Update node-forge to fix security issue #1532
Description
[READ] Step 1: Are you in the right place?
-
For issues related to the code in this repository file a Github issue.
-
If the issue pertains to Cloud Firestore, read the instructions in the "Firestore issue"
template. -
For general technical questions, post a question on StackOverflow
with the firebase tag. -
For general Firebase discussion, use the firebase-talk
google group. -
For help troubleshooting your application that does not fall under one
of the above categories, reach out to the personalized
Firebase support channel.please update node-forge to fix this issue: GHSA-gf8q-jrpm-jvxq
[REQUIRED] Step 2: Describe your environment
- Operating System version: windows 11
- Firebase SDK version: _____
- Firebase Product: firebase-admin
- Node.js version: 16.13.0
- NPM version: 8.1.3
[REQUIRED] Step 3: Describe the problem
Steps to reproduce:
npm i [email protected]
npm audit fix
What happened? How can we make the problem occur?
This could be a description, log/console output, etc.
node-forge <1.0.0
URL parsing in node-forge could lead to undesired behavior. - GHSA-gf8q-jrpm-jvxq
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/node-forge
firebase-admin >=5.0.0
Relevant Code:
npm i [email protected]
npm audit fix