Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade firebase from 9.23.0 to 10.9.0 #28

Open
wants to merge 5,320 commits into
base: dependabot/npm_and_yarn/npm_and_yarn-02369f7b3c
Choose a base branch
from
Open

[Snyk] Security upgrade firebase from 9.23.0 to 10.9.0 #28

wants to merge 5,320 commits into from

Conversation

Roseymr
Copy link
Owner

@Roseymr Roseymr commented Nov 21, 2024

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • apps/ledger-live-desktop/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Cross-site Scripting (XSS)
SNYK-JS-FIREBASEAUTH-8383231		   75  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

abdurrahman-ledger and others added 30 commits September 24, 2024 16:57
@abdurrahman-ledger
ci: increase maxFailures in CI
f95d628
@abdurrahman-ledger
Merge pull request LedgerHQ#7885 from LedgerHQ/support/qaa_206_playwr…
ec06a5c 
…ight_increase_maxFailures

[QAA-206][Playwright] Increase maxFailures in CI
@LucasWerey
✨(lld): add empty message and dummy drawer for ordis (LedgerHQ#7881)
c55d0b3
@aussedatlo
📦 (context-module/keyring-eth): make packages private
b2dcc72
@aussedatlo
Merge pull request LedgerHQ#7892 from LedgerHQ/chore/private-repos
8e2d700 
📦 (context-module/keyring-eth): make packages private
@abdurrahman-ledger
[QAA-206] Increase max failure to speculos test only (LedgerHQ#7899)
8981743 
test: increase max failure to speculos test only
@Justkant
chore: mark start tasks as persistent to enable interactive mode
6340b8b 
From the doc: Label a task as persistent to prevent other tasks from depending on long-running processes.
https://turbo.build/repo/docs/reference/configuration#persistent
@Justkant
fix(wallet-api): only call success and fail handlers when closing the…
f16375d 
… flow on LLM

Allows to properly retry the sign message without sending an error through the wallet-api
We also only send the success when we actually close the last success screen
@Justkant
fix(LLM): wallet-connect deep-link from native app for a request woul…
b7fa1bf 
…d reload the page [LIVE-13641]

Reloading the page would break the wallet-api flow shown when coming back to the app
@angusbayley
docs: specify xcode version in LLM readme
0295c4b
@Wozacosta
chore: update default explorer for local base & zkevm config (LedgerH…
2f71fec 
…Q#7817)

* chore: update default explorer for local base & zkevm config

* update test
@LucasWerey
💄(llm): ui and message on receive confirmation screen (LedgerHQ#7868)
4847469 
💄(llm): ui and message on receive confirmation screen
@abdurrahman-ledger
Merge pull request LedgerHQ#7831 from LedgerHQ/support/qaa_195_specul…
c8c006c 
…os_llm_ci

[QAA-195][Detox][Speculos] Add Android Speculos tests to CI
@KVNLS
feat: upgrade pnpm to v9.11
c80b4b0
@KVNLS
Merge pull request LedgerHQ#7893 from LedgerHQ/fix/upgrade-pnpm-9-11
1f583cc 
Upgrade pnpm to 9.11
@KVNLS
fix: allow mobile codecheck workflow only on dispatch
f557e09
@LucasWerey
🐛(lld): fix inte test for nfts (LedgerHQ#7914)
d3fa14f
@themooneer
chore: bump storyly version and adapt new api spec (LedgerHQ#7896)
521c394
@KVNLS
Merge pull request LedgerHQ#7915 from LedgerHQ/fix/mobile-codecheck-o…
55317a7 
…nly-dispatch

fix: allow mobile codecheck workflow only on dispatch
@desirendr
updating release notes for LLD 2.87
d9b5d61
@Justkant
Merge pull request LedgerHQ#7904 from LedgerHQ/support/turboInteracti…
b385a76 
…veMode

chore: mark start tasks as `persistent` to enable `interactive` mode
@Justkant
fix(LLM): allow wallet-connect live-app to open a deep-link at any ti…
be18f81 
…me [LIVE-13641]

Refactor by sharing a single constant for wallet-connect live-app manifest id
@qperrot
fix: remove rewards from near staking
37d8fd9 
format: fix format, fix: change near snap tests

remove: delete the key for near.staking.drawer.rewards

add changeset
@Justkant
fix(wallet-api): open any deep-link from the webview on LLM
7eb4f48 
Needed for wallet-connect-live-app deep-link back to mobile dApps
@Justkant
Merge pull request LedgerHQ#7906 from LedgerHQ/bugfix/wc-llm-deeplink…
0bf7412 
…-native-dapp

fix(LLM): wallet-connect deep-link from native app for a request would reload the page [LIVE-13641]
@VicAlbr
test: 🧪 fix add account (bitcoin)
ceac1f5
@angusbayley
Merge pull request LedgerHQ#7897 from LedgerHQ/support/specify-xcode-…
00f1d54 
…version

support: specify xcode version in LLM readme
@Justkant
Merge pull request LedgerHQ#7905 from LedgerHQ/bugfix/wallet-api-llm-…
bb822fa 
…sign-message-retry

fix(wallet-api): only call success and fail handlers when closing the flow on LLM
@VicAlbr
test: 🐛 creating new addAccount function for mocked tests
5e6c972
@Justkant
Merge pull request LedgerHQ#7872 from LedgerHQ/bugfix/wallet-api-llm-…
ecb8f3f 
…open-any-deeplink

fix(wallet-api): open any deep-link from the webview on LLM
ldg-smartling-sa and others added 27 commits October 8, 2024 16:04
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
a39d171 
…to zh-CN locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
aca99ed 
…to fr-FR locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
0c30eed 
…to de-DE locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
d5a2d9b 
…to ja-JP locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
2879092 
…to ko-KR locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
891ecdd 
…to pt-BR locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
bc1b708 
…to ru-RU locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
6bd521f 
…to es-ES locale
@ldg-smartling-sa
File apps/ledger-live-desktop/static/i18n/en/app.json was translated …
7c7bc29 
…to tr-TR locale
@desirendr
Merge pull request LedgerHQ#8043 from LedgerHQ/smartling-translations…
c821adc 
…-20241008130250022

Smartling on-demand translation delivery from release
@lpaquet-ledger
Feat/live 14355 TOS Thorswap (LedgerHQ#8036)
592449a 
* feat(LIVE-14355): add TOS link thorswap

* feat(LIVE-14355): changeset
@live-github-bot
chore(release): 🚀 prepare release [skip ci]
340d27d
@themooneer
Merge branch 'develop' into support/release-merge-conflicts
bae8de1
@themooneer
Merge pull request LedgerHQ#8044 from LedgerHQ/support/release-merge-…
e561af1 
…conflicts

🚨 Release merge conflicts
@LucasWerey
🥅(lld): add custom errors for send flow (LedgerHQ#8042)
3652e83
@qperrot
fix: Update Metis explorer through Firebase to support CORs
f644636
@qperrot
Merge pull request LedgerHQ#8032 from LedgerHQ/bugfix/LIVE-8014-LLM-c…
2608451 
…ustom-button

Bugfix/live 8014 llm custom button
@angusbayley
build: create new app for prerelease and direct prerelease builds and…
378deaf 
… uploads to it
@angusbayley
build: new icon set for prerelease app
ee2be70
@angusbayley
build: remove unnecessary array syntax
212b861
@angusbayley
build: use .env for app configuration
9081581
@angusbayley
fix: update that autogenerated mobile-env.md file
48fd2f5
@angusbayley
Merge pull request LedgerHQ#7986 from LedgerHQ/support/new-prerelease…
b64a0ee 
…-app-id

Push prerelease builds to new prerelease app
@qperrot
Merge pull request LedgerHQ#8016 from LedgerHQ/bugfix/LIVE-14321
20e41e0 
fix: Update Metis explorer through Firebase to support CORs
@ofreyssinet-ledger
Merge pull request LedgerHQ#7981 from LedgerHQ/feat/live-13059-new-de…
1f88e06 
…vice-languages

[LIVE-13059] feat(lld/llm): add support to new device language packs
@sarneijim
fix: fix sellNg and fundNg (LedgerHQ#8027)
9535221 
* fix: fix sellNg

