[Snyk] Upgrade firebase-admin from 11.3.0 to 12.1.1

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade firebase-admin from 11.3.0 to 12.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	265	Proof of Concept
	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	265	Proof of Concept
	Resource Exhaustion SNYK-JS-JOSE-6419224	265	No Known Exploit
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	265	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	265	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	265	No Known Exploit
	Uncontrolled Resource Consumption SNYK-JS-GRPCGRPCJS-7242922	265	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	265	Proof of Concept

Release notes

Package name: firebase-admin

• 12.1.1 - 2024-05-21
  

  Bug Fixes

  • fix: Export error classes (#2151)

  Miscellaneous

  • [chore] Release 12.1.1 (#2561)
  • build(deps): updgrade jwks-rsa (#2570)
  • --- (#2568)
  • --- (#2566)
  • --- (#2567)
  • --- (#2569)
  • build(deps-dev): bump @ firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
  • chore: upgrade firestore to 7.7.0 (#2560)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
  • build(deps): bump @ google-cloud/firestore from 7.6.0 to 7.7.0 (#2558)
  • Fix api extractor issues to expose error types (#2549)
  • build(deps-dev): bump @ types/lodash from 4.17.0 to 4.17.1 (#2546)
  • build(deps): bump @ google-cloud/storage from 7.10.2 to 7.11.0 (#2547)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.43.1 to 7.43.2 (#2545)
  • build(deps): bump @ types/node from 20.12.7 to 20.12.10 (#2544)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.31 to 0.2.32 (#2540)
  • build(deps): bump @ google-cloud/storage from 7.10.1 to 7.10.2 (#2541)
  • build(deps): bump @ google-cloud/storage from 7.10.0 to 7.10.1 (#2536)
  • Update package.json to use farmhash 3.3.1 (#2534)
• 12.1.0 - 2024-04-16
  

  New Features

  • feat(rc): Add server side Remote Config support (#2529)

  Miscellaneous

  • [chore] Release 12.1.0 (#2532)
  • Fix minor typo (#2533)
  • chore: Excluding certain event_types from processing uid (#2370)
  • build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
  • build(deps): bump @ google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
  • build(deps): bump undici in /.github/actions/send-email (#2521)
  • build(deps-dev): bump @ firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
  • build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
  • build(deps): bump @ types/node from 20.11.30 to 20.12.2 (#2516)
  • build(deps): bump @ google-cloud/firestore from 7.4.0 to 7.5.0 (#2517)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.28 to 0.2.29 (#2510)
  • build(deps): bump @ google-cloud/storage from 7.7.0 to 7.9.0 (#2509)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.42.3 to 7.43.0 (#2511)
  • build(deps): bump @ types/node from 20.11.24 to 20.11.30 (#2508)
  • [chore] Fixed links to rtdb api docs (#2501)
  • issue 2467: add async to send each loop to prevent local validation from throwing in an unknown state (#2469)
  • build(deps): bump @ fastify/busboy from 2.1.0 to 2.1.1 (#2491)
  • build(deps): bump follow-redirects in /.github/actions/send-email (#2497)
  • build(deps): bump @ google-cloud/firestore from 7.3.0 to 7.4.0 (#2499)
  • build(deps): bump jose from 4.15.4 to 4.15.5 (#2489)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.42.0 to 7.42.3 (#2485)
  • build(deps): bump @ types/node from 20.11.19 to 20.11.24 (#2484)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.27 to 0.2.28 (#2483)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.40.3 to 7.42.0 (#2480)
  • build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2473)
  • build(deps-dev): bump nock from 13.5.3 to 13.5.4 (#2475)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.40.1 to 7.40.3 (#2465)
  • build(deps-dev): bump nock from 13.5.1 to 13.5.3 (#2463)
  • build(deps): bump @ types/node from 20.11.17 to 20.11.19 (#2464)
  • build(deps): bump undici in /.github/actions/send-email (#2459)
  • build(deps): bump @ types/node from 20.11.5 to 20.11.17 (#2455)
  • build(deps-dev): bump mocha from 10.2.0 to 10.3.0 (#2454)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.39.4 to 7.40.1 (#2452)
  • [chore] Update Github action workflows to fix node version and set-output deprecation warnings (#2431)
  • [chore] Bump mailgun.js to v10.1.0 (#2451)
  • build(deps): bump @ google-cloud/firestore from 7.1.0 to 7.3.0 (#2446)
  • build(deps-dev): bump @ types/uuid from 9.0.7 to 9.0.8 (#2445)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.25 to 0.2.27 (#2443)
  • build(deps-dev): bump @ types/sinon from 17.0.2 to 17.0.3 (#2442)
  • [chore] Bump @ actions/core to ^1.10.1 to remove set-output warning and set action to use Node 20 (#2432)
  • build(deps-dev): bump ts-node from 10.9.1 to 10.9.2 (#2435)
  • build(deps-dev): bump @ firebase/api-documenter from 0.3.0 to 0.4.0 (#2433)
  • build(deps-dev): bump nock from 13.4.0 to 13.5.1 (#2434)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.39.0 to 7.39.4 (#2436)
  • build(deps-dev): bump eslint from 8.55.0 to 8.56.0 (#2422)
  • build(deps-dev): bump chai from 4.3.10 to 4.4.1 (#2424)
  • build(deps): bump @ types/node from 20.10.6 to 20.11.5 (#2428)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.38.4 to 7.39.0 (#2416)
  • build(deps): bump @ fastify/busboy from 1.2.1 to 2.1.0 (#2406)
  • build(deps): bump @ types/node from 20.10.3 to 20.10.6 (#2417)
  • chore: Update Firebase integration test project setup instructions. (#2395)
• 12.0.0 - 2023-12-07
  

  • Breaking change: Upgraded the @ google-cloud/firestore package to v7. This is a breaking change. Refer to the Cloud Firestore release notes for more details.

  • Breaking change: Upgraded the @ google-cloud/storage package to v7. This is a breaking change. Refer to the Cloud Storage release notes for more details.

  • Breaking change: Upgraded TypeScript to v5.1.6.

  • Deprecated support for Node.js 14. Instead use Node.js 16 or higher when deploying the Admin SDK. Node.js 14 support will be dropped in the next major version.

  • Upgraded the google-cloud/firestore dependency to v7.1.0 to support sum() and `average() aggregation functions.

  • Upgraded the @ firebase/database-compat package to v1.

  • Dropped AutoML model support (#1974)

  Bug Fixes

  • fix(firestore): Export new aggregate types (#2396)

  Miscellaneous

  • [chore] Release 12.0.0 (#2404)
  • chore: Deprecate Node.js 14 (#2397)
  • build(deps): Bump typescript, database-compat (#2403)
  • build(deps-dev): bump @ types/firebase-token-generator (#2399)
  • build(deps-dev): bump sinon and @ types/sinon (#2398)
  • build(deps-dev): bump @ types/mocha from 10.0.1 to 10.0.6 (#2400)
  • build(deps-dev): bump @ types/minimist from 1.2.2 to 1.2.5 (#2389)
  • build(deps-dev): bump @ types/request from 2.48.8 to 2.48.12 (#2390)
  • chore(deps): bump google-cloud/firestore and google-cloud/storage
• 11.11.1 - 2023-11-23
  

  Miscellaneous

  • [chore] Release 11.11.1 (#2387)
  • build(deps): bump jwks-rsa from 3.0.1 to 3.1.0 (#2381)
  • chore(deps): bump google-cloud/firestore to 6.8.0 (#2385)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.36.3 to 7.38.3 (#2380)
  • build(deps-dev): bump @ types/sinon-chai from 3.2.9 to 3.2.12 (#2366)
  • build(deps-dev): bump @ babel/traverse from 7.21.4 to 7.23.2 (#2343)
  • build(deps-dev): bump eslint from 8.50.0 to 8.51.0 (#2330)
  • build(deps-dev): bump @ types/firebase-token-generator (#2322)
  • Bug Fix for issue #2320 (#2321)
• 11.11.0 - 2023-09-28
  

