Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump semver and firebase-admin in /functions #143

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 25, 2023

Bumps semver to 7.5.3 and updates ancestor dependency firebase-admin. These dependencies need to be updated together.

Updates semver from 7.3.5 to 7.5.3

Release notes

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

Features

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

Bug Fixes

... (truncated)

Commits
  • 7fdf1ef chore: release 7.5.3
  • bf53dd8 docs: add example for > comparator (#569)
  • abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
  • e7b78de chore: release 7.5.2
  • 58c791f fix: diff when detecting major change from prerelease (#566)
  • 5c8efbc fix: preserve build in raw after inc (#565)
  • 717534e fix: better handling of whitespace (#564)
  • 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
  • aa016a6 chore: release 7.5.1
  • d30d25a fix: show type on invalid semver error (#559)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates firebase-admin from 10.0.0 to 11.9.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v11.9.0

New Features

  • feat(auth): Add Password Policies support in Project and Tenant config (#2107)

Bug Fixes

  • fix(firestore): Export Filter type from Firestore (#2192)

Miscellaneous

  • [chore] Release 11.9.0 (#2196)
  • build(deps-dev): bump yargs from 17.7.1 to 17.7.2 (#2199)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2200)
  • build(deps-dev): bump @​types/firebase-token-generator (#2201)
  • chore: Upgrade Firestore to v6.6.0 (#2193)
  • fix Unsafe JavaScript Equality Checking (#2183)
  • build(deps-dev): bump nock from 13.3.0 to 13.3.1 (#2187)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2188)
  • build(deps-dev): bump eslint from 8.40.0 to 8.41.0 (#2189)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2182)
  • build(deps-dev): bump @​types/chai from 4.3.4 to 4.3.5 (#2178)
  • build(deps-dev): bump eslint from 8.39.0 to 8.40.0 (#2177)
  • chore: Pin firebase-tools@11.30.0 to fix the CIs (#2185)

Firebase Admin Node.js SDK v11.8.0

New Features

  • feat(appcheck): Added replay protection feature to App Check verifyToken() API (#2148)

Miscellaneous

  • [chore] Release 11.8.0 (#2175)
  • build(deps-dev): bump @​firebase/auth-compat from 0.3.7 to 0.4.1 (#2173)
  • build(deps): bump @​types/node from 18.16.1 to 18.16.3 (#2172)
  • build(deps-dev): bump @​typescript-eslint/parser from 5.59.0 to 5.59.2 (#2171)
  • build(deps): bump @​types/node from 18.15.11 to 18.16.1 (#2166)
  • build(deps-dev): bump eslint from 8.38.0 to 8.39.0 (#2160)
  • build(deps-dev): bump sinon from 15.0.3 to 15.0.4 (#2162)

Firebase Admin Node.js SDK v11.7.0

New Features

  • feat(auth): reCAPTCHA Public preview (#2129)
  • feat(fcm): Add sendEach and sendEachForMulticast for FCM batch send (#2138)

Miscellaneous

  • [chore] Release 11.7.0 (#2158)
  • build(deps-dev): bump @​types/sinon from 10.0.13 to 10.0.14 (#2157)

... (truncated)

Commits
  • 2cff5b2 [chore] Release 11.9.0 (#2196)
  • 2335bed build(deps-dev): bump yargs from 17.7.1 to 17.7.2 (#2199)
  • d17e47c build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2200)
  • 22be7ed build(deps-dev): bump @​types/firebase-token-generator (#2201)
  • d250310 chore: Upgrade Firestore to v6.6.0 (#2193)
  • d563011 fix Unsafe JavaScript Equality Checking (#2183)
  • 52904f6 fix(firestore): Export Filter type from Firestore (#2192)
  • c87f8a5 feat(auth): Add Password Policies support in Project and Tenant config (#2107)
  • ce6b13c build(deps-dev): bump nock from 13.3.0 to 13.3.1 (#2187)
  • e2ecef4 build(deps-dev): bump @​typescript-eslint/eslint-plugin (#2188)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [semver](https://github.com/npm/node-semver) to 7.5.3 and updates ancestor dependency [firebase-admin](https://github.com/firebase/firebase-admin-node). These dependencies need to be updated together.


Updates `semver` from 7.3.5 to 7.5.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.3.5...v7.5.3)

Updates `firebase-admin` from 10.0.0 to 11.9.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Commits](firebase/firebase-admin-node@v10.0.0...v11.9.0)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
- dependency-name: firebase-admin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from aravindvnair99 as a code owner June 25, 2023 04:59
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 25, 2023
@guardrails
Copy link

guardrails bot commented Jun 25, 2023

⚠️ We detected 6 security issues in this pull request:

Vulnerable Libraries (6)
Severity Details
Medium bootstrap@3.3.5 upgrade to: >3.4.0
Medium jquery@1.11.3 upgrade to: >3.5.0
Informational pkg:npm/firebase-functions@3.16.0@3.16.0 (t) upgrade to: 3.1.0
High pkg:npm/firebase-admin@11.9.0@11.9.0 (t) upgrade to: 3.0.5
High pkg:npm/ejs@3.1.6@3.1.6 (t) upgrade to: 3.0.5
Informational pkg:npm/express@4.18.2@4.18.2 (t) upgrade to: 3.1.0

More info on how to fix Vulnerable Libraries in JavaScript.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file size/XS
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant