[Snyk] Upgrade firebase-functions from 4.2.1 to 5.0.1

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade firebase-functions from 4.2.1 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 13 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	292	Proof of Concept
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	292	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	292	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	292	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	292	Proof of Concept
	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	292	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	292	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	292	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	292	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	292	No Known Exploit
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	292	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	292	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	292	Proof of Concept
	Resource Exhaustion SNYK-JS-JOSE-6419224	292	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	292	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	292	Proof of Concept

Release notes

Package name: firebase-functions

• 5.0.1 - 2024-05-03
  
  • Fix App fetching for named firestore instances (#1562).
• 5.0.0 - 2024-05-01
  
  • Add option to get named firestore instance for v2 firestore functions (#1550).
  • Remove firebase-admin v10 dependency for Firestore triggers multi-DB support (#1555).
• 4.9.0 - 2024-04-04
  
  • Add new 2nd gen Firestore auth context triggers. (#1519)
• 4.8.2 - 2024-03-29
  

  Fix bug with CORS options for an array of one string (#1544)

• 4.8.1 - 2024-03-19
  

  Fix bug where 1st gen functions eventually fail with stack too deep (#1540)
  Make simple CORS options static for improved debugability (#1536)

• 4.8.0 - 2024-03-08
  

  Add onInit callback function for global variable initialization (#1531)

• 4.7.0 - 2024-02-07
  
  • Fixes access on deeply nested, nonexistent property. (#1432)
  • Add IteratedDataSnapshot interface to match with firebase admin v12 (#1517).
  • Make bucket parameterizeable in storage functions (#1518)
  • Introduce helper library for select and multi-select input (#1518)
• 4.6.0 - 2024-01-03
  
  • Wrap 2nd gen onCall functions with trace context. (#1491)
  • Bump peer depdencies for firebase-admin to support 12.0.0. (#1509)
• 4.5.0 - 2023-11-02
  
  • Remove HTTP server shutdown message. (#1457)
  • Add features to task queue functions. (#1423)
  • Add traces to V2 Firestore trigger logs. (#1440)
  • Fix incorrectly parsed timestamps in auth blocking functions. (#1472)
  • Add recaptcha verdict support for auth blocking functions (#1458)
• 4.4.1 - 2023-06-12
  
  • Update list of supported regions for 2nd Gen Functions. (#1402)
  • Fix bug where log message on structured log was being overwritten (#1416)
  • Fix bug where exists() should return true for falsy values like 0, "" (#1410)
• 4.4.0 - 2023-05-08
• 4.3.1 - 2023-04-20
• 4.3.0 - 2023-04-13
• 4.2.1 - 2023-02-02

from firebase-functions GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in feb1421 path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in feb1421 result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.