-
Notifications
You must be signed in to change notification settings - Fork 885
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
protobufjs Prototype Pollution vulnerability #7551
Comments
This is currently being discussed in #7484 suggest this issue is closed as duplicate. |
@Bullfrog1234 Okay 👍 Will mark it as duplicate. But is the |
Note that v8.6.8 (to which node is downgrading you) is a very old version (released June 2021) and it had a completely different API surface (see https://firebase.google.com/docs/web/modular-upgrade). In fact, the function |
@dconeybe When can we expect a new version with the fix? |
@doctor-entropy Please post this question to #7484 where the actual work to fix this vulnerability is being tracked. |
Operating System
macOS Monterey v12.6.5
Browser Version
Chrome / Firefox
Firebase SDK Version
10.1.0
Firebase SDK Product:
Firestore
Describe your project's tooling
Vite + Vue 3
Describe the problem
Trying to install firebase with the latest version. But I get 5 high security vulnerability issues (Check audit report below).
npm audit fix --force
causes it downgrade firebase to v8.6.8 of firebase which then causes issues on the browser -Uncaught SyntaxError: ambiguous indirect export: initializeApp
My firebase config file
Any workarounds are also greatly appreciated.
Steps and code to reproduce issue
The text was updated successfully, but these errors were encountered: