fix(deps): update dependency firebase to v10 [security]#848

Merged

coodos merged 1 commit into

mainfrom

renovate/npm-firebase-vulnerability

Feb 23, 2026

ham-renovate commented Feb 23, 2026

Collaborator

This PR contains the following updates:

Package	Change	Age	Confidence
firebase (source, changelog)	`^9.9.4` → `^10.0.0`

GitHub Vulnerability Alerts

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0.

Release Notes

firebase/firebase-js-sdk (firebase)

`v10.9.0`

`v10.8.1`

`v10.8.0`

`v10.7.2`

`v10.7.1`

`v10.7.0`

`v10.6.0`

`v10.5.2`

`v10.5.1`

`v10.5.0`

`v10.4.0`

`v10.3.1`

`v10.3.0`

`v10.2.0`

`v10.1.0`

`v10.0.0`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.


          fix(deps): update dependency firebase to v10 [security]

ef03d4c

ham-renovate requested a review from coodos as a code owner

February 23, 2026 11:10

ham-renovate added the security label

coderabbitai Bot commented Feb 23, 2026

Contributor

Warning

Rate limit exceeded

@ham-renovate has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 29 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between b672b59 and ef03d4c.

⛔ Files ignored due to path filters (1)

pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

platforms/blabsy/client/package.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch renovate/npm-firebase-vulnerability

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coodos approved these changes

View reviewed changes

coodos merged commit 9ca088b into main

4 checks passed

coodos deleted the renovate/npm-firebase-vulnerability branch

February 23, 2026 11:13

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels