[Snyk] Upgrade firebase-functions from 3.6.0 to 3.15.4

[snyk-bot]

Snyk has created this PR to upgrade firebase-functions from 3.6.0 to 3.15.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 20 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2021-08-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-590103	490/1000 Why? CVSS 9.8	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	490/1000 Why? CVSS 9.8	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	490/1000 Why? CVSS 9.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: firebase-functions

• 3.15.4 - 2021-08-16
  
  • Fix bug where the arg of https onCall functions sometimes deviates from the documented format.
• 3.15.3 - 2021-08-13
  
  • (temporarly) adds the previously accessible "lib/providers" files as exports. These will be yanked in the next major release.
  • Fixes a bug where functions.https.HttpsError could not be constructed
• 3.15.2 - 2021-08-12
  
  • Fix an error that broke firebase emulators:start on older CLIs
• 3.15.1 - 2021-08-11
  
  • Fix bug that broke the functions emulator
• 3.15.0 - 2021-08-11
  
  • Adds options to set access control on HTTP triggered functions.
  • Adds new regions to support list (asia-east1, asia-southeast1).
  • Adds support for setting user labels on functions via runWith().
  • Adds support for FIREBASE_CONFIG env as the name of a JSON file
  • Fixes an issue where objects that define toJSON could not be logged successfully (#907).
  • Formalize module exports. Loggers can now be accessed at 'firebase-functions/logger' and 'firebase-functions/logger/compat'
  • Fixes an issue where Remote Config could not be emulated in Windows machines on the classic Command Prompt.
• 3.14.1 - 2021-05-17
  
  • Fixes a bug where typescript would fail to compile with old (but supported) versions of firebase-admin
  • Replaces 3.13.3 which was an inappropriately numbered version
• 3.14.0 - 2021-05-12
  
  • Functions may now be deployed with 8GB RAM
  • Functions may now be deployed to europe-central2 (Warsaw)
  • Add support for validating App Check tokens for Callable Functions
• 3.13.3 - 2021-05-17
  
  • Fixes a bug where typescript would fail to compile with old (but supported) versions of firebase-admin
• 3.13.2 - 2021-02-22
  
  • Fixes issue where DATABASE_URL and STORAGE_BUCKET_URL could not be set to undefined. (#829)
  • Fixes a bug where ingressSettings could not be set. (#827)
• 3.13.1 - 2021-01-15
  
  • Fixes a bug that prevented Functions from being deployed with availableMemoryMb set to 4GB.
  • Fixes bug where functions.logger.log crashes function if circular dependencies are passed in
• 3.13.0 - 2020-12-07
• 3.12.0 - 2020-11-30
• 3.11.0 - 2020-08-21
• 3.10.0 - 2020-08-20
• 3.9.1 - 2020-08-12
• 3.9.0 - 2020-07-31
• 3.8.0 - 2020-07-14
• 3.7.0 - 2020-06-09
• 3.6.2 - 2020-05-28
• 3.6.1 - 2020-04-24
• 3.6.0 - 2020-03-31

from firebase-functions GitHub release notes

Commit messages

Package name: firebase-functions

• de1c3c1 3.15.4
• 78db0b8 Fix bug where v1 HTTP used v2 API if callback had len 1 (ng-init is not live, need way to bind 'local variables' angular/angular.js#955)
• 4c33a76 [firebase-release] Removed change log and reset repo after 3.15.3 release
• eb98f0c 3.15.3
• 2a8265f Changelog (Modifying scope of one controller causes other controllers to update angular/angular.js#951)
• c842e75 Export every real and namespace file for v1 (fix issue #782,#875 angular/angular.js#948)
• 331e14e Fix "functions.https.HttpsError is not a constructor" (Leak angular/angular.js#949)
• 1d80b5f [firebase-release] Removed change log and reset repo after 3.15.2 release
• e720f87 3.15.2
• fdcd309 Hyrum's law breaks my heart (Make include works better with primitive $scope values angular/angular.js#943)
• 7f4db13 Changes for first staged draft of EAP reference (Docs are broken on opera angular/angular.js#939)
• e6eb1ea [firebase-release] Removed change log and reset repo after 3.15.1 release
• 360d426 3.15.1
• 670dc92 Changelog (better ranking in docs search angular/angular.js#941)
• 2e214ed Bug bash fixes (ng-repeat does not work with primitive types angular/angular.js#933)
• e2ccc53 [firebase-release] Removed change log and reset repo after 3.15.0 release
• 1b7a73b 3.15.0
• 31d52b7 Use npm ci on publish scripts. (bug(html5 navigation): broken in Opera angular/angular.js#940)
• 94414f4 Set Access Control for HTTP Functions (v2) (<img ng:src> does not work with IE9 angular/angular.js#935)
• e9f5e43 Add missing changelog entries. (Docs are broken on opera angular/angular.js#938)
• de94b78 [apidocs] Improve file detection and updates toc.yaml (fix(ngModel): use keydown/change events on IE9 instead of input angular/angular.js#936)
• b3c232f Print a useful error explaining why Runtime Config doesn't work ($render method missing from documentation of the NgModelController angular/angular.js#930)
• 4493e35 Fixing Typedoc breaking changes. (IE8 CORS support angular/angular.js#934)
• 94f5396 Improve typings in HTTPS and Pub/Sub functions. (Double directive controller instantiation fix angular/angular.js#931)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs