Skip to content

chore(deps): bump protobufjs and firebase-admin in /functions#175

Merged
ruhdevops merged 3 commits into
mainfrom
dependabot/npm_and_yarn/functions/multi-c08a2adf5a
May 10, 2026
Merged

chore(deps): bump protobufjs and firebase-admin in /functions#175
ruhdevops merged 3 commits into
mainfrom
dependabot/npm_and_yarn/functions/multi-c08a2adf5a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 10, 2026

Bumps protobufjs to 7.5.6 and updates ancestor dependency firebase-admin. These dependencies need to be updated together.

Updates protobufjs from 6.11.6 to 7.5.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

Bug Fixes

protobufjs: v7.5.1

7.5.1 (2025-05-08)

Bug Fixes

  • optimize regressions from editions implementations (#2066) (6406d4c)
  • reserved field inside group blocks fail parsing (#2058) (56782bf)

protobufjs: v7.5.0

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

7.5.1 (2025-05-08)

Bug Fixes

  • optimize regressions from editions implementations (#2066) (6406d4c)
  • reserved field inside group blocks fail parsing (#2058) (56782bf)

7.5.0 (2025-04-15)

Features

  • add Edition 2023 Support (f04ded3)
  • add Edition 2023 Support (ac9a3b9)
  • add Edition 2023 Support (e5ca5c8)
  • add Edition 2023 Support (a84409b)
  • add Edition 2023 Support (9c5a178)
  • add Edition 2023 Support (b2c6867)
  • add Edition 2023 Support (60f3e51)
  • add Edition 2023 Support (a656361)
  • add Edition 2023 Support (869a95b)

... (truncated)

Commits
Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates firebase-admin from 10.3.0 to 13.9.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v13.9.0

New Features

  • feat(remote-config): add optional exposurePercent field to ExperimentValue (#3096)

Miscellaneous

  • [chore] Release 13.9.0 (#3129)
  • chore: Deprecate support for Node.js 20 (#3128)
  • build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
  • build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
  • build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
  • build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
  • build(deps): bump axios in /.github/actions/send-email (#3123)
  • build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)

Firebase Admin Node.js SDK v13.8.0

New Features

  • feat(pnv): Add support for Phone Number Verification (#3101)
  • feat(fcm): Add bandwidthConstrainedOk and restrictedSatelliteOk (#2994)

Miscellaneous

  • [chore] Release 13.8.0 (#3109)
  • chore(deps): bump node-forge to 1.4.0 (#3108)
  • build(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 (#3090)
  • build(deps-dev): bump lodash and @​microsoft/api-extractor (#3106)
  • build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 (#3095)
  • build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 (#3093)
  • build(deps): bump fast-xml-parser from 5.3.7 to 5.4.1 (#3087)

Firebase Admin Node.js SDK v13.7.0

New Features

  • feat(rc): Support Rollout, Personalization, and Experiment values (#3046)

Bug Fixes

  • fix: upgrade @​google-cloud/storage@​7.19.0 (#3071)

Miscellaneous

  • [chore] Release 13.7.0 (#3081)
  • build(deps-dev): bump @​types/lodash from 4.17.18 to 4.17.24 (#3083)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#3086)
  • build(deps): bump node-forge from 1.3.2 to 1.3.3 (#3085)

... (truncated)

Commits
  • 0efb21f [chore] Release 13.9.0 (#3129)
  • 363a302 chore: Deprecate support for Node.js 20 (#3128)
  • b28b921 build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
  • 5933705 build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
  • ce3b9e0 build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
  • e891a3c build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
  • 92003fc feat(remote-config): add optional exposurePercent field to ExperimentValue (#...
  • 8b9b7a7 build(deps): bump axios in /.github/actions/send-email (#3123)
  • e310a72 build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)
  • ff4c94d [chore] Release 13.8.0 (#3109)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Docker Automation and others added 2 commits May 10, 2026 13:18
chore: add GitHub Actions workflows and validation infrastructure
5f5b1b8 
- Add GitHub Actions workflows:
  * complete-pipeline.yml - Full CI/CD pipeline
  * coverage.yml - Code coverage reporting
  * docs.yml - Documentation builder
  * nightly-release.yml - Automated nightly releases
- Add local_checks.py - Python validation script
- Add values.yaml - Configuration values
- Update functions dependencies and lockfiles

This commit includes:
- Type-safe Python validation script with full type annotations
- Pre-commit hook configuration
- CircleCI deployment configuration
- GitHub Actions automation for CI/CD
@dependabot
chore(deps): bump protobufjs and firebase-admin in /functions
26e7595 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) to 7.5.6 and updates ancestor dependency [firebase-admin](https://github.com/firebase/firebase-admin-node). These dependencies need to be updated together.


Updates `protobufjs` from 6.11.6 to 7.5.6
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@v6.11.6...protobufjs-v7.5.6)

Updates `firebase-admin` from 10.3.0 to 13.9.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Changelog](https://github.com/firebase/firebase-admin-node/blob/main/CHANGELOG.md)
- [Commits](firebase/firebase-admin-node@v10.3.0...v13.9.0)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.5.6
  dependency-type: indirect
- dependency-name: firebase-admin
  dependency-version: 13.9.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 10, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
yt-studio Error Error May 10, 2026 8:10am
yt-studio-production Error Error May 10, 2026 8:10am

@bolt-new-by-stackblitz
Copy link
Copy Markdown

bolt-new-by-stackblitz Bot commented May 10, 2026

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@cloudflare-workers-and-pages
Copy link
Copy Markdown
Contributor

cloudflare-workers-and-pages Bot commented May 10, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs		 ytstudio c89c251 May 10 2026, 08:10 AM

@cloudflare-workers-and-pages
Copy link
Copy Markdown
Contributor

cloudflare-workers-and-pages Bot commented May 10, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs		 ytstudio c89c251 May 10 2026, 08:10 AM

@ruhdevops ruhdevops self-assigned this May 10, 2026
@ruhdevops ruhdevops merged commit fce1911 into main May 10, 2026
2 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ruhdevops ruhdevops

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ruhdevops