Skip to content

fix(deps): update dependency @google-cloud/firestore to v6 [security]#429

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-google-cloud-firestore-vulnerability
Open

fix(deps): update dependency @google-cloud/firestore to v6 [security]#429
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-google-cloud-firestore-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Sep 25, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@google-cloud/firestore (source) ^5.0.0^6.0.0 age confidence

Logging of the firestore key within nodejs-firestore

CVE-2023-6460 / GHSA-4g6q-77j7-vvjc

More information

Details

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Severity

  • CVSS Score: 4.0 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

googleapis/google-cloud-node (@​google-cloud/firestore)

v6.2.0

Compare Source

Features
Bug Fixes
  • Minify proto JSON files (#​1771) (6393fe7)
  • Remove hack in update.sh, and replace with existing pattern for protobuf dependencies. (#​1769) (6ba6751)

v6.0.0

Compare Source

⚠ BREAKING CHANGES
  • update library to use Node 12 (#​1725)
Features
Bug Fixes
Build System
5.0.2 (2022-01-07)
Bug Fixes
5.0.1 (2021-12-02)
Bug Fixes

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@vercel

vercel Bot commented Sep 25, 2024
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
find-rentals Error Error Jun 11, 2026 6:15pm

@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed Sep 25, 2024
@renovate renovate Bot closed this Sep 25, 2024
@renovate renovate Bot deleted the renovate/npm-google-cloud-firestore-vulnerability branch September 25, 2024 15:53
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed fix(deps): update dependency @google-cloud/firestore to v6 [security] Sep 26, 2024
@renovate renovate Bot reopened this Sep 26, 2024
@renovate renovate Bot restored the renovate/npm-google-cloud-firestore-vulnerability branch September 26, 2024 21:24
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 54f8bf7 to 217c07f Compare September 26, 2024 21:25
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 217c07f to 0c4f374 Compare August 10, 2025 13:06
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 0c4f374 to 76e4164 Compare August 19, 2025 18:56
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 76e4164 to 0d196fe Compare September 25, 2025 16:15
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 0d196fe to 0752c4f Compare October 21, 2025 15:46
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 0752c4f to bbc370a Compare November 10, 2025 17:49
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from bbc370a to d64ca15 Compare November 18, 2025 22:54
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from d64ca15 to 59c5ebf Compare December 3, 2025 19:06
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 59c5ebf to 9bf7a0e Compare January 19, 2026 20:05
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 9bf7a0e to f045d61 Compare February 2, 2026 21:45
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 2 times, most recently from 6f61eaf to 310f99e Compare February 17, 2026 19:55
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 310f99e to 658fcfc Compare March 5, 2026 14:01
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-google-cloud-firestore-vulnerability branch March 27, 2026 01:51
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed fix(deps): update dependency @google-cloud/firestore to v6 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 2 times, most recently from 658fcfc to 0069aaf Compare March 30, 2026 22:07
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 0069aaf to 653b4ab Compare April 8, 2026 18:15
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed fix(deps): update dependency @google-cloud/firestore to v6 [security] Apr 28, 2026
@renovate renovate Bot reopened this Apr 28, 2026
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 2 times, most recently from 653b4ab to c1c389d Compare April 28, 2026 06:50
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from c1c389d to 24a0d6b Compare May 12, 2026 12:48
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 24a0d6b to 5cbcaaf Compare May 18, 2026 10:15
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 5cbcaaf to f7a7ad6 Compare May 28, 2026 18:11
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from f7a7ad6 to bebe7c7 Compare June 1, 2026 19:06
@renovate renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from bebe7c7 to 7d20dd5 Compare June 11, 2026 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants