Skip to content

fix(deps): update dependency firebase to v10 [security] #353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency firebase to v10 [security] #353

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 18, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
firebase (source, changelog) ^9.0.0 -> ^10.0.0 age confidence

GitHub Vulnerability Alerts

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.

Release Notes

firebase/firebase-js-sdk (firebase)

v10.9.0

Compare Source

v10.8.1

Compare Source

v10.8.0

Compare Source

v10.7.2

Compare Source

v10.7.1

Compare Source

v10.7.0

Compare Source

v10.6.0

Compare Source

v10.5.2

Compare Source

v10.5.1

Compare Source

v10.5.0

Compare Source

v10.4.0

Compare Source

v10.3.1

Compare Source

v10.3.0

Compare Source

v10.2.0

Compare Source

v10.1.0

Compare Source

v10.0.0

Compare Source

v9.23.0

Compare Source

v9.22.2

Compare Source

v9.22.1

Compare Source

v9.22.0

Compare Source

v9.21.0

Compare Source

v9.20.0

Compare Source

v9.19.1

Compare Source

v9.19.0

Compare Source

v9.18.0

Compare Source

v9.17.2

Compare Source

v9.17.1

Compare Source

v9.17.0

Compare Source

v9.16.0

Compare Source

v9.15.0

Compare Source

v9.14.0

Compare Source

v9.13.0

Compare Source

v9.12.1

Compare Source

v9.12.0

Compare Source

v9.11.0

Compare Source

v9.10.0

Compare Source

v9.9.4

Compare Source

v9.9.3

Compare Source

v9.9.0

Compare Source

v9.8.4

Compare Source

v9.8.3

Compare Source

v9.8.2

Compare Source

v9.8.1

Compare Source

v9.8.0

Compare Source

v9.7.0

Compare Source

v9.6.11

Compare Source

v9.6.10

Compare Source

v9.6.9

Compare Source

v9.6.8

Compare Source

v9.6.7

Compare Source

v9.6.6

Compare Source

v9.6.5

Compare Source

v9.6.4

Compare Source

v9.6.3

Compare Source

v9.6.2

Compare Source

v9.6.1

Compare Source

v9.6.0

Compare Source

v9.5.0

Compare Source

v9.4.1

Compare Source

v9.4.0

Compare Source

v9.3.0

Compare Source

v9.2.0

Compare Source

v9.1.3

Compare Source

v9.1.2

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

v9.0.2

Compare Source

v9.0.1

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title fix(deps): update dependency firebase to v10 [security] fix(deps): update dependency firebase to v10 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-firebase-vulnerability branch December 8, 2024 18:37
@renovate renovate bot changed the title fix(deps): update dependency firebase to v10 [security] - autoclosed fix(deps): update dependency firebase to v10 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch 2 times, most recently from b5f6f1f to 5372a2e Compare December 10, 2024 16:32
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 5372a2e to e4ab619 Compare January 23, 2025 12:23
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from e4ab619 to d5a7f20 Compare May 2, 2025 22:05
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch 2 times, most recently from b52c496 to 384bcb0 Compare May 16, 2025 23:40
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 384bcb0 to 5d82f22 Compare June 21, 2025 00:13
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 5d82f22 to 15b961d Compare August 10, 2025 12:36
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 15b961d to dc07b6a Compare August 19, 2025 14:44
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from dc07b6a to 973e478 Compare August 31, 2025 13:10
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 973e478 to 057d814 Compare September 22, 2025 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants