Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update dependency firebase-tools to v13.6.0 [security] #978

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update dependency firebase-tools to v13.6.0 [security] #978

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 3, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
firebase-tools 13.0.2 -> 13.6.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-4128

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0.

Release Notes

firebase/firebase-tools (firebase-tools)

v13.6.0

Compare Source

  • Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
  • Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
  • Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#​6895)
  • Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#​6917)

v13.5.2

Compare Source

  • Fix hosting rewrite deployment bug for skipped functions (#​6658).

v13.5.1

Compare Source

  • Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#​6874)

v13.5.0

Compare Source

  • Enable dynamic debugger port for functions + support for inspecting multiple codebases (#​6854)
  • Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#​6860)
  • Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
  • v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#​6858)
  • v2 event functions with explicit service accounts trigger eventarc to use that service account (#​6859)

v13.4.1

Compare Source

  • Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
  • Fix demo projects + web frameworks with emulators (#​6737)
  • Fix Next.js static routes with server actions (#​6664)
  • Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#​6801)
  • Make VPC egress settings in functions parameterizeable (#​6843)

v13.4.0

Compare Source

  • Added new commands for managing Firestore backups and restoring databases. (#​6778)
  • Fixed quota attribution for Firebase Auth API calls. (#​6819)

v13.3.1

Compare Source

  • Release Cloud Firestore emulator v1.19.1:
    • Adds support for Datastore Mode to the Firstore Emulator. Adds
      --database-mode flag to gcloud emulator firestore start command. Note
      that this is a preview feature and if you find any bugs, please file them
      here: https://github.com/firebase/firebase-tools/issues.
  • Improve FAH onboarding flow to connect backends with SCMs (#​6764).
  • Fixed issue where GitHub actions would fail due to lack of permission. (#​6791)

v13.3.0

Compare Source

  • Improved detection for when login has expired due to Google Cloud Session Control. (#​1846)
  • Added support for Python 3.12. (#​6679)
  • Fixed issues with internal utilities. (#​6754)
  • Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#​6537)

v13.2.1

Compare Source

  • Fixed an issue where appdistribution:distribute would always attempt to run tests. (#​6749)

v13.2.0

Compare Source

  • Added rudimentary email enumeration protection for auth emulator. (#​6702)

v13.1.0

Compare Source

  • Point v2 function target to entrypoint. (#​6698)
  • Fixed issue where Auth emulator sign in with Google only shows default tenant. (#​6683)
  • Prevent the use of pinTags + minInstances on the same function, as the features are not mutually compatible (#​6684)
  • Added force flag to delete backend (#​6635).
  • Use framework build target in Vite builds (#​6643).
  • Use framework build target in NODE_ENV for production Vite builds (#​6644)
  • Let framework handle public directory with emulator. (#​6674)
  • Dynamically import Vite to fix deprecated CJS build warning. (#​6660)
  • Fixed unsafe array spreads on Hosting deploys. (#​6712)

v13.0.3

Compare Source

  • Fixed typo in Cloud storage bucket metadata location type. (#​6648)
  • Fixed an issue where including export in .env files caused parsing errors. (#​6629)

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the renovate label May 3, 2024
@renovate renovate bot requested review from a team, herablog, itsminadesu and yasuda-shin and removed request for a team May 3, 2024 21:21
@renovate renovate bot force-pushed the renovate/npm-firebase-tools-vulnerability branch from bb08e3e to 33872d7 Compare June 4, 2024 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@herablog herablog Awaiting requested review from herablog herablog was automatically assigned from openameba/spindle-working-group

@itsminadesu itsminadesu Awaiting requested review from itsminadesu itsminadesu was automatically assigned from openameba/spindle-working-group

@yasuda-shin yasuda-shin Awaiting requested review from yasuda-shin yasuda-shin was automatically assigned from openameba/spindle-working-group

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants