Skip to content

Manual fix(deps): update dependency firebase-tools #8733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 27, 2025
Merged

Manual fix(deps): update dependency firebase-tools #8733

merged 1 commit into from
Jan 27, 2025

Conversation

DellaBitta
Copy link
Contributor

@DellaBitta DellaBitta commented Jan 27, 2025
edited
Loading

Discussion

The auto generated PR #8606 attempts to patch the yarn.lock file for a dependency associated with CVE-2024-37168 that was pulled in by the Google Cloud CLI.

Instead of only patching the yarn.lock file to update the transitive culprit @grpc/grpc-js@~1.9.0, let's just update the dependency that we use - the Firebase CLI tools.

Testing

Local build, CI.
This is a dev dependency update.

API Changes

NA

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 27, 2025

⚠️ No Changeset found

Latest commit: 76d253b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@google-oss-bot
Copy link
Contributor

Size Report 1

Affected Products

No changes between base commit (59ae45e) and merge commit (b94439c).

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/1H1ahhORnC.html

@DellaBitta DellaBitta marked this pull request as ready for review January 27, 2025 19:38
@DellaBitta DellaBitta requested a review from a team as a code owner January 27, 2025 19:38
@google-oss-bot
Copy link
Contributor

Size Analysis Report 1

Affected Products

No changes between base commit (59ae45e) and merge commit (b94439c).

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/QjhenRJyqu.html

@DellaBitta DellaBitta merged commit 99766e0 into main Jan 27, 2025
49 checks passed
@DellaBitta DellaBitta deleted the ddb-fbtools-dep-update branch January 27, 2025 20:49
@firebase firebase locked and limited conversation to collaborators Feb 27, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dlarocque dlarocque dlarocque approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DellaBitta @google-oss-bot @dlarocque