You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Admin SDK has no direct dependencies to node-fetch. I think node-fetch is a transient dependency of @google-cloud/storage. Please update your @google-cloud/storage module to 5.18.3. #1625 also updates the package.json and will be included in the next release. Thanks!
Vulnerable Library - node-fetch-2.6.1.tgz
A light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-fetch/package.json
Dependency Hierarchy:
firebase-admin-10.0.2.tgz (Root Library)
storage-5.3.0.tgz
gaxios-3.2.0.tgz
❌ node-fetch-2.6.1.tgz (Vulnerable Library)
Vulnerability Details
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
The text was updated successfully, but these errors were encountered: