diff --git a/.changeset/cyan-pugs-buy.md b/.changeset/cyan-pugs-buy.md new file mode 100644 index 00000000000..3e7bea26306 --- /dev/null +++ b/.changeset/cyan-pugs-buy.md @@ -0,0 +1,9 @@ +--- +'@firebase/auth-compat': patch +'@firebase/firestore': patch +'@firebase/functions': patch +'@firebase/storage': patch +'@firebase/auth': patch +--- + +Update undici version to 5.28.4 due to CVE-2024-30260. diff --git a/integration/messaging/package.json b/integration/messaging/package.json index 7bddc0dd56f..35faa09c49f 100644 --- a/integration/messaging/package.json +++ b/integration/messaging/package.json @@ -15,7 +15,7 @@ "express": "4.19.2", "geckodriver": "2.0.4", "mocha": "9.2.2", - "undici": "5.28.3", + "undici": "5.28.4", "selenium-assistant": "6.1.1" } } diff --git a/package.json b/package.json index cd6ffb8678d..ef19b394ca1 100644 --- a/package.json +++ b/package.json @@ -153,7 +153,7 @@ "tslint": "6.1.3", "typedoc": "0.16.11", "typescript": "4.7.4", - "undici": "5.28.3", + "undici": "5.28.4", "watch": "1.0.2", "webpack": "5.76.0", "yargs": "17.7.2" diff --git a/packages/auth-compat/package.json b/packages/auth-compat/package.json index b1002a3559c..0e6eee7dcfc 100644 --- a/packages/auth-compat/package.json +++ b/packages/auth-compat/package.json @@ -54,7 +54,7 @@ "@firebase/auth-types": "0.12.1", "@firebase/component": "0.6.6", "@firebase/util": "1.9.5", - "undici": "5.28.3", + "undici": "5.28.4", "tslib": "^2.1.0" }, "license": "Apache-2.0", diff --git a/packages/auth/package.json b/packages/auth/package.json index 39297914cc1..fcffa563f50 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -129,7 +129,7 @@ "@firebase/component": "0.6.6", "@firebase/logger": "0.4.1", "@firebase/util": "1.9.5", - "undici": "5.28.3", + "undici": "5.28.4", "tslib": "^2.1.0" }, "license": "Apache-2.0", diff --git a/packages/firestore/package.json b/packages/firestore/package.json index 274b5b8a9cd..f7c35e6e42b 100644 --- a/packages/firestore/package.json +++ b/packages/firestore/package.json @@ -102,7 +102,7 @@ "@firebase/webchannel-wrapper": "0.10.6", "@grpc/grpc-js": "~1.9.0", "@grpc/proto-loader": "^0.7.8", - "undici": "5.28.3", + "undici": "5.28.4", "tslib": "^2.1.0" }, "peerDependencies": { diff --git a/packages/functions/package.json b/packages/functions/package.json index e5a6b004d90..b24599d0de4 100644 --- a/packages/functions/package.json +++ b/packages/functions/package.json @@ -71,7 +71,7 @@ "@firebase/auth-interop-types": "0.2.2", "@firebase/app-check-interop-types": "0.3.1", "@firebase/util": "1.9.5", - "undici": "5.28.3", + "undici": "5.28.4", "tslib": "^2.1.0" }, "nyc": { diff --git a/packages/storage/package.json b/packages/storage/package.json index 886ce50292e..9aac870cef9 100644 --- a/packages/storage/package.json +++ b/packages/storage/package.json @@ -48,7 +48,7 @@ "dependencies": { "@firebase/util": "1.9.5", "@firebase/component": "0.6.6", - "undici": "5.28.3", + "undici": "5.28.4", "tslib": "^2.1.0" }, "peerDependencies": { diff --git a/repo-scripts/changelog-generator/package.json b/repo-scripts/changelog-generator/package.json index f2afdaeffbf..e04bb6f2ecf 100644 --- a/repo-scripts/changelog-generator/package.json +++ b/repo-scripts/changelog-generator/package.json @@ -20,7 +20,7 @@ "@changesets/types": "3.3.0", "@changesets/get-github-info": "0.5.2", "@types/node": "20.8.10", - "undici": "5.28.3" + "undici": "5.28.4" }, "license": "Apache-2.0", "devDependencies": { diff --git a/yarn.lock b/yarn.lock index d75026f9182..01d60f9b013 100644 --- a/yarn.lock +++ b/yarn.lock @@ -17501,10 +17501,10 @@ undici-types@~5.26.4: resolved "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== -undici@5.28.3: - version "5.28.3" - resolved "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz#a731e0eff2c3fcfd41c1169a869062be222d1e5b" - integrity sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA== +undici@5.28.4: + version "5.28.4" + resolved "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068" + integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g== dependencies: "@fastify/busboy" "^2.0.0"