mindhivefi / ts-mock-firebase Goto Github PK

Vulnerabilities

DepShield reports that this application's usage of tar:2.2.1 results in the following vulnerability(s):

• (CVSS 7.5) [CVE-2018-20834] Improper Link Resolution Before File Access ("Link Following")

Occurrences

tar:2.2.1 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ node-gyp:3.8.0
                    └─ tar:2.2.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._cacheindexof:3.0.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._cacheindexof:3.0.2 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash._cacheindexof:3.0.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Like MockDocument.onSnapshot(), MockCollection.onSnapshot() should call its callback function when being called. Right now it is only being called on later updates.

As a firestore model, I have a collection for users, these users have a relation with other collection called maps. For this, I need to have a save the ids of the maps in the user, for which I use an array.
I have a function that I am trying to test which gets a user, changes that array, updates the user and all of this works perfectly with Firebase.

simplified version:

const user = await firestore.doc('users/${uid}').get();
user.ownedMaps.push(mapId);
await firestore.doc('users/${userUid}').update(user);

But when I try to use the mock version I get the following error:
failed: TypeError: user.ownedMaps.push is not a function

because the actual object is

"ownedMaps": Object {
    "0": "1",
 }

which is essentially an array without the methods. Any idea on how to fix this?

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash.union:4.6.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.union:4.6.0 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash.union:4.6.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

CircleCI using 'master' not configured publish branch (undefined)

Unfortunately this error doesn’t have any additional information. Feel free to kindly ask the author of the condition-circle plugin to add more helpful information.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Vulnerabilities

DepShield reports that this application's usage of lodash.uniqby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniqby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.uniqby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.template:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.template:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• @commitlint/cli:7.5.2
        └─ @commitlint/read:7.5.0
              └─ git-raw-commits:1.3.6
                    └─ lodash.template:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._baseindexof:3.1.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._baseindexof:3.1.0 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash._baseindexof:3.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Hi,
Trying to use this to help test a cloud function using Jest. Can you give a primer in setting it up? My attempts are failing to get it correctly running in a unit test, where I'm going to expect a document to be set in the mock firestore.

Vulnerabilities

DepShield reports that this application's usage of lodash.map:4.6.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.map:4.6.0 is a transitive dependency introduced by the following direct dependency(s):

• commitizen:3.0.7
        └─ cz-conventional-changelog:2.1.0
              └─ lodash.map:4.6.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.sortby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.sortby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• jest:24.7.1
        └─ jest-cli:24.7.1
              └─ jest-config:24.7.1
                    └─ jest-environment-jsdom:24.7.1
                          └─ jsdom:11.12.0
                                └─ data-urls:1.1.0
                                      └─ whatwg-url:7.0.0
                                            └─ lodash.sortby:4.7.0
                                └─ whatwg-url:6.5.0
                                      └─ lodash.sortby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

First of all, thanks for taking the time to publish such a great solution to unit testing Firebase. This is a life-saver.

I'm trying to set up a collection with documents that look like the following:

I've gotten everything figured out except _gameRef and _trackRef, which point to other documents in the database.

I have the following code in my test:

      mocked.firestore().mocker.loadCollection('games', {
        gameOne: {
          color: 'red',
          friendlyId: 'gameOne',
          name: 'Game One',
          collections: {
            tracks: {
              trackOne: {
                name: 'Factory settings'
              }
            }
          }
        }
      });

      mocked.firestore().mocker.loadCollection('scores', {
        scoreOne: {
          _gameRef: 'games/gameOne',
          _trackRef: 'games/gameOne/tracks/trackOne',
          playerAlias: 'Steve Wiebe',
          finalScore: 1190400,
          platform: 'Arcade PCB',
          submittedAt: new MockTimestamp(123123123123, 0)
        }
      });

Obviously this doesn't work :-)
Is there a way to set up a document reference using the library?

When I try to test something with an reference in it (to create a reference field type), I get :

RangeError: Maximum call stack size exceeded

This is the line causing this :

const iconRef = this.db.doc(icons/${iconID}`)

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash.uniq:4.5.0

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ @octokit/rest:16.17.1
                    └─ lodash.uniq:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._createcache:3.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._createcache:3.1.2 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash._createcache:3.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

When I execute npm i -D ts-mock-firebase, the following error occurs:

code 1
npm ERR! path /home/jasterv/tests/talentbait-crud/node_modules/grpc
npm ERR! command failed
npm ERR! command sh -c node-pre-gyp install --fallback-to-build --library=static_library
npm ERR! Failed to execute '/home/jasterv/.nvm/versions/node/v16.4.0/bin/node /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --fallback-to-build --library=static_library --module=/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc --napi_version=8 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v93' (1)
npm ERR! node-pre-gyp info it worked if it ends with ok
npm ERR! node-pre-gyp info using [email protected]
npm ERR! node-pre-gyp info using [email protected] | linux | x64
npm ERR! node-pre-gyp WARN Using needle for node-pre-gyp https download 
npm ERR! node-pre-gyp info check checked for "/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node" (not found)
npm ERR! node-pre-gyp http GET https://node-precompiled-binaries.grpc.io/grpc/v1.19.0/node-v93-linux-x64-glibc.tar.gz
npm ERR! node-pre-gyp http 404 https://node-precompiled-binaries.grpc.io/grpc/v1.19.0/node-v93-linux-x64-glibc.tar.gz
npm ERR! node-pre-gyp WARN Tried to download(404): https://node-precompiled-binaries.grpc.io/grpc/v1.19.0/node-v93-linux-x64-glibc.tar.gz 
npm ERR! node-pre-gyp WARN Pre-built binaries not found for [email protected] and [email protected] (node-v93 ABI, glibc) (falling back to source compile with node-gyp) 
npm ERR! node-pre-gyp http 404 status code downloading tarball https://node-precompiled-binaries.grpc.io/grpc/v1.19.0/node-v93-linux-x64-glibc.tar.gz 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info ok 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info find Python using Python version 3.8.5 found at "/usr/bin/python3"
npm ERR! (node:4852) [DEP0150] DeprecationWarning: Setting process.config is deprecated. In the future the property will be read-only.
npm ERR! (Use `node --trace-deprecation ...` to show where the warning was created)
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/jasterv/tests/talentbait-crud/node_modules/grpc/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/jasterv/.cache/node-gyp/16.4.0/include/node/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/home/jasterv/.cache/node-gyp/16.4.0',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/home/jasterv/.cache/node-gyp/16.4.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/home/jasterv/tests/talentbait-crud/node_modules/grpc',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp info ok 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp ERR! build error 
npm ERR! gyp ERR! stack Error: not found: make
npm ERR! gyp ERR! stack     at getNotFoundError (/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/which/which.js:10:17)
npm ERR! gyp ERR! stack     at /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/which/which.js:57:18
npm ERR! gyp ERR! stack     at new Promise (<anonymous>)
npm ERR! gyp ERR! stack     at step (/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/which/which.js:54:21)
npm ERR! gyp ERR! stack     at /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/which/which.js:71:22
npm ERR! gyp ERR! stack     at new Promise (<anonymous>)
npm ERR! gyp ERR! stack     at subStep (/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/which/which.js:69:33)
npm ERR! gyp ERR! stack     at /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/which/which.js:80:22
npm ERR! gyp ERR! stack     at /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/isexe/index.js:42:5
npm ERR! gyp ERR! stack     at /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/isexe/mode.js:8:5
npm ERR! gyp ERR! System Linux 5.4.72-microsoft-standard-WSL2
npm ERR! gyp ERR! command "/home/jasterv/.nvm/versions/node/v16.4.0/bin/node" "/home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build" "--fallback-to-build" "--library=static_library" "--module=/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node" "--module_name=grpc_node" "--module_path=/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc" "--napi_version=8" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v93"
npm ERR! gyp ERR! cwd /home/jasterv/tests/talentbait-crud/node_modules/grpc
npm ERR! gyp ERR! node -v v16.4.0
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok 
npm ERR! node-pre-gyp ERR! build error 
npm ERR! node-pre-gyp ERR! stack Error: Failed to execute '/home/jasterv/.nvm/versions/node/v16.4.0/bin/node /home/jasterv/.nvm/versions/node/v16.4.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --fallback-to-build --library=static_library --module=/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/home/jasterv/tests/talentbait-crud/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc --napi_version=8 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v93' (1)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/home/jasterv/tests/talentbait-crud/node_modules/grpc/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.emit (node:events:394:28)
npm ERR! node-pre-gyp ERR! stack     at maybeClose (node:internal/child_process:1067:16)
npm ERR! node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
npm ERR! node-pre-gyp ERR! System Linux 5.4.72-microsoft-standard-WSL2
npm ERR! node-pre-gyp ERR! command "/home/jasterv/.nvm/versions/node/v16.4.0/bin/node" "/home/jasterv/tests/talentbait-crud/node_modules/grpc/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build" "--library=static_library"
npm ERR! node-pre-gyp ERR! cwd /home/jasterv/tests/talentbait-crud/node_modules/grpc
npm ERR! node-pre-gyp ERR! node -v v16.4.0
npm ERR! node-pre-gyp ERR! node-pre-gyp -v v0.12.0
npm ERR! node-pre-gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/jasterv/.npm/_logs/2021-07-25T13_43_04_926Z-debug.log

