Skip to content

Bump protobufjs, firebase-functions and firebase-admin#599

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-0f036fc38e
Open

Bump protobufjs, firebase-functions and firebase-admin#599
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-0f036fc38e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026

Bumps protobufjs to 7.6.0 and updates ancestor dependencies protobufjs, firebase-functions and firebase-admin. These dependencies need to be updated together.

Updates protobufjs from 7.2.5 to 7.6.0

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.0

7.6.0 (2026-05-18)

Features

protobufjs: v7.5.9

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.6.0 (2026-05-18)

Features

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.


Updates firebase-functions from 4.5.0 to 4.9.0

Release notes

Sourced from firebase-functions's releases.

v4.9.0

  • Add new 2nd gen Firestore auth context triggers. (#1519)

v4.8.2

Fix bug with CORS options for an array of one string (#1544)

v4.8.1

Fix bug where 1st gen functions eventually fail with stack too deep (#1540) Make simple CORS options static for improved debugability (#1536)

v4.8.0

Add onInit callback function for global variable initialization (#1531)

v4.7.0

  • Fixes access on deeply nested, nonexistent property. (#1432)
  • Add IteratedDataSnapshot interface to match with firebase admin v12 (#1517).
  • Make bucket parameterizeable in storage functions (#1518)
  • Introduce helper library for select and multi-select input (#1518)

v4.6.0

  • Wrap 2nd gen onCall functions with trace context. (#1491)
  • Bump peer depdencies for firebase-admin to support 12.0.0. (#1509)
Commits

Updates firebase-admin from 11.11.1 to 12.7.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.7.0

New Features

  • feat(auth): Add recaptcha and sms toll fraud support for phone auth (#2625)

Bug Fixes

  • fix: Pin @firebase/database-compat to v1.0.8 (#2739)

Miscellaneous

  • [chore] Release 12.7.0 (#2741)
  • build(deps-dev): bump @​microsoft/api-extractor from 7.47.9 to 7.47.11 (#2734)
  • build(deps-dev): bump @​types/lodash from 4.17.10 to 4.17.12 (#2735)
  • chore: Add X-Goog-Api-Client metric header to Auth and FCM requests (#2738)
  • chore: Update auth.spec.ts (#2737)
  • chore: fix dataconnect integration tests (#2736)
  • build(deps-dev): bump @​firebase/app-compat from 0.2.42 to 0.2.43 (#2729)
  • build(deps-dev): bump @​types/lodash from 4.17.9 to 4.17.10 (#2730)
  • fixes function name resolution to cloud tasks emulator queue (#2726)
  • build(deps-dev): bump @​types/mocha from 10.0.8 to 10.0.9 (#2721)
  • build(deps-dev): bump @​firebase/app-compat from 0.2.41 to 0.2.42 (#2722)
  • build(deps-dev): bump nyc from 17.0.0 to 17.1.0 (#2718)
  • build(deps): bump @​google-cloud/storage from 7.12.1 to 7.13.0 (#2717)
  • build(deps-dev): bump @​types/mocha from 10.0.7 to 10.0.8 (#2719)

Firebase Admin Node.js SDK v12.6.0

New Features

  • feat: Add Data Connect API (#2701)

Bug Fixes

  • fix(auth): Add missing Math.floor() when setting validDuration in createSessionCookie() (#2712)

Miscellaneous

  • [chore] Release 12.6.0 (#2715)
  • build(deps-dev): bump @​types/lodash from 4.17.7 to 4.17.9 (#2710)
  • build(deps-dev): bump @​firebase/app-compat from 0.2.39 to 0.2.41 (#2711)
  • build(deps-dev): bump eslint from 8.57.0 to 8.57.1 (#2707)
  • build(deps-dev): bump @​microsoft/api-extractor from 7.47.6 to 7.47.9 (#2706)
  • build(deps): bump @​google-cloud/firestore from 7.9.0 to 7.10.0 (#2705)

Firebase Admin Node.js SDK v12.5.0

New Features

... (truncated)

Commits
  • 8d49b7e [chore] Release 12.7.0 (#2741)
  • 8fc56a7 build(deps-dev): bump @​microsoft/api-extractor from 7.47.9 to 7.47.11 (#2734)
  • 41e414e build(deps-dev): bump @​types/lodash from 4.17.10 to 4.17.12 (#2735)
  • 0455f79 fix: Pin @firebase/database-compat to v1.0.8 (#2739)
  • 4818109 chore: Add X-Goog-Api-Client metric header to Auth and FCM requests (#2738)
  • 0d21e94 chore: Update auth.spec.ts (#2737)
  • 032f2da chore: fix dataconnect integration tests (#2736)
  • 58b1a36 feat(auth): Add recaptcha and sms toll fraud support for phone auth (#2625)
  • f1c5523 build(deps-dev): bump @​firebase/app-compat from 0.2.42 to 0.2.43 (#2729)
  • 8a83872 build(deps-dev): bump @​types/lodash from 4.17.9 to 4.17.10 (#2730)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump protobufjs, firebase-functions and firebase-admin
93f22dc 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) to 7.6.0 and updates ancestor dependencies [protobufjs](https://github.com/protobufjs/protobuf.js), [firebase-functions](https://github.com/firebase/firebase-functions) and [firebase-admin](https://github.com/firebase/firebase-admin-node). These dependencies need to be updated together.


Updates `protobufjs` from 7.2.5 to 7.6.0
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.0/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.2.5...protobufjs-v7.6.0)

Updates `firebase-functions` from 4.5.0 to 4.9.0
- [Release notes](https://github.com/firebase/firebase-functions/releases)
- [Commits](firebase/firebase-functions@v4.5.0...v4.9.0)

Updates `firebase-admin` from 11.11.1 to 12.7.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Changelog](https://github.com/firebase/firebase-admin-node/blob/main/CHANGELOG.md)
- [Commits](firebase/firebase-admin-node@v11.11.1...v12.7.0)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.6.0
  dependency-type: indirect
- dependency-name: firebase-functions
  dependency-version: 4.9.0
  dependency-type: direct:production
- dependency-name: firebase-admin
  dependency-version: 12.7.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 19, 2026
@dependabot dependabot Bot mentioned this pull request May 19, 2026
Closed
@wiz-9635d3485b
Copy link
Copy Markdown

wiz-9635d3485b Bot commented May 19, 2026

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities 4 High 3 Medium
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 4 High 3 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yuangwang Yuangwang Awaiting requested review from Yuangwang Yuangwang is a code owner

@sjjj986 sjjj986 Awaiting requested review from sjjj986 sjjj986 is a code owner

@jamesdaniels jamesdaniels Awaiting requested review from jamesdaniels jamesdaniels is a code owner

@annajowang annajowang Awaiting requested review from annajowang annajowang is a code owner

@abhis3 abhis3 Awaiting requested review from abhis3 abhis3 is a code owner

@taeold taeold Awaiting requested review from taeold taeold is a code owner

@falahat falahat Awaiting requested review from falahat falahat is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants