firebase-admin 10.2.0 → 11.0.1

package/README.md

@@ -59,7 +59,7 @@ requests, code review feedback, and also pull requests.
 
 ## Supported Environments
 
-We support Node.js 12 and higher.
+We support Node.js 14 and higher.
 
 Please also note that the Admin SDK should only
 be used in server-side/back-end environments controlled by the app developer.

package/lib/app/core.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/core.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * @license

package/lib/app/credential-factory.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/credential-factory.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * @license
@@ -18,10 +18,10 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.clearGlobalAppDefaultCred = exports.refreshToken = exports.cert = exports.applicationDefault = void 0;
-var credential_internal_1 = require("./credential-internal");
-var globalAppDefaultCred;
-var globalCertCreds = {};
-var globalRefreshTokenCreds = {};
+const credential_internal_1 = require("./credential-internal");
+let globalAppDefaultCred;
+const globalCertCreds = {};
+const globalRefreshTokenCreds = {};
 /**
  * Returns a credential created from the
  * {@link https://developers.google.com/identity/protocols/application-default-credentials |
@@ -52,7 +52,7 @@ var globalRefreshTokenCreds = {};
  */
 function applicationDefault(httpAgent) {
     if (typeof globalAppDefaultCred === 'undefined') {
-        globalAppDefaultCred = credential_internal_1.getApplicationDefault(httpAgent);
+        globalAppDefaultCred = (0, credential_internal_1.getApplicationDefault)(httpAgent);
     }
     return globalAppDefaultCred;
 }
@@ -98,7 +98,7 @@ exports.applicationDefault = applicationDefault;
  *   provided service account that can be used to initialize an app.
  */
 function cert(serviceAccountPathOrObject, httpAgent) {
-    var stringifiedServiceAccount = JSON.stringify(serviceAccountPathOrObject);
+    const stringifiedServiceAccount = JSON.stringify(serviceAccountPathOrObject);
     if (!(stringifiedServiceAccount in globalCertCreds)) {
         globalCertCreds[stringifiedServiceAccount] = new credential_internal_1.ServiceAccountCredential(serviceAccountPathOrObject, httpAgent);
     }
@@ -134,7 +134,7 @@ exports.cert = cert;
  *   provided service account that can be used to initialize an app.
  */
 function refreshToken(refreshTokenPathOrObject, httpAgent) {
-    var stringifiedRefreshToken = JSON.stringify(refreshTokenPathOrObject);
+    const stringifiedRefreshToken = JSON.stringify(refreshTokenPathOrObject);
     if (!(stringifiedRefreshToken in globalRefreshTokenCreds)) {
         globalRefreshTokenCreds[stringifiedRefreshToken] = new credential_internal_1.RefreshTokenCredential(refreshTokenPathOrObject, httpAgent);
     }

package/lib/app/credential-internal.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * @license
  * Copyright 2020 Google Inc.
@@ -54,6 +54,12 @@ export declare class ComputeEngineCredential implements Credential {
     private accountId?;
     constructor(httpAgent?: Agent);
     getAccessToken(): Promise<GoogleOAuthAccessToken>;
+    /**
+     * getIDToken returns a OIDC token from the compute metadata service
+     * that can be used to make authenticated calls to audience
+     * @param audience the URL the returned ID token will be used to call.
+    */
+    getIDToken(audience: string): Promise<string>;
     getProjectId(): Promise<string>;
     getServiceAccountEmail(): Promise<string>;
     private buildRequest;

package/lib/app/credential-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * @license
@@ -18,39 +18,40 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getApplicationDefault = exports.isApplicationDefault = exports.RefreshTokenCredential = exports.ComputeEngineCredential = exports.ServiceAccountCredential = void 0;
-var fs = require("fs");
-var os = require("os");
-var path = require("path");
-var error_1 = require("../utils/error");
-var api_request_1 = require("../utils/api-request");
-var util = require("../utils/validator");
-var GOOGLE_TOKEN_AUDIENCE = 'https://accounts.google.com/o/oauth2/token';
-var GOOGLE_AUTH_TOKEN_HOST = 'accounts.google.com';
-var GOOGLE_AUTH_TOKEN_PATH = '/o/oauth2/token';
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+const error_1 = require("../utils/error");
+const api_request_1 = require("../utils/api-request");
+const util = require("../utils/validator");
+const GOOGLE_TOKEN_AUDIENCE = 'https://accounts.google.com/o/oauth2/token';
+const GOOGLE_AUTH_TOKEN_HOST = 'accounts.google.com';
+const GOOGLE_AUTH_TOKEN_PATH = '/o/oauth2/token';
 // NOTE: the Google Metadata Service uses HTTP over a vlan
-var GOOGLE_METADATA_SERVICE_HOST = 'metadata.google.internal';
-var GOOGLE_METADATA_SERVICE_TOKEN_PATH = '/computeMetadata/v1/instance/service-accounts/default/token';
-var GOOGLE_METADATA_SERVICE_PROJECT_ID_PATH = '/computeMetadata/v1/project/project-id';
-var GOOGLE_METADATA_SERVICE_ACCOUNT_ID_PATH = '/computeMetadata/v1/instance/service-accounts/default/email';
-var configDir = (function () {
+const GOOGLE_METADATA_SERVICE_HOST = 'metadata.google.internal';
+const GOOGLE_METADATA_SERVICE_TOKEN_PATH = '/computeMetadata/v1/instance/service-accounts/default/token';
+const GOOGLE_METADATA_SERVICE_IDENTITY_PATH = '/computeMetadata/v1/instance/service-accounts/default/identity';
+const GOOGLE_METADATA_SERVICE_PROJECT_ID_PATH = '/computeMetadata/v1/project/project-id';
+const GOOGLE_METADATA_SERVICE_ACCOUNT_ID_PATH = '/computeMetadata/v1/instance/service-accounts/default/email';
+const configDir = (() => {
     // Windows has a dedicated low-rights location for apps at ~/Application Data
-    var sys = os.platform();
+    const sys = os.platform();
     if (sys && sys.length >= 3 && sys.substring(0, 3).toLowerCase() === 'win') {
         return process.env.APPDATA;
     }
     // On *nix the gcloud cli creates a . dir.
     return process.env.HOME && path.resolve(process.env.HOME, '.config');
 })();
-var GCLOUD_CREDENTIAL_SUFFIX = 'gcloud/application_default_credentials.json';
-var GCLOUD_CREDENTIAL_PATH = configDir && path.resolve(configDir, GCLOUD_CREDENTIAL_SUFFIX);
-var REFRESH_TOKEN_HOST = 'www.googleapis.com';
-var REFRESH_TOKEN_PATH = '/oauth2/v4/token';
-var ONE_HOUR_IN_SECONDS = 60 * 60;
-var JWT_ALGORITHM = 'RS256';
+const GCLOUD_CREDENTIAL_SUFFIX = 'gcloud/application_default_credentials.json';
+const GCLOUD_CREDENTIAL_PATH = configDir && path.resolve(configDir, GCLOUD_CREDENTIAL_SUFFIX);
+const REFRESH_TOKEN_HOST = 'www.googleapis.com';
+const REFRESH_TOKEN_PATH = '/oauth2/v4/token';
+const ONE_HOUR_IN_SECONDS = 60 * 60;
+const JWT_ALGORITHM = 'RS256';
 /**
  * Implementation of Credential that uses a service account.
  */
-var ServiceAccountCredential = /** @class */ (function () {
+class ServiceAccountCredential {
     /**
      * Creates a new ServiceAccountCredential from the given parameters.
      *
@@ -61,11 +62,10 @@ var ServiceAccountCredential = /** @class */ (function () {
      *
      * @constructor
      */
-    function ServiceAccountCredential(serviceAccountPathOrObject, httpAgent, implicit) {
-        if (implicit === void 0) { implicit = false; }
+    constructor(serviceAccountPathOrObject, httpAgent, implicit = false) {
         this.httpAgent = httpAgent;
         this.implicit = implicit;
-        var serviceAccount = (typeof serviceAccountPathOrObject === 'string') ?
+        const serviceAccount = (typeof serviceAccountPathOrObject === 'string') ?
             ServiceAccount.fromPath(serviceAccountPathOrObject)
             : new ServiceAccount(serviceAccountPathOrObject);
         this.projectId = serviceAccount.projectId;
@@ -73,13 +73,13 @@ var ServiceAccountCredential = /** @class */ (function () {
         this.clientEmail = serviceAccount.clientEmail;
         this.httpClient = new api_request_1.HttpClient();
     }
-    ServiceAccountCredential.prototype.getAccessToken = function () {
-        var token = this.createAuthJwt_();
-        var postData = 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3A' +
+    getAccessToken() {
+        const token = this.createAuthJwt_();
+        const postData = 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3A' +
             'grant-type%3Ajwt-bearer&assertion=' + token;
-        var request = {
+        const request = {
             method: 'POST',
-            url: "https://" + GOOGLE_AUTH_TOKEN_HOST + GOOGLE_AUTH_TOKEN_PATH,
+            url: `https://${GOOGLE_AUTH_TOKEN_HOST}${GOOGLE_AUTH_TOKEN_PATH}`,
             headers: {
                 'Content-Type': 'application/x-www-form-urlencoded',
             },
@@ -87,10 +87,10 @@ var ServiceAccountCredential = /** @class */ (function () {
             httpAgent: this.httpAgent,
         };
         return requestAccessToken(this.httpClient, request);
-    };
+    }
     // eslint-disable-next-line @typescript-eslint/naming-convention
-    ServiceAccountCredential.prototype.createAuthJwt_ = function () {
-        var claims = {
+    createAuthJwt_() {
+        const claims = {
             scope: [
                 'https://www.googleapis.com/auth/cloud-platform',
                 'https://www.googleapis.com/auth/firebase.database',
@@ -100,7 +100,7 @@ var ServiceAccountCredential = /** @class */ (function () {
             ].join(' '),
         };
         // eslint-disable-next-line @typescript-eslint/no-var-requires
-        var jwt = require('jsonwebtoken');
+        const jwt = require('jsonwebtoken');
         // This method is actually synchronous so we can capture and return the buffer.
         return jwt.sign(claims, this.privateKey, {
             audience: GOOGLE_TOKEN_AUDIENCE,
@@ -108,22 +108,21 @@ var ServiceAccountCredential = /** @class */ (function () {
             issuer: this.clientEmail,
             algorithm: JWT_ALGORITHM,
         });
-    };
-    return ServiceAccountCredential;
-}());
+    }
+}
 exports.ServiceAccountCredential = ServiceAccountCredential;
 /**
  * A struct containing the properties necessary to use service account JSON credentials.
  */
-var ServiceAccount = /** @class */ (function () {
-    function ServiceAccount(json) {
+class ServiceAccount {
+    constructor(json) {
         if (!util.isNonNullObject(json)) {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Service account must be an object.');
         }
         copyAttr(this, json, 'projectId', 'project_id');
         copyAttr(this, json, 'privateKey', 'private_key');
         copyAttr(this, json, 'clientEmail', 'client_email');
-        var errorMessage;
+        let errorMessage;
         if (!util.isNonEmptyString(this.projectId)) {
             errorMessage = 'Service account object must contain a string "project_id" property.';
         }
@@ -137,7 +136,7 @@ var ServiceAccount = /** @class */ (function () {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
         }
         // eslint-disable-next-line @typescript-eslint/no-var-requires
-        var forge = require('node-forge');
+        const forge = require('node-forge');
         try {
             forge.pki.privateKeyFromPem(this.privateKey);
         }
@@ -145,7 +144,7 @@ var ServiceAccount = /** @class */ (function () {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse private key: ' + error);
         }
     }
-    ServiceAccount.fromPath = function (filePath) {
+    static fromPath(filePath) {
         try {
             return new ServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
         }
@@ -153,72 +152,77 @@ var ServiceAccount = /** @class */ (function () {
             // Throw a nicely formed error message if the file contents cannot be parsed
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse service account json file: ' + error);
         }
-    };
-    return ServiceAccount;
-}());
+    }
+}
 /**
  * Implementation of Credential that gets access tokens from the metadata service available
  * in the Google Cloud Platform. This authenticates the process as the default service account
  * of an App Engine instance or Google Compute Engine machine.
  */
-var ComputeEngineCredential = /** @class */ (function () {
-    function ComputeEngineCredential(httpAgent) {
+class ComputeEngineCredential {
+    constructor(httpAgent) {
         this.httpClient = new api_request_1.HttpClient();
         this.httpAgent = httpAgent;
     }
-    ComputeEngineCredential.prototype.getAccessToken = function () {
-        var request = this.buildRequest(GOOGLE_METADATA_SERVICE_TOKEN_PATH);
+    getAccessToken() {
+        const request = this.buildRequest(GOOGLE_METADATA_SERVICE_TOKEN_PATH);
         return requestAccessToken(this.httpClient, request);
-    };
-    ComputeEngineCredential.prototype.getProjectId = function () {
-        var _this = this;
+    }
+    /**
+     * getIDToken returns a OIDC token from the compute metadata service
+     * that can be used to make authenticated calls to audience
+     * @param audience the URL the returned ID token will be used to call.
+    */
+    getIDToken(audience) {
+        const request = this.buildRequest(`${GOOGLE_METADATA_SERVICE_IDENTITY_PATH}?audience=${audience}`);
+        return requestIDToken(this.httpClient, request);
+    }
+    getProjectId() {
         if (this.projectId) {
             return Promise.resolve(this.projectId);
         }
-        var request = this.buildRequest(GOOGLE_METADATA_SERVICE_PROJECT_ID_PATH);
+        const request = this.buildRequest(GOOGLE_METADATA_SERVICE_PROJECT_ID_PATH);
         return this.httpClient.send(request)
-            .then(function (resp) {
-            _this.projectId = resp.text;
-            return _this.projectId;
+            .then((resp) => {
+            this.projectId = resp.text;
+            return this.projectId;
         })
-            .catch(function (err) {
-            var detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
-            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, "Failed to determine project ID: " + detail);
+            .catch((err) => {
+            const detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, `Failed to determine project ID: ${detail}`);
         });
-    };
-    ComputeEngineCredential.prototype.getServiceAccountEmail = function () {
-        var _this = this;
+    }
+    getServiceAccountEmail() {
         if (this.accountId) {
             return Promise.resolve(this.accountId);
         }
-        var request = this.buildRequest(GOOGLE_METADATA_SERVICE_ACCOUNT_ID_PATH);
+        const request = this.buildRequest(GOOGLE_METADATA_SERVICE_ACCOUNT_ID_PATH);
         return this.httpClient.send(request)
-            .then(function (resp) {
-            _this.accountId = resp.text;
-            return _this.accountId;
+            .then((resp) => {
+            this.accountId = resp.text;
+            return this.accountId;
         })
-            .catch(function (err) {
-            var detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
-            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, "Failed to determine service account email: " + detail);
+            .catch((err) => {
+            const detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, `Failed to determine service account email: ${detail}`);
         });
-    };
-    ComputeEngineCredential.prototype.buildRequest = function (urlPath) {
+    }
+    buildRequest(urlPath) {
         return {
             method: 'GET',
-            url: "http://" + GOOGLE_METADATA_SERVICE_HOST + urlPath,
+            url: `http://${GOOGLE_METADATA_SERVICE_HOST}${urlPath}`,
             headers: {
                 'Metadata-Flavor': 'Google',
             },
             httpAgent: this.httpAgent,
         };
-    };
-    return ComputeEngineCredential;
-}());
+    }
+}
 exports.ComputeEngineCredential = ComputeEngineCredential;
 /**
  * Implementation of Credential that gets access tokens from refresh tokens.
  */
-var RefreshTokenCredential = /** @class */ (function () {
+class RefreshTokenCredential {
     /**
      * Creates a new RefreshTokenCredential from the given parameters.
      *
@@ -230,8 +234,7 @@ var RefreshTokenCredential = /** @class */ (function () {
      *
      * @constructor
      */
-    function RefreshTokenCredential(refreshTokenPathOrObject, httpAgent, implicit) {
-        if (implicit === void 0) { implicit = false; }
+    constructor(refreshTokenPathOrObject, httpAgent, implicit = false) {
         this.httpAgent = httpAgent;
         this.implicit = implicit;
         this.refreshToken = (typeof refreshTokenPathOrObject === 'string') ?
@@ -239,14 +242,14 @@ var RefreshTokenCredential = /** @class */ (function () {
             : new RefreshToken(refreshTokenPathOrObject);
         this.httpClient = new api_request_1.HttpClient();
     }
-    RefreshTokenCredential.prototype.getAccessToken = function () {
-        var postData = 'client_id=' + this.refreshToken.clientId + '&' +
+    getAccessToken() {
+        const postData = 'client_id=' + this.refreshToken.clientId + '&' +
             'client_secret=' + this.refreshToken.clientSecret + '&' +
             'refresh_token=' + this.refreshToken.refreshToken + '&' +
             'grant_type=refresh_token';
-        var request = {
+        const request = {
             method: 'POST',
-            url: "https://" + REFRESH_TOKEN_HOST + REFRESH_TOKEN_PATH,
+            url: `https://${REFRESH_TOKEN_HOST}${REFRESH_TOKEN_PATH}`,
             headers: {
                 'Content-Type': 'application/x-www-form-urlencoded',
             },
@@ -254,17 +257,16 @@ var RefreshTokenCredential = /** @class */ (function () {
             httpAgent: this.httpAgent,
         };
         return requestAccessToken(this.httpClient, request);
-    };
-    return RefreshTokenCredential;
-}());
+    }
+}
 exports.RefreshTokenCredential = RefreshTokenCredential;
-var RefreshToken = /** @class */ (function () {
-    function RefreshToken(json) {
+class RefreshToken {
+    constructor(json) {
         copyAttr(this, json, 'clientId', 'client_id');
         copyAttr(this, json, 'clientSecret', 'client_secret');
         copyAttr(this, json, 'refreshToken', 'refresh_token');
         copyAttr(this, json, 'type', 'type');
-        var errorMessage;
+        let errorMessage;
         if (!util.isNonEmptyString(this.clientId)) {
             errorMessage = 'Refresh token must contain a "client_id" property.';
         }
@@ -285,7 +287,7 @@ var RefreshToken = /** @class */ (function () {
      * Tries to load a RefreshToken from a path. Throws if the path doesn't exist or the
      * data at the path is invalid.
      */
-    RefreshToken.fromPath = function (filePath) {
+    static fromPath(filePath) {
         try {
             return new RefreshToken(JSON.parse(fs.readFileSync(filePath, 'utf8')));
         }
@@ -293,9 +295,8 @@ var RefreshToken = /** @class */ (function () {
             // Throw a nicely formed error message if the file contents cannot be parsed
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse refresh token file: ' + error);
         }
-    };
-    return RefreshToken;
-}());
+    }
+}
 /**
  * Checks if the given credential was loaded via the application default credentials mechanism. This
  * includes all ComputeEngineCredential instances, and the ServiceAccountCredential and RefreshTokenCredential
@@ -316,7 +317,7 @@ function getApplicationDefault(httpAgent) {
     }
     // It is OK to not have this file. If it is present, it must be valid.
     if (GCLOUD_CREDENTIAL_PATH) {
-        var refreshToken = readCredentialFile(GCLOUD_CREDENTIAL_PATH, true);
+        const refreshToken = readCredentialFile(GCLOUD_CREDENTIAL_PATH, true);
         if (refreshToken) {
             return new RefreshTokenCredential(refreshToken, httpAgent, true);
         }
@@ -336,7 +337,7 @@ exports.getApplicationDefault = getApplicationDefault;
  * @param alt - Alternative name of the property to copy.
  */
 function copyAttr(to, from, key, alt) {
-    var tmp = from[key] || from[alt];
+    const tmp = from[key] || from[alt];
     if (typeof tmp !== 'undefined') {
         to[key] = tmp;
     }
@@ -345,13 +346,26 @@ function copyAttr(to, from, key, alt) {
  * Obtain a new OAuth2 token by making a remote service call.
  */
 function requestAccessToken(client, request) {
-    return client.send(request).then(function (resp) {
-        var json = resp.data;
+    return client.send(request).then((resp) => {
+        const json = resp.data;
         if (!json.access_token || !json.expires_in) {
-            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, "Unexpected response while fetching access token: " + JSON.stringify(json));
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, `Unexpected response while fetching access token: ${JSON.stringify(json)}`);
         }
         return json;
-    }).catch(function (err) {
+    }).catch((err) => {
+        throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, getErrorMessage(err));
+    });
+}
+/**
+ * Obtain a new OIDC token by making a remote service call.
+ */
+function requestIDToken(client, request) {
+    return client.send(request).then((resp) => {
+        if (!resp.text) {
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Unexpected response while fetching id token: response.text is undefined');
+        }
+        return resp.text;
+    }).catch((err) => {
         throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, getErrorMessage(err));
     });
 }
@@ -359,8 +373,8 @@ function requestAccessToken(client, request) {
  * Constructs a human-readable error message from the given Error.
  */
 function getErrorMessage(err) {
-    var detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
-    return "Error fetching access token: " + detail;
+    const detail = (err instanceof api_request_1.HttpError) ? getDetailFromResponse(err.response) : err.message;
+    return `Error fetching access token: ${detail}`;
 }
 /**
  * Extracts details from the given HTTP error response, and returns a human-readable description. If
@@ -369,8 +383,8 @@ function getErrorMessage(err) {
  */
 function getDetailFromResponse(response) {
     if (response.isJson() && response.data.error) {
-        var json = response.data;
-        var detail = json.error;
+        const json = response.data;
+        let detail = json.error;
         if (json.error_description) {
             detail += ' (' + json.error_description + ')';
         }
@@ -379,7 +393,7 @@ function getDetailFromResponse(response) {
     return response.text || 'Missing error payload';
 }
 function credentialFromFile(filePath, httpAgent) {
-    var credentialsFile = readCredentialFile(filePath);
+    const credentialsFile = readCredentialFile(filePath);
     if (typeof credentialsFile !== 'object' || credentialsFile === null) {
         throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse contents of the credentials file as an object');
     }
@@ -392,7 +406,7 @@ function credentialFromFile(filePath, httpAgent) {
     throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Invalid contents in the credentials file');
 }
 function readCredentialFile(filePath, ignoreMissing) {
-    var fileText;
+    let fileText;
     try {
         fileText = fs.readFileSync(filePath, 'utf8');
     }
@@ -400,7 +414,7 @@ function readCredentialFile(filePath, ignoreMissing) {
         if (ignoreMissing) {
             return null;
         }
-        throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, "Failed to read credentials from file " + filePath + ": " + error);
+        throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, `Failed to read credentials from file ${filePath}: ` + error);
     }
     try {
         return JSON.parse(fileText);

package/lib/app/credential.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/credential.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 "use strict";
 /*!
  * @license

package/lib/app/firebase-app.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v10.2.0 */
+/*! firebase-admin v11.0.1 */
 /*!
  * @license
  * Copyright 2017 Google Inc.