dependabot[bot]
479868284a
chore(deps): bump body-parser and express in /functions ( #509 )
...
Bumps [body-parser](https://github.com/expressjs/body-parser ) and
[express](https://github.com/expressjs/express ). These dependencies
needed to be updated together.
Updates `body-parser` from 1.20.2 to 1.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases ">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>1.20.3</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li><strong>IMPORTANT:</strong> The default <code>depth</code> level for
parsing URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>). <a
href="1752951367/README.md (depth)
">Documentation</a></li>
</ul>
<h3>Other changes</h3>
<ul>
<li>chore: add support for OSSF scorecard reporting by <a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522 ">expressjs/body-parser#522</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/523 ">expressjs/body-parser#523</a></li>
<li>fix: pin to node@22.4.1 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/527 ">expressjs/body-parser#527</a></li>
<li>deps: qs@6.12.3 by <a
href="https://github.com/melikhov-dev "><code>@melikhov-dev</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521 ">expressjs/body-parser#521</a></li>
<li>Add OSSF Scorecard badge by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/531 ">expressjs/body-parser#531</a></li>
<li>Linter by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534 ">expressjs/body-parser#534</a></li>
<li>Release: 1.20.3 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/535 ">expressjs/body-parser#535</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522 ">expressjs/body-parser#522</a></li>
<li><a
href="https://github.com/melikhov-dev "><code>@melikhov-dev</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521 ">expressjs/body-parser#521</a></li>
<li><a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/531 ">expressjs/body-parser#531</a></li>
<li><a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534 ">expressjs/body-parser#534</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 ">https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md ">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>1.20.3 / 2024-09-10</h1>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1752951367
"><code>1752951</code></a>
1.20.3</li>
<li><a
href="39744cfe2a
"><code>39744cf</code></a>
chore: linter (<a
href="https://redirect.github.com/expressjs/body-parser/issues/534 ">#534</a>)</li>
<li><a
href="b2695c4450
"><code>b2695c4</code></a>
Merge commit from fork</li>
<li><a
href="ade0f3f82f
"><code>ade0f3f</code></a>
add scorecard to readme (<a
href="https://redirect.github.com/expressjs/body-parser/issues/531 ">#531</a>)</li>
<li><a
href="99a1bd6245
"><code>99a1bd6</code></a>
deps: qs@6.12.3 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/521 ">#521</a>)</li>
<li><a
href="9478591605
"><code>9478591</code></a>
fix: pin to node@22.4.1</li>
<li><a
href="83db46a1e5
"><code>83db46a</code></a>
ci: fix errors in ci github action for node 8 and 9 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/523 ">#523</a>)</li>
<li><a
href="9d4e2125b5
"><code>9d4e212</code></a>
chore: add support for OSSF scorecard reporting (<a
href="https://redirect.github.com/expressjs/body-parser/issues/522 ">#522</a>)</li>
<li>See full diff in <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon ">ulisesgascon</a>, a new
releaser for body-parser since your current version.</p>
</details>
<br />
Updates `express` from 4.19.2 to 4.21.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases ">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>"back"</code> magic string in redirects by
<a href="https://github.com/blakeembrey "><code>@blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935 ">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954 ">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951 ">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93 "><code>@agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946 ">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93 "><code>@agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946 ">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.20.0...4.21.0 ">https://github.com/expressjs/express/compare/4.20.0...4.21.0 </a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561 ">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562 ">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito "><code>@marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565 ">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564 ">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5526 ">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5579 ">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>,
<code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>,
<code>body-parser</code> by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5587 ">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5590 ">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5600 ">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5433 ">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5605 ">expressjs/express#5605</a></li>
<li>deps: encodeurl@~2.0.0 by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5569 ">expressjs/express#5569</a></li>
<li>skip QUERY method test by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5628 ">expressjs/express#5628</a></li>
<li>ignore ETAG query test on 21 and 22, reuse skip util by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5639 ">expressjs/express#5639</a></li>
<li>add support Node.js@22 in the CI by <a
href="https://github.com/mertcanaltin "><code>@mertcanaltin</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5627 ">expressjs/express#5627</a></li>
<li>doc: add table of contents, tc/triager lists to readme by <a
href="https://github.com/mertcanaltin "><code>@mertcanaltin</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5619 ">expressjs/express#5619</a></li>
<li>List and sort all projects, add captains by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5653 ">expressjs/express#5653</a></li>
<li>docs: add <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
as captain for cookie-parser by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5666 ">expressjs/express#5666</a></li>
<li>✨ bring back query tests for node 21 by <a
href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5690 ">expressjs/express#5690</a></li>
<li>[v4] Deprecate <code>res.clearCookie</code> accepting
<code>options.maxAge</code> and <code>options.expires</code> by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5672 ">expressjs/express#5672</a></li>
<li>skip QUERY tests for Node 21 only, still not supported by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5695 ">expressjs/express#5695</a></li>
<li>📝 update people, add ctcpip to TC by <a
href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5683 ">expressjs/express#5683</a></li>
<li>remove minor version pinning from ci by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5722 ">expressjs/express#5722</a></li>
<li>Fix link variable use in attribution section of CODE OF CONDUCT by
<a href="https://github.com/IamLizu "><code>@IamLizu</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5762 ">expressjs/express#5762</a></li>
<li>Replace Appveyor windows testing with GHA by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5599 ">expressjs/express#5599</a></li>
<li>Add OSSF Scorecard badge by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5436 ">expressjs/express#5436</a></li>
<li>update scorecard link by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5814 ">expressjs/express#5814</a></li>
<li>Nominate <a
href="https://github.com/IamLizu "><code>@IamLizu</code></a> to the
triage team by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5836 ">expressjs/express#5836</a></li>
<li>deps: path-to-regexp@0.1.8 by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5603 ">expressjs/express#5603</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.0/History.md ">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location("back")</code> and
<code>res.redirect("back")</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7e562c6d8d
"><code>7e562c6</code></a>
4.21.0</li>
<li><a
href="1bcde96bc8
"><code>1bcde96</code></a>
fix(deps): qs@6.13.0 (<a
href="https://redirect.github.com/expressjs/express/issues/5946 ">#5946</a>)</li>
<li><a
href="7d36477568
"><code>7d36477</code></a>
fix(deps): serve-static@1.16.2 (<a
href="https://redirect.github.com/expressjs/express/issues/5951 ">#5951</a>)</li>
<li><a
href="40d2d8f2c8
"><code>40d2d8f</code></a>
fix(deps): finalhandler@1.3.1</li>
<li><a
href="77ada906db
"><code>77ada90</code></a>
Deprecate <code>"back"</code> magic string in redirects (<a
href="https://redirect.github.com/expressjs/express/issues/5935 ">#5935</a>)</li>
<li><a
href="21df421ebc
"><code>21df421</code></a>
4.20.0</li>
<li><a
href="4c9ddc1c47
"><code>4c9ddc1</code></a>
feat: upgrade to serve-static@0.16.0</li>
<li><a
href="9ebe5d500d
"><code>9ebe5d5</code></a>
feat: upgrade to send@0.19.0 (<a
href="https://redirect.github.com/expressjs/express/issues/5928 ">#5928</a>)</li>
<li><a
href="ec4a01b6b8
"><code>ec4a01b</code></a>
feat: upgrade to body-parser@1.20.3 (<a
href="https://redirect.github.com/expressjs/express/issues/5926 ">#5926</a>)</li>
<li><a
href="54271f69b5
"><code>54271f6</code></a>
fix: don't render redirect values in anchor href</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.21.0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 months ago
dependabot[bot]
24e00b4816
chore(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 in /functions ( #506 )
4 months ago
dependabot[bot]
31e02eb4a6
chore(deps): bump @google-cloud/firestore, firebase-admin and firebase-functions in /functions ( #503 )
...
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[@google-cloud/firestore](https://github.com/googleapis/nodejs-firestore )
to 7.9.0 and updates ancestor dependencies
[@google-cloud/firestore](https://github.com/googleapis/nodejs-firestore ),
[firebase-admin](https://github.com/firebase/firebase-admin-node ) and
[firebase-functions](https://github.com/firebase/firebase-functions ).
These dependencies need to be updated together.
Updates `@google-cloud/firestore` from 4.15.1 to 7.9.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/nodejs-firestore/releases "><code>@google-cloud/firestore</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.9.0</h2>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.8.0...v7.9.0 ">7.9.0</a>
(2024-06-25)</h2>
<h3>Features</h3>
<ul>
<li>Update FirebaseFirestore.v1 and FirebaseFirestore.v1beta1 auto-gen
types (<a
href="6732d4da3c
">6732d4d</a>)</li>
</ul>
<h2>v7.8.0</h2>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.7.0...v7.8.0 ">7.8.0</a>
(2024-05-28)</h2>
<h3>Features</h3>
<ul>
<li>Query profiling for VectorQuery (<a
href="d406f14612
">d406f14</a>)</li>
<li>Update Nodejs generator to send API versions in headers for GAPICs
(<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2041 ">#2041</a>)
(<a
href="6dbe4b0baa
">6dbe4b0</a>)</li>
</ul>
<h2>v7.7.0</h2>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.6.0...v7.7.0 ">7.7.0</a>
(2024-05-07)</h2>
<h3>Features</h3>
<ul>
<li>Add several fields to manage state of database encryption update (<a
href="5811492357
">5811492</a>)</li>
<li>Lazy-started transactions (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2017 ">#2017</a>)
(<a
href="2c726a1764
">2c726a1</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Nonblocking rollback (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2039 ">#2039</a>)
(<a
href="52099c8eb8
">52099c8</a>)</li>
<li>Upgrade the <code>google-gax</code> dependency version. (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2040 ">#2040</a>)
(<a
href="0b9efa6d5a
">0b9efa6</a>)</li>
</ul>
<h2>v7.6.0</h2>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.5.0...v7.6.0 ">7.6.0</a>
(2024-04-02)</h2>
<h3>Features</h3>
<ul>
<li>Vector Search (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2006 ">#2006</a>)
(<a
href="e906b4260d
">e906b42</a>)</li>
</ul>
<h2>v7.5.0</h2>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.4.0...v7.5.0 ">7.5.0</a>
(2024-03-25)</h2>
<h3>Features</h3>
<ul>
<li>Protos and autogen client for vector (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2027 ">#2027</a>)
(<a
href="c65cef0433
">c65cef0</a>)</li>
<li>Query Profile (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2014 ">#2014</a>)
(<a
href="9a45ec89fb
">9a45ec8</a>)</li>
</ul>
<h2>v7.4.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/nodejs-firestore/blob/main/CHANGELOG.md "><code>@google-cloud/firestore</code>'s
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.8.0...v7.9.0 ">7.9.0</a>
(2024-06-25)</h2>
<h3>Features</h3>
<ul>
<li>Update FirebaseFirestore.v1 and FirebaseFirestore.v1beta1 auto-gen
types (<a
href="6732d4da3c
">6732d4d</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.7.0...v7.8.0 ">7.8.0</a>
(2024-05-28)</h2>
<h3>Features</h3>
<ul>
<li>Query profiling for VectorQuery (<a
href="d406f14612
">d406f14</a>)</li>
<li>Update Nodejs generator to send API versions in headers for GAPICs
(<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2041 ">#2041</a>)
(<a
href="6dbe4b0baa
">6dbe4b0</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.6.0...v7.7.0 ">7.7.0</a>
(2024-05-07)</h2>
<h3>Features</h3>
<ul>
<li>Add several fields to manage state of database encryption update (<a
href="5811492357
">5811492</a>)</li>
<li>Lazy-started transactions (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2017 ">#2017</a>)
(<a
href="2c726a1764
">2c726a1</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Nonblocking rollback (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2039 ">#2039</a>)
(<a
href="52099c8eb8
">52099c8</a>)</li>
<li>Upgrade the <code>google-gax</code> dependency version. (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2040 ">#2040</a>)
(<a
href="0b9efa6d5a
">0b9efa6</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.5.0...v7.6.0 ">7.6.0</a>
(2024-04-02)</h2>
<h3>Features</h3>
<ul>
<li>Vector Search (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2006 ">#2006</a>)
(<a
href="e906b4260d
">e906b42</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.4.0...v7.5.0 ">7.5.0</a>
(2024-03-25)</h2>
<h3>Features</h3>
<ul>
<li>Protos and autogen client for vector (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2027 ">#2027</a>)
(<a
href="c65cef0433
">c65cef0</a>)</li>
<li>Query Profile (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2014 ">#2014</a>)
