Bump the npm_and_yarn group across 2 directories with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: @google-cloud/firestore, firebase-admin, firebase-functions and express.
Bumps the npm_and_yarn group with 3 updates in the /functions directory: @google-cloud/firestore, firebase-admin and express.

Updates @google-cloud/firestore from 4.9.7 to 7.9.0

Release notes

Sourced from @​google-cloud/firestore's releases.

v7.9.0

7.9.0 (2024-06-25)

Features

• Update FirebaseFirestore.v1 and FirebaseFirestore.v1beta1 auto-gen types (6732d4d)

v7.8.0

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

v7.7.0

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

v7.6.0

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

v7.5.0

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

v7.4.0

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

7.9.0 (2024-06-25)

Features

• Update FirebaseFirestore.v1 and FirebaseFirestore.v1beta1 auto-gen types (6732d4d)

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)

... (truncated)

Commits

• f73e28b chore(main): release 7.9.0 (#2073)
• 3e91cf3 chore: fix lint errors (#2074)
• 6732d4d build: update gapic generator to allow individual location mixin generation (...
• 672e6d8 build: Running the license script for files in the types folder (#2066)
• 337641a Build: Pin the protobuf library to v26.1 (#2064)
• f64c2d9 build: Pin the protobuf library to v27. Unblocks the release and pinning prev...
• e581271 build: update owlbot.py to compile before copying d.ts files from the build f...
• 4c2dc11 chore: [node] add auto-approve templates, and install dependencies with engin...
• 6a23b6c build: Attempting to fix an owlbot.py issue with copying to the types folder ...
• df748ac chore(main): release 7.8.0 (#2048)
• Additional commits viewable in compare view

Updates firebase-admin from 9.5.0 to 12.2.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.2.0

Breaking Changes

• change: Deprecate Node.js 16 support (#2574)

Bug Fixes

• fix: Replace farmhash with farmhash-modern (#2603)
• fix: Make ADC + human account work with firebase-admin (#2553)
• fix: Use optional chaining in FirebaseError (#2581)

Miscellaneous

• [chore] Release 12.2.0 (#2605)
• build(deps): bump uuid from 9.0.1 to 10.0.0 (#2599)
• build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (#2593)
• build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#2595)
• build(deps): bump @​grpc/grpc-js from 1.10.8 to 1.10.9 (#2592)
• build(deps-dev): bump @​types/lodash from 4.17.4 to 4.17.5 (#2594)
• build(deps): bump @​google-cloud/firestore from 7.7.0 to 7.8.0 (#2583)
• build(deps): bump @​types/node from 20.12.12 to 20.14.0 (#2585)
• build(deps-dev): bump @​firebase/app-compat from 0.2.34 to 0.2.35 (#2575)
• build(deps-dev): bump chai-as-promised from 7.1.1 to 7.1.2 (#2578)
• build(deps): bump @​google-cloud/storage from 7.11.0 to 7.11.1 (#2579)

Firebase Admin Node.js SDK v12.1.1

Bug Fixes

• fix: Export error classes (#2151)

Miscellaneous

• [chore] Release 12.1.1 (#2561)
• build(deps): updgrade jwks-rsa (#2570)
• --- (#2568)
• --- (#2566)
• --- (#2567)
• --- (#2569)
• build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• chore: upgrade firestore to 7.7.0 (#2560)
• build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• build(deps): bump @​google-cloud/firestore from 7.6.0 to 7.7.0 (#2558)
• Fix api extractor issues to expose error types (#2549)
• build(deps-dev): bump @​types/lodash from 4.17.0 to 4.17.1 (#2546)
• build(deps): bump @​google-cloud/storage from 7.10.2 to 7.11.0 (#2547)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.1 to 7.43.2 (#2545)
• build(deps): bump @​types/node from 20.12.7 to 20.12.10 (#2544)

... (truncated)

Commits

• 5620e9c [chore] Release 12.2.0 (#2605)
• f6f7cb9 build(deps): bump uuid from 9.0.1 to 10.0.0 (#2599)
• b890182 fix: Replace farmhash with farmhash-modern (#2603)
• 5f0f253 fix: Make ADC + human account work with firebase-admin (#2553)
• fdde8c3 build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (#2593)
• 07855bf build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#2595)
• 5440580 build(deps): bump @​grpc/grpc-js from 1.10.8 to 1.10.9 (#2592)
• 5f01f63 build(deps-dev): bump @​types/lodash from 4.17.4 to 4.17.5 (#2594)
• 4070f5b build(deps): bump @​google-cloud/firestore from 7.7.0 to 7.8.0 (#2583)
• 07cfca8 build(deps): bump @​types/node from 20.12.12 to 20.14.0 (#2585)
• Additional commits viewable in compare view

Updates firebase-functions from 3.13.2 to 3.24.1

Release notes

Sourced from firebase-functions's releases.

v3.24.1

• Fix reference docs for performance monitoring.
• Fix bug where function configuration wil null values couldn't be deployed. (#1246)

v3.24.0

• Add performance monitoring triggers to v2 alerts (#1223).

