	URL: https://yargs.js.org/docs/#api-reference-version Location: build/index.cjs	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Environment variable access	uglify-js	3.17.4	Env Vars: UGLIFY_BUG_REPORT Location: tools/node.js	functions/package-lock.json via firebase-admin@11.4.1, firebase-functions@3.21.2
Filesystem access	uglify-js	3.17.4

[socket-security]

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives1	Size	Publisher
firebase-admin	⬆️	10.2.0...11.4.1	environment	+107/-66	39.8 MB	google-wombot

Footnotes

1. https://docs.socket.dev ↩