  New Features

  • feat(auth): Add Email Privacy support in Project and Tenant config (#2198)

  Miscellaneous

  • [chore] Release 11.11.0 (#2315)
  • build(deps-dev): bump @ types/lodash from 4.14.197 to 4.14.199 (#2309)
  • build(deps-dev): bump eslint from 8.47.0 to 8.50.0 (#2311)
  • Update github.ref value in release.yml (#2313)
  • build(deps-dev): bump nock from 13.3.2 to 13.3.3 (#2288)
  • build(deps-dev): bump bcrypt from 5.1.0 to 5.1.1 (#2289)
  • build(deps-dev): bump eslint from 8.43.0 to 8.47.0 (#2279)
  • build(deps-dev): bump @ types/lodash from 4.14.195 to 4.14.197 (#2280)
  • build(deps-dev): bump @ typescript-eslint/eslint-plugin (#2282)
  • build(deps-dev): bump nock from 13.3.1 to 13.3.2 (#2270)
  • build(deps-dev): bump @ firebase/auth-compat from 0.4.3 to 0.4.4 (#2273)
  • build(deps-dev): bump @ typescript-eslint/parser from 5.59.9 to 5.62.0 (#2264)
  • build(deps): bump @ google-cloud/firestore from 6.6.1 to 6.7.0 (#2265)
  • build(deps-dev): bump @ types/uuid from 9.0.1 to 9.0.2 (#2267)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.13 to 0.2.15 (#2263)
  • build(deps): bump @ google-cloud/storage from 6.11.0 to 6.12.0 (#2253)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.36.1 to 7.36.3 (#2261)
  • build(deps): bump word-wrap from 1.2.3 to 1.2.4 (#2256)
  • build(deps): bump @ types/node from 20.3.2 to 20.4.2 (#2255)
  • build(deps-dev): bump @ firebase/auth-compat from 0.4.2 to 0.4.3 (#2252)
• 11.10.1 - 2023-07-13
  

  Miscellaneous

  • [chore] Release 11.10.1 (#2248)
  • Revert "chore: upgrade databse-compat (#2244)" (#2247)
• 11.10.0 - 2023-07-12
  

  New Features

  • feat(functions): Add features to task queue functions (#2216)
  • feat(auth): Add TotpInfo field to UserRecord (#2197)
  • feat(storage): Add getDownloadUrl method to the Storage API (#2036)

  Bug Fixes

  • fix: Update TOTP docstrings (#2245)

  Miscellaneous

  • [chore] Release 11.10.0 (#2246)
  • chore: upgrade databse-compat (#2244)
  • build(deps): bump semver from 5.7.1 to 5.7.2 (#2242)
  • build(deps-dev): bump @ microsoft/api-extractor from 7.36.0 to 7.36.1 (#2239)
  • build(deps-dev): bump sinon from 15.0.4 to 15.2.0 (#2240)
  • Fixed docgen for getDownloadURL (#2241)
  • Fix Memory Leak in AsyncHttpCall affecting auth.listUsers (#2236)
  • build(deps): bump @ google-cloud/storage from 6.9.5 to 6.11.0 (#2231)
  • build(deps): bump @ google-cloud/firestore from 6.6.0 to 6.6.1 (#2232)
  • build(deps-dev): bump @ firebase/app-compat from 0.2.7 to 0.2.13 (#2233)
  • Fixes to password ...

[guardrails]

⚠️ We detected 8 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 750564c path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 750564c result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

Vulnerable Libraries (6)

Severity	Details
Medium	pkg:npm/axios@0.25.0 upgrade to: 1.6.0
N/A	pkg:npm/ejs@3.1.7 upgrade to: 3.1.10
High	pkg:npm/firebase-functions@4.2.1 upgrade to: > 4.2.1
Critical	pkg:npm/firebase-admin@12.1.1 upgrade to: > 12.1.1
High	pkg:npm/busboy@0.3.1 upgrade to: > 0.3.1
Critical	pkg:npm/@tensorflow/tfjs-node@3.14.0 upgrade to: > 3.14.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.