[REQUIRED] Step 1: Describe your environment

• Xcode version: 12.1
• Firebase SDK version: 7.4.0
• Installation method: CocoaPods (select one)
• Firebase Component: nanopb

[REQUIRED] Step 2: Describe the problem

CVE-2021-21401: "In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field." Issue was reported on March 23, 2021, and was resolved with Nanopb 0.3.9.8 or 0.4.5

Steps to reproduce:

• Install Firebase 7.4.0 or higher
• Observe Nanopb is version 0.3.9.7 based on Google spec of Nanopb 2.03097.0