* fix: extend fix to all ng types

* refactor: set SELL literal

* refactor: add swapNg
@snyk-bot
fix: apps/ledger-live-desktop/package.json to reduce vulnerabilities
7348620 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FIREBASEAUTH-8383231
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/[email protected] environment, filesystem +68 5.62 MB nicolo-ribaudo
npm/@babel/[email protected] Transitive: environment +9 2.61 MB nicolo-ribaudo
npm/@babel/[email protected] Transitive: environment +19 4.77 MB nicolo-ribaudo
npm/@babel/[email protected] None 0 262 kB nicolo-ribaudo
npm/@braze/[email protected] None 0 278 kB appboy
npm/@braze/[email protected] None 0 454 kB vismayasp
npm/@cardano-foundation/[email protected] None 0 749 kB jan.mazak
npm/@celo/[email protected] None +1 321 kB alecps
npm/@celo/[email protected] filesystem, network +2 3.17 MB alecps
npm/@celo/[email protected] None +1 700 kB alecps
npm/@celo/[email protected] None +1 252 kB alecps
npm/@celo/[email protected] None +2 287 kB alecps
npm/@changesets/[email protected] Transitive: environment, network +2 98 kB changesets-release-bot
npm/@changesets/[email protected] environment, filesystem, shell +17 1.02 MB changesets-release-bot
npm/@codemirror/[email protected] None +2 749 kB marijn
npm/@codemirror/[email protected] None +1 1.57 MB marijn
npm/@commitlint/[email protected] Transitive: environment, filesystem +16 358 kB escapedcat
npm/@commitlint/[email protected] None 0 9.61 kB escapedcat
npm/@commitlint/[email protected] Transitive: environment, filesystem +8 233 kB escapedcat
npm/@cosmjs/[email protected] None +3 162 kB webmaster128
npm/@cosmjs/[email protected] None +3 213 kB webmaster128
npm/@cosmjs/[email protected] Transitive: network +11 3.03 MB webmaster128
npm/@craftamap/[email protected] filesystem 0 26.7 kB craftamap
npm/@crypto-org-chain/[email protected] Transitive: network +22 10.5 MB calvinaco
npm/@dfinity/[email protected] network 0 1.27 MB krpeacock
npm/@dfinity/[email protected] None 0 647 kB krpeacock
npm/@dfinity/[email protected] None 0 140 kB krpeacock
npm/@electron/[email protected] filesystem, shell 0 54.3 kB electron-cfa
npm/@elrondnetwork/[email protected] None 0 179 kB andreibancioiu
npm/@elrondnetwork/[email protected] None +1 629 kB lucian.mincu
npm/@emotion/[email protected] environment 0 17.1 kB emotion-release-bot
npm/@emotion/[email protected] environment +1 75.3 kB emotion-release-bot
npm/@ethersproject/[email protected] Transitive: network +16 1.92 MB ricmoo
npm/@ethersproject/[email protected] None +2 180 kB ricmoo
npm/@ethersproject/[email protected] None 0 452 kB ricmoo
npm/@expo/[email protected] environment, eval, filesystem +11 1.96 MB evanbacon
npm/@expo/[email protected] environment, filesystem 0 445 kB bycedric
npm/@faker-js/[email protected] None 0 10.2 MB shinigami92
npm/@floating-ui/[email protected] None +2 215 kB atomiks
npm/@formatjs/[email protected] None +4 2.94 MB longlho
npm/@formatjs/[email protected] None +2 1.3 MB longlho
npm/@formatjs/[email protected] None +2 5.3 MB longlho
npm/@hashgraph/[email protected] environment, filesystem Transitive: network +4 9.91 MB danielakhterov
npm/@helium/[email protected] None 0 38.7 kB peroni-nova
npm/@helium/[email protected] None 0 2.25 MB allenan
npm/@helium/[email protected] None 0 160 kB peroni-nova
npm/@jest/[email protected] None +5 91.5 kB simenb
npm/@jest/[email protected] environment, unsafe +6 518 kB simenb
npm/[email protected] filesystem 0 325 kB simenb
npm/[email protected] filesystem, unsafe 0 120 kB evilebottnawi
npm/[email protected] environment, filesystem, shell +6 2.23 MB kettanaito

🚮 Removed packages: npm/[email protected], npm/[email protected]

View full report↗︎

@Roseymr Roseymr changed the base branch from develop to dependabot/npm_and_yarn/npm_and_yarn-02369f7b3c November 22, 2024 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Roseymr Roseymr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.