This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Firebase Functions/functions/package.json
- Firebase Functions/functions/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7 |
Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020 |
Yes | No Known Exploit |
 |
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022 |
Yes | No Known Exploit |
|
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024 |
Yes | No Known Exploit |
|
526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8 |
Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: firebase-functions
The new version differs by 161 commits.- 4fdf9db 3.6.2
- f907d68 Update CHANGELOG.md (#694)
- 9431102 fix: move jsonwebtoken to dev dependencies (#677)
- 8d0a6c2 pin @ types/express version (#686)
- 1bd2736 Fixes to reference doc generation for functions.https (#690)
- b1f9b5a Revise docs for handler namespace (#680)
- 5c18afe Modify return type of DataSnapshot.forEach to `boolean | void` (#666)
- df35c1b fix: onCreate, onUpdate and onDelete receive a DocumentQuerySnapshopt (#670)
- 1dde3db [firebase-release] Removed change log and reset repo after 3.6.1 release
- 1fb57c5 3.6.1
- 2784d5d Update TypeScript dependency to v3.8 to fix build issues (Issue #667) (#668)
- d3e8951 [firebase-release] Removed change log and reset repo after 3.6.0 release
- c9a3a0e 3.6.0
- 95d4a4a Update CHANGELOG.md (#640)
- 7f4c957 Enable users to define async HTTP functions (#651)
- e1df823 Adding testlab event to eventTypes list (#649)
- 468455d Updating docs TOC with Testlab paths. (#643)
- 5250110 Add support for europe-west3 region. (#627)
- 0921c78 [firebase-release] Removed change log and reset repo after 3.5.0 release
- 1ed7345 3.5.0
- 15bf0da Update CHANGELOG (#639)
- df543dc Update dependencies to fix TS build issue (#638)
- 9e05b7f Add entry for maxInstances (#636)
- bf52fa3 add support for maxInstances in RuntimeOptions (#624)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: