rxfire icon indicating copy to clipboard operation
rxfire copied to clipboard
verified publisher icon FirebaseExtended

Rxfire was downgraded to 3.13.5 when fixing high severity vulnerabilities

Open voscausa opened this issue 4 years ago • 0 comments

From the log: node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g

After installing: firebase-tools 10.0.1 → 10.1.2

{
  "name": "... accounts",
  "version": "1.2.2",
  "author": "voscausa",
  "repository": {
    "type": "git",
    "url": "https://github.com/voscausa/...-accounts"
  },
  "license": "MIT",
  "type": "module",
  "scripts": {
    "dev": "vite",
    "life": "vite --mode life_dev",
    "build": "vite build",
    "serve": "vite preview"
  },
  "devDependencies": {
    "@beyonk/svelte-notifications": "^4.1.1",
    "@sveltejs/vite-plugin-svelte": "^1.0.0-next.33",
    "@voscausa/svelte-use-validate": "^1.3.4",
    "eslint": "^8.1.0",
    "firebase": "^9.6.4",
    "jszip": "^3.7.1",
    "lodash.clonedeep": "^4.5.0",
    "lodash.isequal": "^4.5.0",
    "rxfire": "^3.13.5",           // from "rxfire": "^6.0.3"
    "rxjs": "^7.4.0",
    "svelte": "^3.44.3",
    "vite": "^2.7.10"
  }
}

voscausa avatar Jan 26 '22 10:01 voscausa