chore(deps): bump @grpc/grpc-js and firebase-admin in /functions

[dependabot]

Bumps @grpc/grpc-js to 1.14.3 and updates ancestor dependency firebase-admin. These dependencies need to be updated together.

Updates @grpc/grpc-js from 1.6.12 to 1.14.3

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.14.3

• Send halfClose immediately after messages to prevent late halfClose issues with Envoy (#3031 contributed by @​serkanerip)

@​grpc/grpc-js 1.14.2

• Fix server keep alive timeout not properly destroying connections (#3022 contributed by @​mattias-wiberg)

@​grpc/grpc-js 1.14.1

• Fix a regression of the settings used internally for HTTP/2 sessions (#3023)

@​grpc/grpc-js-xds 1.14.0

• Implement RBAC support (gRFC A41) (#2939, #2945)
• Add weighted_round_robin to LB policy registry (#3001) (currently experimental, enabled by the environment variable GRPC_EXPERIMENTAL_XDS_WRR_LB)
• Add wrr_locality to LB policy registry (#3003)

@​grpc/grpc-js 1.14.0

Changelog

• Add getAuthContext method to client and server call classes (more details can be found in gRFC L35) (#2920)
• Implement custom backend metrics support (gRFC A51) (#2978, #2983, #2985, #2986, #2999)
• Add getConnectionInfo method to the ServerInterceptingCall class (#2922)
• Implement the weighted_round_robin load balancing policy (#2998)
• Fix jitter behavior for client retries (#2960 contributed by @​ekscentrysytet)
• Start connecting from a random index in the round_robin LB policy (#2979)
• Send connection-level WINDOW_UPDATE at session start (#2971 contributed by @​KoenRijpstra)

Experimental API Changes

Added:

• CHANNEL_ARGS_CONFIG_SELECTOR_KEY
• StatusOr<T>
• CallStream
• statusOrFromValue
• statusOrFromError

Modified:

• ResolverListener#onSuccessfulResolution now has the signature (endpointList: StatusOr<Endpoint[]>, attributes: { [key: string]: unknown }, serviceConfig: StatusOr<ServiceConfig> | null, resolutionNote: string): boolean
• LoadBalancer#updateAddressList now has the signature `updateAddressList(endpointList: StatusOr<Endpoint[]>,lbConfig: TypedLoadBalancingConfig, channelOptions: ChannelOptions, resolutionNote: string): boolean

@​grpc/grpc-js 1.13.4

• Fix ability to set SNI with ssl_target_name_override option (#2956)

@​grpc/grpc-js 1.13.3

• Disable Nagle's algorithm (#2936)
• Avoid calling http2.getDefaultSettings (#2937)

@​grpc/grpc-js 1.13.2

• Fix a bug that caused clients to be unable to connect through local proxies (#2933)

... (truncated)

Commits

• ccd29b2 Merge pull request #3032 from murgatroid99/grpc-js_retry_half_close_1.14
• 9ea15ce grpc-js: Bump version to 1.14.3
• 4d387d4 Use nextMessageToSend for early half-close
• 88a083d remove halfCloseSent field
• f6895cb Send halfClose immediately after messages to prevent late halfClose issues wi...
• 37f2817 revert changes
• 4e26a27 half close right after write
• bf0dc8f Merge pull request #3029 from murgatroid99/grpc-js_keepalive_fix_backport
• 235474e grpc-js: Bump to 1.14.2
• 2f090c6 grpc-js: Fix server keep alive timeout not properly destroying connections
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates firebase-admin from 10.3.0 to 13.9.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v13.9.0

New Features

• feat(remote-config): add optional exposurePercent field to ExperimentValue (#3096)

Miscellaneous

• [chore] Release 13.9.0 (#3129)
• chore: Deprecate support for Node.js 20 (#3128)
• build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
• build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
• build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
• build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
• build(deps): bump axios in /.github/actions/send-email (#3123)
• build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)

Firebase Admin Node.js SDK v13.8.0

New Features

• feat(pnv): Add support for Phone Number Verification (#3101)
• feat(fcm): Add bandwidthConstrainedOk and restrictedSatelliteOk (#2994)

Miscellaneous

• [chore] Release 13.8.0 (#3109)
• chore(deps): bump node-forge to 1.4.0 (#3108)
• build(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 (#3090)
• build(deps-dev): bump lodash and @​microsoft/api-extractor (#3106)
• build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 (#3095)
• build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 (#3093)
• build(deps): bump fast-xml-parser from 5.3.7 to 5.4.1 (#3087)

Firebase Admin Node.js SDK v13.7.0

New Features

• feat(rc): Support Rollout, Personalization, and Experiment values (#3046)

Bug Fixes

• fix: upgrade @​google-cloud/storage@​7.19.0 (#3071)

Miscellaneous

• [chore] Release 13.7.0 (#3081)
• build(deps-dev): bump @​types/lodash from 4.17.18 to 4.17.24 (#3083)
• build(deps-dev): bump @​typescript-eslint/eslint-plugin (#3086)
• build(deps): bump node-forge from 1.3.2 to 1.3.3 (#3085)

... (truncated)

Commits

• 0efb21f [chore] Release 13.9.0 (#3129)
• 363a302 chore: Deprecate support for Node.js 20 (#3128)
• b28b921 build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
• 5933705 build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
• ce3b9e0 build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
• e891a3c build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
• 92003fc feat(remote-config): add optional exposurePercent field to ExperimentValue (#...
• 8b9b7a7 build(deps): bump axios in /.github/actions/send-email (#3123)
• e310a72 build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)
• ff4c94d [chore] Release 13.8.0 (#3109)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
yt-studio	Error		May 10, 2026 8:35am
yt-studio-production	Error		May 10, 2026 8:35am

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	ytstudio	3b16eb1	May 10 2026, 08:35 AM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	ytstudio	3b16eb1	May 10 2026, 08:35 AM

[dependabot]

Dependabot can't parse your package-lock.json. Because of this, Dependabot cannot update this pull request.