(<a
href="9a45ec89fb
">9a45ec8</a>)</li>
</ul>
<h2><a
href="https://github.com/googleapis/nodejs-firestore/compare/v7.3.1...v7.4.0 ">7.4.0</a>
(2024-03-15)</h2>
<h3>Features</h3>
<ul>
<li>A new message <code>Backup</code> is added (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2021 ">#2021</a>)
(<a
href="6bced86eab
">6bced86</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f73e28b69b
"><code>f73e28b</code></a>
chore(main): release 7.9.0 (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2073 ">#2073</a>)</li>
<li><a
href="3e91cf390a
"><code>3e91cf3</code></a>
chore: fix lint errors (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2074 ">#2074</a>)</li>
<li><a
href="6732d4da3c
"><code>6732d4d</code></a>
build: update gapic generator to allow individual location mixin
generation (...</li>
<li><a
href="672e6d8179
"><code>672e6d8</code></a>
build: Running the license script for files in the types folder (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2066 ">#2066</a>)</li>
<li><a
href="337641ab3a
"><code>337641a</code></a>
Build: Pin the protobuf library to v26.1 (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2064 ">#2064</a>)</li>
<li><a
href="f64c2d9f43
"><code>f64c2d9</code></a>
build: Pin the protobuf library to v27. Unblocks the release and pinning
prev...</li>
<li><a
href="e5812719fa
"><code>e581271</code></a>
build: update owlbot.py to compile before copying d.ts files from the
build f...</li>
<li><a
href="4c2dc11dcb
"><code>4c2dc11</code></a>
chore: [node] add auto-approve templates, and install dependencies with
engin...</li>
<li><a
href="6a23b6cedd
"><code>6a23b6c</code></a>
build: Attempting to fix an owlbot.py issue with copying to the types
folder ...</li>
<li><a
href="df748ac7c7
"><code>df748ac</code></a>
chore(main): release 7.8.0 (<a
href="https://redirect.github.com/googleapis/nodejs-firestore/issues/2048 ">#2048</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/googleapis/nodejs-firestore/compare/v4.15.1...v7.9.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `firebase-admin` from 10.2.0 to 12.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/firebase/firebase-admin-node/releases ">firebase-admin's
releases</a>.</em></p>
<blockquote>
<h2>Firebase Admin Node.js SDK v12.2.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>change: Deprecate Node.js 16 support (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2574 ">#2574</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>fix: Replace <code>farmhash</code> with <code>farmhash-modern</code>
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603 ">#2603</a>)</li>
<li>fix: Make ADC + human account work with firebase-admin (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553 ">#2553</a>)</li>
<li>fix: Use optional chaining in FirebaseError (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2581 ">#2581</a>)</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>[chore] Release 12.2.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605 ">#2605</a>)</li>
<li>build(deps): bump uuid from 9.0.1 to 10.0.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599 ">#2599</a>)</li>
<li>build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593 ">#2593</a>)</li>
<li>build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595 ">#2595</a>)</li>
<li>build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592 ">#2592</a>)</li>
<li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to
4.17.5 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594 ">#2594</a>)</li>
<li>build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0
to 7.8.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583 ">#2583</a>)</li>
<li>build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585 ">#2585</a>)</li>
<li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.34
to 0.2.35 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2575 ">#2575</a>)</li>
<li>build(deps-dev): bump chai-as-promised from 7.1.1 to 7.1.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2578 ">#2578</a>)</li>
<li>build(deps): bump <code>@google-cloud/storage</code> from 7.11.0 to
7.11.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2579 ">#2579</a>)</li>
</ul>
<h2>Firebase Admin Node.js SDK v12.1.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: Export error classes (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2151 ">#2151</a>)</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>[chore] Release 12.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2561 ">#2561</a>)</li>
<li>build(deps): updgrade jwks-rsa (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2570 ">#2570</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2568 ">#2568</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2566 ">#2566</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2567 ">#2567</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2569 ">#2569</a>)</li>
<li>build(deps-dev): bump <code>@firebase/auth-types</code> from 0.12.1
to 0.12.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2556 ">#2556</a>)</li>
<li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from
7.43.2 to 7.43.7 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2559 ">#2559</a>)</li>
<li>chore: upgrade firestore to 7.7.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2560 ">#2560</a>)</li>
<li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.32
to 0.2.33 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2555 ">#2555</a>)</li>
<li>build(deps): bump <code>@google-cloud/firestore</code> from 7.6.0
to 7.7.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2558 ">#2558</a>)</li>
<li>Fix api extractor issues to expose error types (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2549 ">#2549</a>)</li>
<li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.0 to
4.17.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2546 ">#2546</a>)</li>
<li>build(deps): bump <code>@google-cloud/storage</code> from 7.10.2 to
7.11.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2547 ">#2547</a>)</li>
<li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from
7.43.1 to 7.43.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2545 ">#2545</a>)</li>
<li>build(deps): bump <code>@types/node</code> from 20.12.7 to 20.12.10
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2544 ">#2544</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5620e9c6bd
"><code>5620e9c</code></a>
[chore] Release 12.2.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605 ">#2605</a>)</li>
<li><a
href="f6f7cb9650
"><code>f6f7cb9</code></a>
build(deps): bump uuid from 9.0.1 to 10.0.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599 ">#2599</a>)</li>
<li><a
href="b890182e73
"><code>b890182</code></a>
fix: Replace <code>farmhash</code> with <code>farmhash-modern</code> (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603 ">#2603</a>)</li>
<li><a
href="5f0f253301
"><code>5f0f253</code></a>
fix: Make ADC + human account work with firebase-admin (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553 ">#2553</a>)</li>
<li><a
href="fdde8c3a6f
"><code>fdde8c3</code></a>
build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593 ">#2593</a>)</li>
<li><a
href="07855bfd77
"><code>07855bf</code></a>
build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595 ">#2595</a>)</li>
<li><a
href="54405804a8
"><code>5440580</code></a>
build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592 ">#2592</a>)</li>
<li><a
href="5f01f63da5
"><code>5f01f63</code></a>
build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to 4.17.5
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594 ">#2594</a>)</li>
<li><a
href="4070f5bf41
"><code>4070f5b</code></a>
build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0 to
7.8.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583 ">#2583</a>)</li>
<li><a
href="07cfca83d8
"><code>07cfca8</code></a>
build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585 ">#2585</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/firebase/firebase-admin-node/compare/v10.2.0...v12.2.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `firebase-functions` from 3.21.0 to 3.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/firebase/firebase-functions/releases ">firebase-functions's
releases</a>.</em></p>
<blockquote>
<h2>v3.24.1</h2>
<ul>
<li>Fix reference docs for performance monitoring.</li>
<li>Fix bug where function configuration wil null values couldn't be
deployed. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1246 ">#1246</a>)</li>
</ul>
<h2>v3.24.0</h2>
<ul>
<li>Add performance monitoring triggers to v2 alerts (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1223 ">#1223</a>).</li>