v3.23.0

• Fixes a bug that disallowed setting customClaims and/or sessionClaims in blocking functions (#1199).
• Add v2 Schedule Triggers (#1177).

v3.22.0

• Adds RTDB Triggers for v2 functions (#1127)
• Adds support for Firebase Admin SDK v11 (#1151)
• Fixes bug where emulated task queue function required auth header (#1154)

v3.21.2

• Fixes bug where toJSON was not defined in UserRecord (#1125).

v3.21.1

• Add debug feature to enable cors option for v2 onRequest and onCall handlers. (#1099)

v3.21.0

• Adds CPU option and enhances internal data structures (#1077)
• Add auth blocking handlers (#1080)
• Add support for secrets in v2 (#1079)
• Update types for AlertPayloads (#1087)
• Update AppDistribution [@type] (#1088)
• Update CloudEvent types (#1089)
• Generate documentation with api-extractor (#1071)
• Change type info to be inheritance friendly. (#1091)
• Changes the memory options from MB to MiB and GB to GiB for greater clarity (#1090)

v3.20.1

• Improve authorization for tasks. (#1073)

v3.20.0

• Changes internal structure to be more flexible (#1070).

v3.19.0

• Add support for more regions and memory for v2 functions (#1037).
• Fixes bug where some RTDB instance names were incorrectly parsed (#1056).

v3.18.1

• Expose stack YAML via __/functions.yaml endpoint instead (#1036).

v3.18.0

• Add new runtime option for setting secrets.

v3.17.2

... (truncated)

Commits

• e4bda7d 3.24.1
• 3c5392d Hide documentation for in-app feedback (#1245)
• cc6e28e Fix bug where function configuration with null couldn't be deployed. (#1246)
• cf27ac6 Adding required --project flag to v2 docgen script. (#1239)
• 1ac04ad fix tsdoc comments (#1240)
• bd0fcbc [firebase-release] Removed change log and reset repo after 3.24.0 release
• e191af7 3.24.0
• b93e397 Don't delete fields on a non-breaking change release (#1238)
• 65e66a2 Converting alert type and app id to camel case in the CloudEvent (#1236)
• c18e832 Adds performance monitoring triggers to v2 alerts (#1223)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.2.11 to 1.10.10

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.10

• Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
• Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
• Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
• Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
• Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

• Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

• Improve reporting of HTTP error codes (#2723)
• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

• Fix a bug that could cause a server to sometimes send the status early (#2708)

@​grpc/grpc-js 1.10.5

• Resolve exception when Error.stackTraceLimit is undefined (#2701 contributed by @​davidfiala)
• Call configured checkServerIdentity when grpc.ssl_target_name_override is set (#2704)
• Add more information to DEADLINE_EXCEEDED error details strings (#2692)

@​grpc/grpc-js 1.10.4

• Fix a bug that caused server interceptors to crash when using partially-populated ResponderBuilder and ListenerBuilder objects (#2696)
• Avoid sending RST_STREAM from the client when the server has already finished its side of the stream (#2695)

@​grpc/grpc-js 1.10.3

• Revert client reconnection changes in #2680 (#2691)

@​grpc/grpc-js 1.10.2

• Implement server connection idle timeouts and improve channelz performance (#2677 contributed by @​AVVS)
• Fix a bug that caused clients to automatically reconnect even when there were no active requests (#2680)
• Modify order of server call events to more closely match pre-1.10.x behavior (#2683)

@​grpc/grpc-js 1.10.1

• Fix a bug causing channels using the round_robin LB policy to fail to reconnect after a connection drops (#2667)

@​grpc/grpc-js-xds 1.10.1

• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js-xds 1.10.0

• Implement gRFC A52: gRPC xDS Custom Load Balancer Configuration (#2555)
• Implement gRFC A42: xDS Ring Hash LB Policy (#2568)
  • Note: This feature is not compatible with Node 14 or below. To disable it in those versions, set the environment variable GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH=false.
• Implement the xDS part of gRFC A62: pick_first: sticky TRANSIENT_FAILURE and address order randomization (Currently experimental, enabled by environment variable GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG) (#2572)

@​grpc/grpc-js 1.10.0

... (truncated)

Commits

• c934257 Merge pull request #2778 from murgatroid99/grpc-js_1.10.10
• 3c55b5b Merge pull request #2777 from murgatroid99/grpc-js_1.10_backports
• 97c4cda Merge pull request #2779 from murgatroid99/grpc-js_max_send_message_size_fix
• 42844cf grpc-js: Re-add client-side max send message size checking
• cbab4e5 grpc-js: Bump to 1.10.10
• 5ae5514 fix: add decoding for url encoded user credentials
• e759029 HTTP CONNECT: handle early server packets
• 5c0226d Merge pull request #2760 from davidfiala/@grpc/[email protected]
• 52fe8e9 Merge pull request #2772 from murgatroid99/grpc-js_cardinality_error_hang
• 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates jsonwebtoken from 8.5.1 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates semver from 5.7.1 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodanielDescription has been truncated