Skip to content

fix(deps): update dependency firebase to v10 [security]#357

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-firebase-vulnerability
Open

fix(deps): update dependency firebase to v10 [security]#357
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-firebase-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Nov 19, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
firebase (source, changelog) 9.1.110.9.0 age confidence

GitHub Vulnerability Alerts

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.

Release Notes

firebase/firebase-js-sdk (firebase)

v10.9.0

Compare Source

v10.8.1

Compare Source

v10.8.0

Compare Source

v10.7.2

Compare Source

v10.7.1

Compare Source

v10.7.0

Compare Source

v10.6.0

Compare Source

v10.5.2

Compare Source

v10.5.1

Compare Source

v10.5.0

Compare Source

v10.4.0

Compare Source

v10.3.1

Compare Source

v10.3.0

Compare Source

v10.2.0

Compare Source

v10.1.0

Compare Source

v10.0.0

Compare Source

v9.23.0

Compare Source

v9.22.2

Compare Source

v9.22.1

Compare Source

v9.22.0

Compare Source

v9.21.0

Compare Source

v9.20.0

Compare Source

v9.19.1

Compare Source

v9.19.0

Compare Source

v9.18.0

Compare Source

v9.17.2

Compare Source

v9.17.1

Compare Source

v9.17.0

Compare Source

v9.16.0

Compare Source

v9.15.0

Compare Source

v9.14.0

Compare Source

v9.13.0

Compare Source

v9.12.1

Compare Source

v9.12.0

Compare Source

v9.11.0

Compare Source

v9.10.0

Compare Source

v9.9.4

Compare Source

v9.9.3

Compare Source

v9.9.0

Compare Source

v9.8.4

Compare Source

v9.8.3

Compare Source

v9.8.2

Compare Source

v9.8.1

Compare Source

v9.8.0

Compare Source

v9.7.0

Compare Source

v9.6.11

Compare Source

v9.6.10

Compare Source

v9.6.9

Compare Source

v9.6.8

Compare Source

v9.6.7

Compare Source

v9.6.6

Compare Source

v9.6.5

Compare Source

v9.6.4

Compare Source

v9.6.3

Compare Source

v9.6.2

Compare Source

v9.6.1

Compare Source

v9.6.0

Compare Source

v9.5.0

Compare Source

v9.4.1

Compare Source

v9.4.0

Compare Source

v9.3.0

Compare Source

v9.2.0

Compare Source

v9.1.3

Compare Source

v9.1.2

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from da7eebc to 804cdf5 Compare August 10, 2025 15:06
@renovate renovate bot force-pushed the renovate/npm-firebase-vulnerability branch from 804cdf5 to 0c031d9 Compare August 19, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants