Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firebase 10.8.0 produces terminal error recomending downgrade to 10.6.0 #6806

Closed
jaysonfrazer opened this issue Feb 23, 2024 · 1 comment
Closed

Firebase 10.8.0 produces terminal error recomending downgrade to 10.6.0 #6806

jaysonfrazer opened this issue Feb 23, 2024 · 1 comment
Labels
type: bug

Comments

@jaysonfrazer
Copy link

[REQUIRED] Environment info

**firebase-tools:**13.0.3

**Platform:**Windows

[REQUIRED] Test case

I have a Vue JS app with Firebase. I was using Firebase v10.7.2 and when I checked for updates v10.8.0 was available, but when I did npm audit I get a warning that I have 10 low severity vulnerabilities all in the Firebase package. So I updated to v10.8.0 expecting that that would remove the error as I guess I expect that the required changes in v10.6.0 would be included in v10.8.0. No luck the error remained. I ran npm audit fix --force and rolled back to 10.6.0 and the warning is no longer there.

[REQUIRED] Steps to reproduce

Install Firebase v10.8.0 and run npm audit in the terminal

[REQUIRED] Expected behavior

No errors and no recomendation to downgrade to 10.6.0

[REQUIRED] Actual behavior

I get a warning that I have 10 low severity vulnerabilities all in the Firebase package. I have v10.8.0 of Firebase and the error message suggests to downgrade to 10.6.0

undici <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - GHSA-3787-6prv-h9w3
fix available via npm audit fix --force
Will install firebase@10.6.0, which is a breaking change
node_modules/undici
@firebase/auth >=1.5.0-20231112213030
Depends on vulnerable versions of undici
node_modules/@firebase/auth
firebase 0.900.22 || 7.9.1-0 - 7.9.1-canary.0396117e || 8.10.0-20217172214 - 8.10.0-canary.f40c0db53 || 9.0.0-20217250818 - 9.0.0-canary.d0d3acb10 || 9.0.1-2021727231341 - 9.0.1-canary.e039e1472 || 9.0.2-2021891633 - 9.0.2-canary.ff9baf70c || 9.0.3-202181503543 - 9.1.0-canary.f7d8324a1 || 9.1.1-2021830195733 - 9.1.1-canary.e70de6201 || 9.1.2-20219523556 - 9.1.2-canary.fc1d36497 || 9.19.1-20230331192943 - 9.19.1-canary.264909862 || 9.22.1-20230524195328 || 10.5.2-20231027003707 - 10.5.2-canary.ff1a6ec2c || 10.6.0-20231107192534 - 10.6.0-canary.ebc694a33 || >=10.7.0-20231112213030
Depends on vulnerable versions of @firebase/auth
Depends on vulnerable versions of @firebase/auth-compat
Depends on vulnerable versions of @firebase/firestore
Depends on vulnerable versions of @firebase/firestore-compat
Depends on vulnerable versions of @firebase/functions
Depends on vulnerable versions of @firebase/functions-compat
Depends on vulnerable versions of @firebase/storage
Depends on vulnerable versions of @firebase/storage-compat
node_modules/firebase
@firebase/auth-compat 0.4.9-20231107192534 - 0.4.9-canary.a5c1a3594 || >=0.5.0-20231112213030
Depends on vulnerable versions of @firebase/auth
Depends on vulnerable versions of undici
node_modules/@firebase/auth-compat
@firebase/firestore 4.3.2-20231027003707 - 4.3.2-canary.ff1a6ec2c || >=4.4.0-20231112213030
Depends on vulnerable versions of undici
node_modules/@firebase/firestore
@firebase/firestore-compat <=0.0.900-exp.520ca39d0 || 0.3.21-20231027003707 - 0.3.21-canary.ff1a6ec2c || 0.3.22-20231107192534 - 0.3.22-canary.ebc694a33 || 0.3.23-20231112213030 - 0.3.25
Depends on vulnerable versions of @firebase/firestore
node_modules/@firebase/firestore-compat
@firebase/functions >=0.11.0-20231112213030
Depends on vulnerable versions of undici
node_modules/@firebase/functions
@firebase/functions-compat 0.3.5-20230523183426 - 0.3.5-canary.0d29adc97 || >=0.3.6-20231112213030
Depends on vulnerable versions of @firebase/functions
node_modules/@firebase/functions-compat
@firebase/storage 0.11.2-20230301000120 - 0.11.2-canary.2a2e2b7ce || 0.12.0-20231112213030 - 0.12.1
Depends on vulnerable versions of undici
node_modules/@firebase/storage
@firebase/storage-compat <=0.0.900-exp.520ca39d0 || 0.1.4-202192711727 - 0.1.4-canary.f27fe4304 || 0.3.2-20230301000120 - 0.3.2-canary.2a2e2b7ce || >=0.3.3-20231112213030
Depends on vulnerable versions of @firebase/storage
node_modules/@firebase/storage-compat

10 low severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force
@aalej
Copy link
Contributor

aalej commented Feb 23, 2024

Hey @jaysonfrazer, thanks for reaching out. Looking at the error message you shared, it looks like the issue you are reporting is similar to firebase/firebase-js-sdk#8038. Please leave a thumbs up, or a comment on the original issue so that we can track how many are affected.

That said, I’ll be closing this issue as a duplicate. If you think this is a mistake, feel free to ask this issue to be reopened. Thanks!

@aalej aalej closed this as not planned Won't fix, can't repro, duplicate, stale Feb 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaysonfrazer @aalej