Skip to content

Bump protobufjs, firebase-admin and firebase-tools in /functions#2420

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/functions/multi-3975ec3393
Open

Bump protobufjs, firebase-admin and firebase-tools in /functions#2420
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/functions/multi-3975ec3393

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Bumps protobufjs to 7.6.1 and updates ancestor dependencies protobufjs, firebase-admin and firebase-tools. These dependencies need to be updated together.

Updates protobufjs from 6.10.2 to 7.6.1

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.1

7.6.1 (2026-05-22)

Bug Fixes

protobufjs: v7.6.0

7.6.0 (2026-05-18)

Features

protobufjs: v7.5.9

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.6.1 (2026-05-22)

Bug Fixes

7.6.0 (2026-05-18)

Features

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates firebase-admin from 8.13.0 to 13.10.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v13.10.0

New Features

  • feat(appcheck): Add support for minting limited-use tokens and custom JTI (#3027)

Bug Fixes

  • fix: Replace node-forge with native crypto for private key validation (#3051)

Miscellaneous

  • [chore] Release 13.10.0 (#3146)
  • add node prefix to crypto imports (#3144)
  • chore: remove uuid dependency (#3130)
  • build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3134)
  • build(deps): bump protobufjs from 7.5.5 to 7.5.8 (#3141)
  • build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3135)

Firebase Admin Node.js SDK v13.9.0

New Features

  • feat(remote-config): add optional exposurePercent field to ExperimentValue (#3096)

Miscellaneous

  • [chore] Release 13.9.0 (#3129)
  • chore: Deprecate support for Node.js 20 (#3128)
  • build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
  • build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
  • build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
  • build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
  • build(deps): bump axios in /.github/actions/send-email (#3123)
  • build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)

Firebase Admin Node.js SDK v13.8.0

New Features

  • feat(pnv): Add support for Phone Number Verification (#3101)
  • feat(fcm): Add bandwidthConstrainedOk and restrictedSatelliteOk (#2994)

Miscellaneous

  • [chore] Release 13.8.0 (#3109)
  • chore(deps): bump node-forge to 1.4.0 (#3108)
  • build(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 (#3090)
  • build(deps-dev): bump lodash and @​microsoft/api-extractor (#3106)
  • build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 (#3095)

... (truncated)

Commits
  • e0a2177 [chore] Release 13.10.0 (#3146)
  • 67d6d82 add node prefix to crypto imports (#3144)
  • 2c8d215 chore: remove uuid dependency (#3130)
  • da2141a build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3134)
  • fcedf6b feat(appcheck): Add support for minting limited-use tokens and custom JTI (#3...
  • 48d5212 build(deps): bump protobufjs from 7.5.5 to 7.5.8 (#3141)
  • 16e6c33 fix: Replace node-forge with native crypto for private key validation (#3051)
  • 6c81c7e build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3135)
  • 0efb21f [chore] Release 13.9.0 (#3129)
  • 363a302 chore: Deprecate support for Node.js 20 (#3128)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates firebase-tools from 9.10.0 to 15.19.0

Release notes

Sourced from firebase-tools's releases.

v15.19.0

  • Updated Pub/Sub emulator to version 0.8.32
  • Added support for 6 more iD providers in auth:import and auth:export commands
  • Fixed issue where auth:export didn't escape double quotes for CSV format. (#3484)
  • Fixes CloudSQLConnectorError: The connector was closed unhandled exception during Data Connect deployments. (#10555)
  • Updated the Firebase Data Connect local toolkit to v3.4.9, which includes the following changes: (#10567)
    • Added support for nested mutations for literals and also variables that define an incomplete set of fields.
    • Fixed an issue in the JS Generated SDK where QueryFetchPolicy wasn't being respected.

v15.18.0

  • Updated Pub/Sub emulator to version 0.8.31
  • Resolves undefined regions earlier, during the build to backend resolution phase (#10471)
  • Updated the Firebase Data Connect local toolkit to v3.4.8, which includes the following changes:
    • Fixed an issue in Dart code generation where nullable BigInt was not handled correctly.
    • Added support for nested 1:Many relational batch inserts.
    • Updated the Golang dependency version to 1.25.10.
  • Default timeout for Dart functions is now 60 seconds when not explicitly set (#10501)
  • Support secret environment variables for Cloud Run functions (#10489)
  • Set requiredProjectBindings in AI Logic services (#10503)

v15.17.0

  • Added support for creating search indexes for Firestore. (#10431)
  • Fixed an issue where some MCP tools would error with "Invalid input: expected record, received array". (#10437)
  • Fixed an issue causing errors when multiple Firestore databases were configured in firebase.json (#8114)
  • Updated the Firebase Data Connect local toolkit to v3.4.7, which includes the following changes: (#10461)
    • Fix emulator crash when using uuidv4() on operations.
    • Support for _Data input types as variables with @allow(fields, maxCount) to constraint the input JSON, enabling batch mutations in admin SDK. Client SDK support will come soon.
  • Increase supported range for Next.js to version 16.0 (#9463)
  • Updated Cloud Function default resource locations. This does not affect existing functions. (#10414)
  • Added warning for cross-region event triggers (#10408)

v15.16.0

  • Updated Firestore Emulator to v1.21.0, which adds support for subqueries and new stages like let(...), as well as allowing setting database-edition per-database.
  • Suppressed the 'punycode' deprecation warning during firebase deploy on Node 22. (#10385)
  • Fixed an issue where hosting deploy allowed publishing to a site in a different project. (#10376)
  • Added SSE mode support to firebase mcp. To use it, run firebase mcp --mode=sse --port=3000, and connect your client on http://localhost:3000.
  • Update the valid Python runtimes for functions. Default Python runtime is now Python 3.14.
  • Fix CLI non-interactive mode for dataconnect init (#10401)
  • Fixed issue where rules for non-default Firestore databases were not being deployed correctly.
  • Suppress SSR warning for non-SSR Angular projects on init hosting (#10364)
  • Updated the SQL Connect emulator to v3.4.6, including internal bug fixes (#10434)
  • Fix an issue where deploying multi-codebase functions failed due to a shared source token scraper (#10428)

v15.15.0

  • Add foundation for being smarter about where to place functions when the region is not specified (#10293)
  • Updated Pub/Sub emulator to version 0.8.30
  • Renamed Data Connect displayed text to SQL Connect (#10270)
  • Added support for the experimental Cloud Functions for Firebase Dart SDK behind the dartfunctions flag
  • Updated the SQL Connect emulator to v3.4.5, including internal bug fixes (#10336)

... (truncated)

Commits
  • 34de5c3 15.19.0
  • 1daf175 fix: update accountExporter unit test to match current CSV output (#10569)
  • a94799f Resolve issue #3401 - support all iDPs for firebase auth:export and auth:impo...
  • 7878e57 fix issue where auth:export doesn't escape double quotes for CSV format (#10563)
  • 151ee63 Bump FDC local toolkit to v3.4.9. (#10567)
  • 5c6711c fix: resolve uuid vulnerability on firebase-cli docker image (#10564)
  • d2b74f7 Revert "Integrate new FSQL AgentService API (#10531)" (#10566)
  • eb04767 Remove the unused "annotations" variable for Local Builds (#10540)
  • f74366b Remove Local Build Universal Maker hack (#10539)
  • f04faf4 Local Build env vars should NOT be set on the global process (#10538)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump protobufjs, firebase-admin and firebase-tools in /functions
f508603 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) to 7.6.1 and updates ancestor dependencies [protobufjs](https://github.com/protobufjs/protobuf.js), [firebase-admin](https://github.com/firebase/firebase-admin-node) and [firebase-tools](https://github.com/firebase/firebase-tools). These dependencies need to be updated together.


Updates `protobufjs` from 6.10.2 to 7.6.1
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@v6.10.2...protobufjs-v7.6.1)

Updates `firebase-admin` from 8.13.0 to 13.10.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Changelog](https://github.com/firebase/firebase-admin-node/blob/main/CHANGELOG.md)
- [Commits](firebase/firebase-admin-node@v8.13.0...v13.10.0)

Updates `firebase-tools` from 9.10.0 to 15.19.0
- [Release notes](https://github.com/firebase/firebase-tools/releases)
- [Commits](firebase/firebase-tools@v9.10.0...v15.19.0)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.6.1
  dependency-type: indirect
- dependency-name: firebase-admin
  dependency-version: 13.10.0
  dependency-type: direct:production
- dependency-name: firebase-tools
  dependency-version: 15.19.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 28, 2026
@dependabot dependabot Bot mentioned this pull request May 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants