[Snyk] Security upgrade firebase-tools from 3.18.4 to 11.21.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	663/1000 Why? Currently trending on Twitter, Has a fix available, CVSS 7.7	Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	Yes	No Known Exploit
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: firebase-tools

The new version differs by 250 commits.

• a0f1a7f 11.21.0
• 1a8633a Remove go discovery module. (#5419)
• 811c7b4 Fix typo. (#5439)
• 661b3aa Add support for new links added to the release object (release links) (#5405) (#5438)
• 6ed2e7f update jsonwebtoken in v2 test fixture (#5435)
• c52ae18 Added status header for query upload requests (#5425)
• 1756213 Add support for system params when deploying extensions (#5414)
• 177c99d audit fixes, replace update-notifier with update-notifier-cjs (#5420)
• a1287dd Bump jsonwebtoken from 8.5.1 to 9.0.0 (#5410)
• 127ca3f Bug fix: Cloud Functions Runtime Config Hash Value (#5355)
• b501f07 update script dependencies (#5409)
• abcaaab Upgrade Storage rules runtime to v1.1.3 (ternary operators) (#5398)
• 9c2eeba Fix bug where CLI was unable to deploy Firebase Functions in some monorepo setups (#5391)
• 68bdfa7 [firebase-release] Removed change log and reset repo after 11.20.0 release
• cb8cbb7 11.20.0
• 75b3dbe Upgrade ES UI to 1.11.2. (#5394)
• a010a78 Fixes issue where secrets would be undefined in after hot reload in sequential mode (#5397)
• 1f2d8db upgrade superstatic (#5389)
• ffb09f8 Pubsub force shutdown if shutdown isn't working. (#5294)
• dfea3a5 Merge branch 'master' into master
• 09d1f1f Rename internal package name to avoid triggering vuln scan. (#5375)
• f7dbd3a Adjust from localhost to 127.0.0.1 to avoid some IP loookup issues. (#5358)
• 2957b11 Update custom_claims type to match production (#5353)
• 8fa08b2 Merge pull request #5386 from firebase/next

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Use of a Broken or Risky Cryptographic Algorithm