Last 12 weeks ยท 7 commits
4 of 6 standards met
Pins the default to on 1 workflows in that don't call a GitHub API beyond the initial checkout. Left implicit because they reference / use a write-scope action / trigger on . Best declared by a maintainer: , . Why CVE-2025-30066 (March 2025 supply-chain compromise) exfiltrated from workflow logs. Pinning per workflow caps runtime authority irrespective of the repo or org default, gives drift protection if the default ever widens, and is credited per-file by the OpenSSF Scorecard check. YAML validated locally with on each touched file. Summary by CodeRabbit Chores** Tightened automated workflow security by restricting CI token permissions to read-only for repository contents, reducing exposure of write-level access.
Reproduction https://github.com/posva/nuxt--vuefire-example-spark-plan Steps to reproduce the bug 1. trigger signInWithRedirect(provider) from firebase auth. 2. redirect to the oauth provider (e.g., twitter). 3. sign in successfully. 4. user is redirected back but not logged in. 5. no persistent auth state or missing result from getRedirectResult(). https://github.com/user-attachments/assets/dceb478f-5405-4851-8e5b-b827527b597f Expected behavior after returning from the oauth provider, calling getRedirectResult() should yield the current user state and the auth state should persist across reloads. Actual behavior the app reloads and useCurrentUser() returns null getRedirectResult() doesn't resolve the user persistence appears broken, even when set to local Additional information signInWithPopup() works fine
Summary by CodeRabbit Chores Updated Firebase Functions dependency to v7.0.0 Expanded Firebase Functions version compatibility in Nuxt package to include v7.0.0 Updated CI workflow to use Java 21 Tests Refactored Firestore collection tests for improved test isolation โ๏ธ Tip: You can customize this high-level summary in your review settings.
Reproduction Steps to reproduce the bug 1. Create a new Nuxt project (or use an existing one). 2. Install Firebase Functions v7: 3. Install VueFire for Nuxt: 4. Observe the dependency resolution error. Expected behavior should install successfully and support the latest Firebase Functions release () without requiring or . Actual behavior Installation fails due to a peer dependency conflict: npm ERR! ERESOLVE could not resolve npm ERR! While resolving: nuxt-vuefire@1.1.0 npm ERR! Found: firebase-functions@7.0.0 npm ERR! node_modules/firebase-functions npm ERR! firebase-functions@"^7.0.0" from the root project npm ERR! Could not resolve dependency: npm ERR! peerOptional firebase-functions@"^4.1.0 ^6.1.2" from nuxt-vuefire@1.1.0 npm ERR! Conflicting peer dependency: firebase-functions@6.6.0 npm ERR! peerOptional firebase-functions@"^4.1.0 ^6.1.2" from nuxt-vuefire@1.1.0 Additional information Recent Firebase Functions release:\ https://github.com/firebase/firebase-functions/releases/tag/v7.0.0 currently lists only: ^4.1.0 ^6.1.2 Suggested peer dependency update: ^4.1.0 ^7.0.0
Reproduction Add auth to your project and it will fail. Steps to reproduce the bug 1. Add auth to your project 2. deploy your app to app hosting. 3. Nuxt build error: Error: [vite]: Rollup failed to resolve import "@firebase/auth" from "/workspace/node_modules/firebase/auth/dist/esm/index.esm.js". 4. Deploy failed. Expected behavior Succesfully deploys app. Actual behavior Deploy fails. Additional information When I run npm run build locally on my computer. It runs without a problem. _No response_
Repository: vuejs/vuefire. Description: ๐ฅ Firebase bindings for Vue.js Stars: 3908, Forks: 339. Primary language: TypeScript. Languages: TypeScript (86.7%), Vue (9.7%), JavaScript (2%), CSS (0.8%), EJS (0.6%). License: MIT. Homepage: https://vuefire.vuejs.org Topics: database, firebase, firestore, nuxt, pinia, realtime, vue, vuex. Latest release: nuxt-vuefire@1.1.2 (2mo ago). Open PRs: 19, open issues: 26. Last activity: 2mo ago. Community health: 62%. Top contributors: posva, dependabot-preview[bot], greenkeeper[bot], trickstival, davidstackio, danielroe, luc122c, sweethuman, i5dr0id, dependabot[bot] and others.