Skip to content

fix(deps): update dependency @google-cloud/firestore to v6 [security]#129

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-google-cloud-firestore-vulnerability
Open

fix(deps): update dependency @google-cloud/firestore to v6 [security]#129
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-google-cloud-firestore-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Sep 25, 2024

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@google-cloud/firestore (source) ^4.15.1^6.0.0 age confidence

Logging of the firestore key within nodejs-firestore

CVE-2023-6460 / GHSA-4g6q-77j7-vvjc

More information

Details

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Severity

  • CVSS Score: 4.0 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

googleapis/google-cloud-node (@​google-cloud/firestore)

v6.2.0

Compare Source

Features
Bug Fixes
  • Minify proto JSON files (#​1771) (6393fe7)
  • Remove hack in update.sh, and replace with existing pattern for protobuf dependencies. (#​1769) (6ba6751)

v6.0.0

Compare Source

⚠ BREAKING CHANGES
  • update library to use Node 12 (#​1725)
Features
Bug Fixes
Build System
5.0.2 (2022-01-07)
Bug Fixes
5.0.1 (2021-12-02)
Bug Fixes

v5.0.2

Compare Source

v5.0.1

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed Sep 25, 2024
@renovate renovate Bot closed this Sep 25, 2024
@renovate
renovate Bot deleted the renovate/npm-google-cloud-firestore-vulnerability branch September 25, 2024 16:16
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed fix(deps): update dependency @google-cloud/firestore to v6 [security] Sep 26, 2024
@renovate renovate Bot reopened this Sep 26, 2024
@renovate
renovate Bot restored the renovate/npm-google-cloud-firestore-vulnerability branch September 26, 2024 20:22
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 709189b to 53089a8 Compare September 26, 2024 20:23
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 53089a8 to a317a26 Compare August 10, 2025 15:44
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from a317a26 to b4c7ed7 Compare August 19, 2025 11:45
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from b4c7ed7 to ae08c1b Compare September 25, 2025 17:45
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from ae08c1b to 3bcd845 Compare October 21, 2025 18:38
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 3bcd845 to 95dab0b Compare November 11, 2025 02:51
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 95dab0b to 64b08a5 Compare December 3, 2025 16:13
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 64b08a5 to 5fe253b Compare January 19, 2026 17:10
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 5fe253b to 45b8226 Compare February 2, 2026 16:08
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 45b8226 to 4ba5e4c Compare February 12, 2026 12:13
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 4ba5e4c to 1e3b8ae Compare March 8, 2026 11:46
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate
renovate Bot deleted the renovate/npm-google-cloud-firestore-vulnerability branch March 27, 2026 02:43
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed fix(deps): update dependency @google-cloud/firestore to v6 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 3 times, most recently from f190a84 to 846bbd4 Compare April 1, 2026 22:06
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 846bbd4 to 6482db3 Compare April 8, 2026 15:40
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title fix(deps): update dependency @google-cloud/firestore to v6 [security] - autoclosed fix(deps): update dependency @google-cloud/firestore to v6 [security] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 3 times, most recently from 01a2236 to 2f7e727 Compare April 29, 2026 17:00
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 2 times, most recently from a6a6be8 to 64780d2 Compare May 18, 2026 13:55
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch 2 times, most recently from a0dc121 to 0b7b4f0 Compare June 2, 2026 00:41
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from 0b7b4f0 to e330158 Compare June 11, 2026 10:06
@renovate
renovate Bot force-pushed the renovate/npm-google-cloud-firestore-vulnerability branch from e330158 to 50c869b Compare July 12, 2026 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants