Known vulnerability in undici subdependency

[m-wagner98]

Operating System

n/a

Browser Version

n/a

Firebase SDK Version

10.8.0

Firebase SDK Product:

Auth, Firestore, Functions, Storage

Describe your project's tooling

Angular app, built with ionic.

Describe the problem

The CI/CD pipeline fails because SonarQube detected a known vulnerability in the undici subdependency:
GHSA-3787-6prv-h9w3

Steps and code to reproduce issue

Perform a SonarQube scan with the owasp dependency check plugin on a package.json where the "firebase": "^10.8.0" entry is present.

[jbalidiong]

Hi @m-wagner98, thanks for bringing this to our attention. Let me communicate this with our engineers to update the dependency to the patched version. I’ll update this thread if I have any information to share.

[Krisell]

In case it helps, the Steps to reproduce is just npm i firebase
And to see more details, followed by npm audit