</ul>
<h2>v3.23.0</h2>
<ul>
<li>Fixes a bug that disallowed setting customClaims and/or
sessionClaims in blocking functions (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1199 ">#1199</a>).</li>
<li>Add v2 Schedule Triggers (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1177 ">#1177</a>).</li>
</ul>
<h2>v3.22.0</h2>
<ul>
<li>Adds RTDB Triggers for v2 functions (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1127 ">#1127</a>)</li>
<li>Adds support for Firebase Admin SDK v11 (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1151 ">#1151</a>)</li>
<li>Fixes bug where emulated task queue function required auth header
(<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1154 ">#1154</a>)</li>
</ul>
<h2>v3.21.2</h2>
<ul>
<li>Fixes bug where <code>toJSON</code> was not defined in
<code>UserRecord</code> (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1125 ">#1125</a>).</li>
</ul>
<h2>v3.21.1</h2>
<ul>
<li>Add debug feature to enable cors option for v2 onRequest and onCall
handlers. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1099 ">#1099</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e4bda7d683
"><code>e4bda7d</code></a>
3.24.1</li>
<li><a
href="3c5392dfee
"><code>3c5392d</code></a>
Hide documentation for in-app feedback (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1245 ">#1245</a>)</li>
<li><a
href="cc6e28e6ed
"><code>cc6e28e</code></a>
Fix bug where function configuration with null couldn't be deployed. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1246 ">#1246</a>)</li>
<li><a
href="cf27ac6b0b
"><code>cf27ac6</code></a>
Adding required --project flag to v2 docgen script. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1239 ">#1239</a>)</li>
<li><a
href="1ac04adba9
"><code>1ac04ad</code></a>
fix tsdoc comments (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1240 ">#1240</a>)</li>
<li><a
href="bd0fcbc595
"><code>bd0fcbc</code></a>
[firebase-release] Removed change log and reset repo after 3.24.0
release</li>
<li><a
href="e191af7148
"><code>e191af7</code></a>
3.24.0</li>
<li><a
href="b93e397b32
"><code>b93e397</code></a>
Don't delete fields on a non-breaking change release (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1238 ">#1238</a>)</li>
<li><a
href="65e66a2138
"><code>65e66a2</code></a>
Converting alert type and app id to camel case in the CloudEvent (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1236 ">#1236</a>)</li>
<li><a
href="c18e832d92
"><code>c18e832</code></a>
Adds performance monitoring triggers to v2 alerts (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1223 ">#1223</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/firebase/firebase-functions/compare/v3.21.0...v3.24.1 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
dependabot[bot]
fa2df01d6d
chore(deps): bump jsonwebtoken, firebase-admin and firebase-functions in /functions ( #502 )
...
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken ) to
9.0.2 and updates ancestor dependencies
[jsonwebtoken](https://github.com/auth0/node-jsonwebtoken ),
[firebase-admin](https://github.com/firebase/firebase-admin-node ) and
[firebase-functions](https://github.com/firebase/firebase-functions ).
These dependencies need to be updated together.
Updates `jsonwebtoken` from 8.5.1 to 9.0.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md ">jsonwebtoken's
changelog</a>.</em></p>
<blockquote>
<h2>9.0.2 - 2023-08-30</h2>
<ul>
<li>security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes
<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/921 ">#921</a>.</li>
<li>refactor: reduce library size by using lodash specific dependencies,
closes <a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/878 ">#878</a>.</li>
</ul>
<h2>9.0.1 - 2023-07-05</h2>
<ul>
<li>fix(stubs): allow decode method to be stubbed</li>
</ul>
<h2>9.0.0 - 2022-12-21</h2>
<p><strong>Breaking changes: See <a
href="https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9 ">Migration
from v8 to v9</a></strong></p>
<h3>Breaking changes</h3>
<ul>
<li>Removed support for Node versions 11 and below.</li>
<li>The verify() function no longer accepts unsigned tokens by default.
([834503079514b72264fd13023a3b8d648afd6a16]<a
href="8345030795
</a>)</li>
<li>RSA key size must be 2048 bits or greater.
