Update @grpc/proto-loader dep to address protobufjs security issue (#6442)

Author: hsubox76

.changeset/cyan-buses-float.md

@@ -0,0 +1,6 @@
+---
+'@firebase/firestore': patch
+'@firebase/rules-unit-testing': patch
+---
+
+Update `@grpc/proto-loader` and `firebase-admin` dependencies to address `protobufjs` security issue.

.github/workflows/test-all.yml

@@ -20,10 +20,10 @@ jobs:
         sudo apt-get update
         sudo apt-get install google-chrome-stable
     - uses: actions/checkout@v2
-    - name: Set up Node (14)
+    - name: Set up Node (16)
       uses: actions/setup-node@v2
       with:
-        node-version: 14.x
+        node-version: 16.x
     - name: Bump Node memory limit
       run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
     - name: Test setup and yarn install
@@ -38,6 +38,8 @@ jobs:
       run: |
         xvfb-run yarn test:ci
         node scripts/print_test_logs.js
+      env:
+        FIREBASE_TOKEN: ${{ secrets.FIREBASE_CLI_TOKEN }}
     - name: Generate coverage file
       run: yarn ci:coverage
     - name: Run coverage

.github/workflows/test-changed-misc.yml

@@ -13,10 +13,10 @@ jobs:
       with:
         # This makes Actions fetch all Git history so run-changed script can diff properly.
         fetch-depth: 0
-    - name: Set up Node (14)
+    - name: Set up Node (16)
       uses: actions/setup-node@v2
       with:
-        node-version: 14.x
+        node-version: 16.x
     - name: install Chrome stable
       run: |
         sudo apt-get update
@@ -30,4 +30,6 @@ jobs:
     - name: build
       run: yarn build:changed misc
     - name: Run tests
-      run: yarn test:changed misc
+      run: yarn test:changed misc
+      env:
+        FIREBASE_TOKEN: ${{ secrets.FIREBASE_CLI_TOKEN }}

config/functions/package.json

@@ -3,7 +3,7 @@
   "description": "Cloud Functions for Firebase",
   "dependencies": {
     "cors": "2.8.5",
-    "firebase-admin": "10.2.0",
+    "firebase-admin": "11.0.0",
     "firebase-functions": "3.21.0"
   },
   "private": true,

package.json

@@ -107,7 +107,7 @@
     "express": "4.18.1",
     "find-free-port": "2.0.0",
     "firebase-functions": "3.21.0",
-    "firebase-tools": "9.23.3",
+    "firebase-tools": "11.2.2",
     "glob": "7.2.0",
     "http-server": "14.1.0",
     "indexeddbshim": "8.0.0",

packages/auth-compat/demo/functions/package.json

@@ -9,7 +9,7 @@
     "logs": "firebase functions:log"
   },
   "dependencies": {
-    "firebase-admin": "10.2.0",
+    "firebase-admin": "11.0.0",
     "firebase-functions": "3.21.0"
   },
   "private": true

packages/auth/demo/functions/package.json

@@ -9,7 +9,7 @@
     "logs": "firebase functions:log"
   },
   "dependencies": {
-    "firebase-admin": "10.2.0",
+    "firebase-admin": "11.0.0",
     "firebase-functions": "3.21.0"
   },
   "private": true,

packages/firestore/package.json

@@ -84,7 +84,7 @@
     "@firebase/util": "1.6.3",
     "@firebase/webchannel-wrapper": "0.6.2",
     "@grpc/grpc-js": "^1.3.2",
-    "@grpc/proto-loader": "^0.6.0",
+    "@grpc/proto-loader": "^0.6.13",
     "node-fetch": "2.6.7",
     "tslib": "^2.1.0"
   },

packages/rules-unit-testing/functions/package.json

@@ -8,7 +8,10 @@
   },
   "private": true,
   "dependencies": {
-    "firebase-admin": "10.2.0",
+    "firebase-admin": "11.0.0",
     "firebase-functions": "3.21.0"
+  },
+  "engines": {
+    "node": "16"
   }
 }