diff --git a/.changeset/short-falcons-look.md b/.changeset/short-falcons-look.md new file mode 100644 index 00000000000..fbedc2cccec --- /dev/null +++ b/.changeset/short-falcons-look.md @@ -0,0 +1,9 @@ +--- +'@firebase/auth-compat': patch +'@firebase/firestore': patch +'@firebase/functions': patch +'@firebase/storage': patch +'@firebase/auth': patch +--- + +Bump undici version to 5.28.3 due to security issue. diff --git a/.github/workflows/test-all.yml b/.github/workflows/test-all.yml index 10d67c00930..e72dca55c8b 100644 --- a/.github/workflows/test-all.yml +++ b/.github/workflows/test-all.yml @@ -24,7 +24,7 @@ env: # The default behavior of chromedriver uses the older Chrome download URLs. We need to override # the beahvior to use the new URLs. CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/ - CHROMEDRIVER_CDNBINARIESURL: https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/ + CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public CHROME_VALIDATED_VERSION: linux-120.0.6099.71 CHROME_VERSION_MISMATCH_MESSAGE: "The Chrome version doesn't match the previously validated version. Consider updating CHROME_VALIDATED_VERSION in the GitHub workflow if tests pass." artifactRetentionDays: 14 diff --git a/.github/workflows/test-changed-auth.yml b/.github/workflows/test-changed-auth.yml index 2eba81a8e99..eafb3a2d556 100644 --- a/.github/workflows/test-changed-auth.yml +++ b/.github/workflows/test-changed-auth.yml @@ -22,7 +22,7 @@ env: # The default behavior of chromedriver uses the older Chrome download URLs. We need to override # the beahvior to use the new URLs. CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/ - CHROMEDRIVER_CDNBINARIESURL: https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/ + CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public CHROME_VALIDATED_VERSION: linux-120.0.6099.71 # Bump Node memory limit NODE_OPTIONS: "--max_old_space_size=4096" diff --git a/integration/messaging/package.json b/integration/messaging/package.json index 654dbba46b4..f335013cfb0 100644 --- a/integration/messaging/package.json +++ b/integration/messaging/package.json @@ -11,11 +11,11 @@ "devDependencies": { "firebase": "10.8.0", "chai": "4.3.7", - "chromedriver": "114.0.2", + "chromedriver": "116.0.0", "express": "4.18.2", "geckodriver": "2.0.4", "mocha": "9.2.2", - "undici": "5.26.5", + "undici": "5.28.3", "selenium-assistant": "6.1.1" } } diff --git a/package.json b/package.json index 1bda3af3eec..48ac6c7b8f0 100644 --- a/package.json +++ b/package.json @@ -153,7 +153,7 @@ "tslint": "6.1.3", "typedoc": "0.16.11", "typescript": "4.7.4", - "undici": "5.26.5", + "undici": "5.28.3", "watch": "1.0.2", "webpack": "5.76.0", "yargs": "17.7.2" diff --git a/packages/auth-compat/package.json b/packages/auth-compat/package.json index 6f0847fd7ec..00e2f14f4e3 100644 --- a/packages/auth-compat/package.json +++ b/packages/auth-compat/package.json @@ -54,7 +54,7 @@ "@firebase/auth-types": "0.12.0", "@firebase/component": "0.6.5", "@firebase/util": "1.9.4", - "undici": "5.26.5", + "undici": "5.28.3", "tslib": "^2.1.0" }, "license": "Apache-2.0", diff --git a/packages/auth/package.json b/packages/auth/package.json index 2cacc6d6dfa..f36b48c34ae 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -129,7 +129,7 @@ "@firebase/component": "0.6.5", "@firebase/logger": "0.4.0", "@firebase/util": "1.9.4", - "undici": "5.26.5", + "undici": "5.28.3", "tslib": "^2.1.0" }, "license": "Apache-2.0", @@ -138,7 +138,7 @@ "@rollup/plugin-json": "4.1.0", "@rollup/plugin-strip": "2.1.0", "@types/express": "4.17.17", - "chromedriver": "114.0.2", + "chromedriver": "116.0.0", "rollup": "2.79.1", "rollup-plugin-sourcemaps": "0.6.3", "rollup-plugin-typescript2": "0.31.2", diff --git a/packages/firestore/package.json b/packages/firestore/package.json index 94e3c73f2ae..474a2e34d75 100644 --- a/packages/firestore/package.json +++ b/packages/firestore/package.json @@ -102,7 +102,7 @@ "@firebase/webchannel-wrapper": "0.10.5", "@grpc/grpc-js": "~1.9.0", "@grpc/proto-loader": "^0.7.8", - "undici": "5.26.5", + "undici": "5.28.3", "tslib": "^2.1.0" }, "peerDependencies": { diff --git a/packages/functions/package.json b/packages/functions/package.json index 29e9e5480e2..0caaed9a3ba 100644 --- a/packages/functions/package.json +++ b/packages/functions/package.json @@ -71,7 +71,7 @@ "@firebase/auth-interop-types": "0.2.1", "@firebase/app-check-interop-types": "0.3.0", "@firebase/util": "1.9.4", - "undici": "5.26.5", + "undici": "5.28.3", "tslib": "^2.1.0" }, "nyc": { diff --git a/packages/storage/package.json b/packages/storage/package.json index 361fe189afc..7416dc8646c 100644 --- a/packages/storage/package.json +++ b/packages/storage/package.json @@ -48,7 +48,7 @@ "dependencies": { "@firebase/util": "1.9.4", "@firebase/component": "0.6.5", - "undici": "5.26.5", + "undici": "5.28.3", "tslib": "^2.1.0" }, "peerDependencies": { diff --git a/repo-scripts/changelog-generator/package.json b/repo-scripts/changelog-generator/package.json index 648892ad527..3a7989d9dc3 100644 --- a/repo-scripts/changelog-generator/package.json +++ b/repo-scripts/changelog-generator/package.json @@ -20,7 +20,7 @@ "@changesets/types": "3.3.0", "@changesets/get-github-info": "0.5.2", "@types/node": "20.8.10", - "undici": "5.26.5" + "undici": "5.28.3" }, "license": "Apache-2.0", "devDependencies": { diff --git a/yarn.lock b/yarn.lock index e8334ee4194..cc12132428f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5583,14 +5583,14 @@ chrome-trace-event@^1.0.2: resolved "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.3.tgz" integrity sha512-p3KULyQg4S7NIHixdwbGX+nFHkoBiA4YQmyWtjb8XngSKV124nJmRysgAeujbUVb15vh+RvFUfCPqU7rXk+hZg== -chromedriver@114.0.2: - version "114.0.2" - resolved "https://registry.npmjs.org/chromedriver/-/chromedriver-114.0.2.tgz" - integrity sha512-v0qrXRBknbxqmtklG7RWOe3TJ/dLaHhtB0jVxE7BAdYERxUjEaNRyqBwoGgVfQDibHCB0swzvzsj158nnfPgZw== +chromedriver@116.0.0: + version "116.0.0" + resolved "https://registry.npmjs.org/chromedriver/-/chromedriver-116.0.0.tgz#3f5d07b5427953270461791651d7b68cb6afe9fe" + integrity sha512-/TQaRn+RUAYnVqy5Vx8VtU8DvtWosU8QLM2u7BoNM5h55PRQPXF/onHAehEi8Sj/CehdKqH50NFdiumQAUr0DQ== dependencies: "@testim/chrome-version" "^1.1.3" axios "^1.4.0" - compare-versions "^5.0.3" + compare-versions "^6.0.0" extract-zip "^2.0.1" https-proxy-agent "^5.0.1" proxy-from-env "^1.1.0" @@ -5955,10 +5955,10 @@ compare-func@^2.0.0: array-ify "^1.0.0" dot-prop "^5.1.0" -compare-versions@^5.0.3: - version "5.0.3" - resolved "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.3.tgz" - integrity sha512-4UZlZP8Z99MGEY+Ovg/uJxJuvoXuN4M6B3hKaiackiHrgzQFEe3diJi1mf1PNHbFujM7FvLrK2bpgIaImbtZ1A== +compare-versions@^6.0.0: + version "6.1.0" + resolved "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz#3f2131e3ae93577df111dba133e6db876ffe127a" + integrity sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg== component-emitter@^1.2.1, component-emitter@~1.3.0: version "1.3.0" @@ -16835,10 +16835,10 @@ undici-types@~5.26.4: resolved "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== -undici@5.26.5: - version "5.26.5" - resolved "https://registry.npmjs.org/undici/-/undici-5.26.5.tgz#f6dc8c565e3cad8c4475b187f51a13e505092838" - integrity sha512-cSb4bPFd5qgR7qr2jYAi0hlX9n5YKK2ONKkLFkxl+v/9BvC0sOpZjBHDBSXc5lWAf5ty9oZdRXytBIHzgUcerw== +undici@5.28.3: + version "5.28.3" + resolved "https://registry.npmjs.org/undici/-/undici-5.28.3.tgz#a731e0eff2c3fcfd41c1169a869062be222d1e5b" + integrity sha512-3ItfzbrhDlINjaP0duwnNsKpDQk3acHI3gVJ1z4fmwMK31k5G9OVIAMLSIaP6w4FaGkaAkN6zaQO9LUvZ1t7VA== dependencies: "@fastify/busboy" "^2.0.0"