Vulnerabilities

DepShield reports that this application's usage of lodash.camelcase:4.3.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.camelcase:4.3.0 is a transitive dependency introduced by the following direct dependency(s):

• @firebase/firestore:1.1.3
        └─ grpc:1.19.0
              └─ lodash.camelcase:4.3.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• @firebase/firestore:1.2.0
        └─ grpc:1.19.0
              └─ node-pre-gyp:0.12.0
                    └─ needle:2.2.4
                          └─ debug:2.6.9

• @semantic-release/git:7.0.8
        └─ micromatch:3.1.10
              └─ extglob:2.0.4
                    └─ expand-brackets:2.1.4
                          └─ debug:2.6.9
              └─ snapdragon:0.8.2
                    └─ debug:2.6.9

• jest:24.7.1
        └─ jest-cli:24.7.1
              └─ @jest/core:24.7.1
                    └─ jest-haste-map:24.7.1
                          └─ fsevents:1.2.7
                                └─ node-pre-gyp:0.10.3
                                      └─ needle:2.2.4
                                            └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The dependency @firebase/app-types was updated from 0.3.9 to 0.3.10.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@firebase/app-types is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

The code I'm testing is like this:

const app = admin.initializeApp();
const mockAdminApp = exposeMockFirebaseAdminApp(app);
const mockFirestore = mockAdminApp.firestore();
mockFirestore.runTransaction(async (transaction) => {
    const query = collection.where("uploaded_at", ">", 0);
    return await transaction.get(query)
});

The problem here is transaction.get().

In Firebase Node.Js SDK, Transaction.get could only accept DocumentReference which means you could only fetch one doc at a time:
https://firebase.google.com/docs/reference/node/firebase.firestore.Transaction#get

However, in FirebaseAdmin Transaction is a type alias to @google-cloud/firestore:
https://firebase.google.com/docs/reference/admin/node/admin.firestore
Where Transaction.get accepts DocumentReference or Query:
https://googleapis.dev/nodejs/firestore/latest/Transaction.html#get
This means I could query multiple documents in one shot.

But in ts-mock-firebase, it seems like firebase and firebase-admin are treated no differently.
And my code doesn't return documents that match the condition.

Is it a known issue? Any plan for a fix? If not, any advise for a workaround?
Thanks!

