Bump the npm_and_yarn group across 1 directory with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the /functions/testapp/Assets/Firebase/Sample/Functions/.functions/functions directory:

Package	From	To
@firebase/util	0.1.10	1.9.6
firebase-admin	5.10.0	12.1.1
base64url	2.0.0	removed
jws	3.1.4	3.2.2
express	4.16.3	4.19.2
jsonwebtoken	7.4.3	9.0.2
firebase-functions	0.9.0	5.0.1

Updates @firebase/util from 0.1.10 to 1.9.6

Changelog

Sourced from @​firebase/util's changelog.

1.9.6

Patch Changes

• ab883d016 #8237 - Bump all packages so staging works.

1.9.5

Patch Changes

• 0c5150106 #8079 - Update repository.url field in all package.json files to NPM's preferred format.

1.9.4

Patch Changes

• 434f8418c #7963 (fixes #7962) - Fix isSafari() throwing on React Native

1.9.3

Patch Changes

• c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

• d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

• 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

• 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

• d4114a4f7 #6874 (fixes #6838) - Reformat a comment that causes compile errors in some build toolchains.

1.8.0

Minor Changes

... (truncated)

Commits

• 8fb372a Version Packages (#8236)
• 13762a4 Version Packages (#8101)
• 0c51501 Run npm pkg fix on all packages (#8079)
• 9fa0e9f Version Packages (#7995)
• 434f841 Fix isSafari() throwing on React Native (fixes #7962) (#7963)
• ebc694a Comment changes for OSS (#7778)
• 2be12d7 [CI] update chrome install steps for Auth builds. (#7602)
• 2e7e548 Version Packages (#7069)
• c59f537 Improve decodeBase64() to throw on invalid input rather than silently accept ...
• 3d605f8 Version Packages (#7008)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​firebase/util since your current version.

Updates firebase-admin from 5.10.0 to 12.1.1

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.1.1

Bug Fixes

• fix: Export error classes (#2151)

Miscellaneous

• [chore] Release 12.1.1 (#2561)
• build(deps): updgrade jwks-rsa (#2570)
• --- (#2568)
• --- (#2566)
• --- (#2567)
• --- (#2569)
• build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• chore: upgrade firestore to 7.7.0 (#2560)
• build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• build(deps): bump @​google-cloud/firestore from 7.6.0 to 7.7.0 (#2558)
• Fix api extractor issues to expose error types (#2549)
• build(deps-dev): bump @​types/lodash from 4.17.0 to 4.17.1 (#2546)
• build(deps): bump @​google-cloud/storage from 7.10.2 to 7.11.0 (#2547)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.1 to 7.43.2 (#2545)
• build(deps): bump @​types/node from 20.12.7 to 20.12.10 (#2544)
• build(deps-dev): bump @​firebase/app-compat from 0.2.31 to 0.2.32 (#2540)
• build(deps): bump @​google-cloud/storage from 7.10.1 to 7.10.2 (#2541)
• build(deps): bump @​google-cloud/storage from 7.10.0 to 7.10.1 (#2536)
• Update package.json to use farmhash 3.3.1 (#2534)

Firebase Admin Node.js SDK v12.1.0

New Features

• feat(rc): Add server side Remote Config support (#2529)

Miscellaneous

• [chore] Release 12.1.0 (#2532)
• Fix minor typo (#2533)
• chore: Excluding certain event_types from processing uid (#2370)
• build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
• build(deps-dev): bump @​firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
• build(deps): bump @​google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
• build(deps): bump undici in /.github/actions/send-email (#2521)
• build(deps-dev): bump @​firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
• build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
• build(deps): bump @​types/node from 20.11.30 to 20.12.2 (#2516)
• build(deps): bump @​google-cloud/firestore from 7.4.0 to 7.5.0 (#2517)
• build(deps-dev): bump @​firebase/app-compat from 0.2.28 to 0.2.29 (#2510)
• build(deps): bump @​google-cloud/storage from 7.7.0 to 7.9.0 (#2509)

... (truncated)

Commits

• e2515f2 [chore] Release 12.1.1 (#2561)
• 4d4fd39 build(deps): updgrade jwks-rsa (#2570)
• 1754b7e --- (#2568)
• 72f0169 --- (#2566)
• 8f622cf --- (#2567)
• f8f8eb9 --- (#2569)
• ee78c87 build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• f837c23 build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• 41aea3a chore: upgrade firestore to 7.7.0 (#2560)
• 26cd8b0 build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for firebase-admin since your current version.

Updates @google-cloud/firestore from 0.13.0 to 7.8.0

Release notes

Sourced from @​google-cloud/firestore's releases.

v7.8.0

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

v7.7.0

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

v7.6.0

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

v7.5.0

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

v7.4.0

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)
• A new message DailyRecurrence is added (6bced86)
• A new message DeleteBackupRequest is added (6bced86)
• A new message DeleteBackupScheduleRequest is added (6bced86)
• A new message GetBackupRequest is added (6bced86)
• A new message GetBackupScheduleRequest is added (6bced86)

... (truncated)

Commits

• df748ac chore(main): release 7.8.0 (#2048)
• 6dbe4b0 feat: update Nodejs generator to send API versions in headers for GAPICs (#2041)
• d406f14 feat: Query profiling for VectorQuery (#2045)
• 1e949b8 chore: refactor reference.ts to one class per file (#2037)
• 591fff1 chore(deps): update dependency sinon to v18 (#2044)
• 392ecf3 chore(main): release 7.7.0 (#2038)
• 0b9efa6 fix: Upgrade the google-gax dependency version. (#2040)
• 52099c8 fix: Nonblocking rollback (#2039)
• 2c726a1 feat: Lazy-started transactions (#2017)
• 5811492 docs: Allow 14 week backup retention for Firestore daily backups (#2031)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​google-cloud/firestore since your current version.

Updates ansi-regex from 2.1.1 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Removes base64url

Updates jws from 3.1.4 to 3.2.2

Commits

• 7d4a071 v3.2.2
• 10b7229 deps: jwa@^1.4.1
• 37e67a8 v3.2.1
• fc398d8 update jws.ALGORITHMS
• 5cdc5ce v3.2.0
• ae9de7e build: update test targets
• 682e944 Fix some typos and improve formatting in README (#82)
• 6613fad deps: jwa@^1.2.0
• bb8e016 Upgrade: jwa dependency from 1.1.5 -> 1.1.6
• 0735396 package: v3.1.5
• Additional commits viewable in compare view

Updates express from 4.16.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

Commits

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• See full diff in compare view

Updates jsonwebtoken from 7.4.3 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

8.5.1 - 2019-03-18

Bug fix

• fix: ensure correct PS signing and verification (#585) (e5874ae428ffc0465e6bd4e660f89f78b56a74a6), closes #585

Docs

• README: fix markdown for algorithms table (84e03ef70f9c44a3aef95a1dc122c8238854f683)

8.5.0 - 2019-02-20

New Functionality

• feat: add PS JWA support for applicable node versions (#573) (eefb9d9c6eec54718fa6e41306bda84788df7bec), closes #573
• Add complete option in jwt.verify (#522) (8737789dd330cf9e7870f4df97fd52479adbac22), closes #522

Test Improvements

• Add tests for private claims in the payload (#555) (5147852896755dc1291825e2e40556f964411fb2), closes #555
• Force use_strict during testing (#577) (7b60c127ceade36c33ff33be066e435802001c94), closes #577
• Refactor tests related to jti and jwtid (#544) (7eebbc75ab89e01af5dacf2aae90fe05a13a1454), closes #544
• ci: remove nsp from tests (#569) (da8f55c3c7b4dd0bfc07a2df228500fdd050242a), closes #569

... (truncated)

Commits

• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates firebase-functions from 0.9.0 to 5.0.1

Release notes

Sourced from firebase-functions's releases.

v5.0.1

• Fix App fetching for named firestore instances (#1562).

v5.0.0

• Add option to get named firestore instance for v2 firestore functions (#1550).
• Remove firebase-admin v10 dependency for Firestore triggers multi-DB support (#1555).

v4.9.0

• Add new 2nd gen Firestore auth context triggers. (#1519)

v4.8.2

Fix bug with CORS options for an array of one string (#1544)

v4.8.1

Fix bug where 1st gen functions eventually fail with stack too deep (#1540) Make simple CORS options static for improved debugability (#1536)

v4.8.0

Add onInit callback function for global variable initialization (#1531)

v4.7.0

• Fixes access on deeply nested, nonexistent property. (#1432)
• Add IteratedDataSnapshot interface to match with firebase admin v12 (#1517).
• Make bucket parameterizeable in storage functions (#1518)
• Introduce helper library for select and multi-select input (#1518)

v4.6.0

• Wrap 2nd gen onCall functions with trace context. (#1491)
• Bump peer depdencies for firebase-admin to support 12.0.0. (#1509)

v4.5.0

• Remove HTTP server shutdown message. (#1457)
• Add features to task queue functions. (#1423)
• Add traces to V2 Firestore trigger logs. (#1440)
• Fix incorrectly parsed timestamps in auth blocking functions. (#1472)
• Add recaptcha verdict support for auth blocking functions (#1458)

v4.4.1

• Update list of supported regions for 2nd Gen Functions. (#1402)
• Fix bug where log message on structured log was being overwritten (#1416)
• Fix bug where exists() should return true for falsy values like 0, "" (#1410)

v4.4.0

• Fix typo on alert event type. (#1384)
• Add consumeAppCheckToken option for callable functions (#1374)

v4.3.1

• Export Change interface from the v2 firestore path (#1379).

v4.3.0

... (truncated)

Commits

• 80c5a37 5.0.1
• 680849e Fix: get the app when fetching named firestore (#1562)
• 77c16ff [firebase-release] Removed change log and reset repo after 5.0.0 release
• f59cd1a 5.0.0
• e7c72f3 Add changelog entry for removing admin v10 dep (#1560)
• 29bf78f bump firebase-admin version (#1555)
• 909215f bumping ts version (#1552)
• 6beaaeb Add option to get named firestore instance for v2 firestore functions (#1550)
• c89994f [firebase-release] Removed change log and reset repo after 4.9.0 release
• 482529a 4.9.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for firebase-functions since your current version.

Updates protobufjs from 5.0.2 to 7.3.0

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

• add handling for extension range options (#1990) (2d58011)

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

protobufjs: v7.2.4

7.2.4 (2023-06-23)

Bug Fixes

• do not let setProperty change the prototype (#1899) (e66379f)

protobufjs: v7.2.3

7.2.3 (2023-03-27)

Bug Fixes

• type names can be split into multiple tokens (#1877) (8817ee6)

protobufjs: v7.2.2

7.2.2 (2023-02-07)

Bug Fixes

• do not allow to extend same field twice to prevent the error (#1784) (14f0536)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.3.0 (2024-05-10)

Features

• add handling for extension range options (#1990) (2d58011)

7.2.6 (2024-01-16)

Bug Fixes

<...

Description has been truncated