[Snyk] Security upgrade firebase-tools from 7.16.2 to 11.4.1 #46

rossdakin · 2022-09-23T06:22:41Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPCGRPCJS-1038818	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: firebase-tools

The new version differs by 250 commits.

9012f8c 11.4.1
35d4832 Restores behavior where Hosting will not fail to deploy if a function… (#4799)
22bdf7b Add integration test for function deploys. (#4776)
4356213 hosting:clone help update (#4798)
1389641 pin a specific version of cli-color (#4796)
e13c413 fixed ENAMETOLONG storage emulator issue (#4771)
ee4cdc1 sets groundwork for removing login with token (#4759)
c60d441 [firebase-release] Removed change log and reset repo after 11.4.0 release
83b487f 11.4.0
d63347c Update CHANGELOG.md (#4785)
e239ebf fix storage and realtime database targets (#4782)
ba686fd use user-project quota to test IAM permissions (#4781)
ae788e7 Add storage emulator readme with useful commands (#4777)
f9e09a8 Actually copy params from the v1alpha1 wire format into Builds (#4774)
c274636 Find the function region for a functions rewrite automatically. (#4623)
ac0a9e8 Remove duplicate call to track (#4766)
14a74a9 Fix "bug" where function timeout option did not apply to Functions Emulator. (#4745)
266e1d7 Rewrite functions emulator integration test to avoid using serialized trigger hack (#4750)
ab3e771 Add function to programmatically write to .env files (#4721)
d335545 [firebase-release] Removed change log and reset repo after 11.3.0 release
5df847d 11.3.0
4202b66 Cleanup unnecessary use of frb. (#4704)
d84680c Update UI snapshot binaryPath. (#4751)
390f096 Add optional fields into build and copy to backend (#4746)