Vulnerabilities

DepShield reports that this application's usage of lodash.toarray:4.4.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.toarray:4.4.0 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ marked-terminal:3.2.0
              └─ node-emoji:1.10.0
                    └─ lodash.toarray:4.4.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.set:4.3.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.set:4.3.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ @octokit/rest:16.17.1
                    └─ lodash.set:4.3.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isstring:4.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.isstring:4.0.1 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.isstring:4.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• husky:1.3.1
        └─ cosmiconfig:5.1.0
              └─ lodash.get:4.4.2

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ @octokit/rest:16.17.1
                    └─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The dependency @firebase/util was updated from 0.2.13 to 0.2.14.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@firebase/util is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Vulnerabilities

DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash.clonedeep:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash._getnative:3.9.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._getnative:3.9.1 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash._createcache:3.1.2
                    └─ lodash._getnative:3.9.1
              └─ lodash._getnative:3.9.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Hi, trying to integrate this into my unit testing, but I'm having some difficulty mocking firebase.auth() . I want to test that firebase.auth().verifyIdToken() is being called correctly. Is this possible with this library?

is this lib still maintened ?

The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash.templatesettings:4.1.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.templatesettings:4.1.0 is a transitive dependency introduced by the following direct dependency(s):

• @commitlint/cli:7.5.2
        └─ @commitlint/read:7.5.0
              └─ git-raw-commits:1.3.6
                    └─ lodash.template:4.4.0
                          └─ lodash.templatesettings:4.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._root:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._root:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash._baseuniq:4.6.0
                    └─ lodash._root:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Hello,

Is there a way to support withConverter ?

https://firebase.google.com/docs/reference/js/firebase.firestore.FirestoreDataConverter

Vulnerabilities

DepShield reports that this application's usage of lodash.escaperegexp:4.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.escaperegexp:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.escaperegexp:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.restparam:3.6.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.restparam:3.6.1 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash.restparam:3.6.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of lodash._reinterpolate:3.0.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._reinterpolate:3.0.0 is a transitive dependency introduced by the following direct dependency(s):

• @commitlint/cli:7.5.2
        └─ @commitlint/read:7.5.0
              └─ git-raw-commits:1.3.6
                    └─ lodash.template:4.4.0
                          └─ lodash._reinterpolate:3.0.0
                          └─ lodash.templatesettings:4.1.0
                                └─ lodash._reinterpolate:3.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Document:
'my_document' : { id: 'xyz', integrations: {id: '1', type: 'some_type'} }

Query:
db.collection('my_document').where('integrations.id', '==', '1') .where('integrations.type', '==', 'some_type')

There is no result for this query.
Normally firestore resolves dot to nested objects.
As a workaround for testing purposes I have to add integrations.id field to the document.

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

• @commitlint/cli:7.5.2
        └─ @commitlint/lint:7.5.2
              └─ @commitlint/parse:7.5.0
                    └─ conventional-changelog-angular:1.6.6
                          └─ q:1.5.1

• semantic-release:15.13.12
        └─ @semantic-release/commit-analyzer:6.1.0
              └─ conventional-changelog-angular:5.0.3
                    └─ q:1.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isplainobject:4.0.6 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.isplainobject:4.0.6 is a transitive dependency introduced by the following direct dependency(s):

• semantic-release:15.13.3
        └─ @semantic-release/github:5.2.10
              └─ issue-parser:3.0.1
                    └─ lodash.isplainobject:4.0.6

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._bindcallback:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._bindcallback:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• @semantic-release/npm:5.1.4
        └─ npm:6.5.0
              └─ lodash._bindcallback:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Depshield will be deprecated on Monday December 12th

Please install our new product, Sonatype Lift with advanced features

Vulnerabilities

DepShield reports that this application's usage of lodash.clone:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.clone:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• @firebase/firestore:1.1.3
        └─ grpc:1.19.0
              └─ lodash.clone:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}