([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]<a
href="ecdf6cc607
</a>)</li>
<li>Key types must be valid for the signing / verification
algorithm</li>
</ul>
<h3>Security fixes</h3>
<ul>
<li>security: fixes <code>Arbitrary File Write via verify
function</code> - CVE-2022-23529</li>
<li>security: fixes <code>Insecure default algorithm in jwt.verify()
could lead to signature validation bypass</code> - CVE-2022-23540</li>
<li>security: fixes <code>Insecure implementation of key retrieval
function could lead to Forgeable Public/Private Tokens from RSA to
HMAC</code> - CVE-2022-23541</li>
<li>security: fixes <code>Unrestricted key type could lead to legacy
keys usage</code> - CVE-2022-23539</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bc28861f1f
"><code>bc28861</code></a>
Release 9.0.2 (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/935 ">#935</a>)</li>
<li><a
href="96b89060cf
"><code>96b8906</code></a>
refactor: use specific lodash packages (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/933 ">#933</a>)</li>
<li><a
href="ed35062239
"><code>ed35062</code></a>
security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/932 ">#932</a>)</li>
<li><a
href="84539b29e1
"><code>84539b2</code></a>
Updating package version to 9.0.1 (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/920 ">#920</a>)</li>
<li><a
href="a99fd4b473
"><code>a99fd4b</code></a>
fix(stubs): allow decode method to be stubbed (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/876 ">#876</a>)</li>
<li><a
href="e1fa9dcc12
"><code>e1fa9dc</code></a>
Merge pull request from GHSA-8cf7-32gw-wr33</li>
<li><a
href="5eaedbf2b0
"><code>5eaedbf</code></a>
chore(ci): remove github test actions job (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/861 ">#861</a>)</li>
<li><a
href="cd4163eb14
"><code>cd4163e</code></a>
chore(ci): configure Github Actions jobs for Tests & Security
Scanning (<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/856 ">#856</a>)</li>
<li><a
href="ecdf6cc607
"><code>ecdf6cc</code></a>
fix!: Prevent accidental use of insecure key sizes &
misconfiguration of secr...</li>
<li><a
href="8345030795
"><code>8345030</code></a>
fix(sign&verify)!: Remove default <code>none</code> support from
<code>sign</code> and <code>verify</code> met...</li>
<li>Additional commits viewable in <a
href="https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.2 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~charlesrea ">charlesrea</a>, a new releaser
for jsonwebtoken since your current version.</p>
</details>
<br />
Updates `firebase-admin` from 10.2.0 to 12.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/firebase/firebase-admin-node/releases ">firebase-admin's
releases</a>.</em></p>
<blockquote>
<h2>Firebase Admin Node.js SDK v12.2.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>change: Deprecate Node.js 16 support (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2574 ">#2574</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>fix: Replace <code>farmhash</code> with <code>farmhash-modern</code>
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603 ">#2603</a>)</li>
<li>fix: Make ADC + human account work with firebase-admin (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553 ">#2553</a>)</li>
<li>fix: Use optional chaining in FirebaseError (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2581 ">#2581</a>)</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>[chore] Release 12.2.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605 ">#2605</a>)</li>
<li>build(deps): bump uuid from 9.0.1 to 10.0.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599 ">#2599</a>)</li>
<li>build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593 ">#2593</a>)</li>
<li>build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595 ">#2595</a>)</li>
<li>build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592 ">#2592</a>)</li>
<li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to
4.17.5 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594 ">#2594</a>)</li>
<li>build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0
to 7.8.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583 ">#2583</a>)</li>
<li>build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585 ">#2585</a>)</li>
<li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.34
to 0.2.35 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2575 ">#2575</a>)</li>
<li>build(deps-dev): bump chai-as-promised from 7.1.1 to 7.1.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2578 ">#2578</a>)</li>
<li>build(deps): bump <code>@google-cloud/storage</code> from 7.11.0 to
7.11.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2579 ">#2579</a>)</li>
</ul>
<h2>Firebase Admin Node.js SDK v12.1.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: Export error classes (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2151 ">#2151</a>)</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>[chore] Release 12.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2561 ">#2561</a>)</li>
<li>build(deps): updgrade jwks-rsa (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2570 ">#2570</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2568 ">#2568</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2566 ">#2566</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2567 ">#2567</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2569 ">#2569</a>)</li>
<li>build(deps-dev): bump <code>@firebase/auth-types</code> from 0.12.1
to 0.12.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2556 ">#2556</a>)</li>
<li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from
7.43.2 to 7.43.7 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2559 ">#2559</a>)</li>
<li>chore: upgrade firestore to 7.7.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2560 ">#2560</a>)</li>
<li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.32
to 0.2.33 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2555 ">#2555</a>)</li>
<li>build(deps): bump <code>@google-cloud/firestore</code> from 7.6.0
to 7.7.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2558 ">#2558</a>)</li>
<li>Fix api extractor issues to expose error types (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2549 ">#2549</a>)</li>
<li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.0 to
4.17.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2546 ">#2546</a>)</li>
<li>build(deps): bump <code>@google-cloud/storage</code> from 7.10.2 to
7.11.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2547 ">#2547</a>)</li>
<li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from
7.43.1 to 7.43.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2545 ">#2545</a>)</li>
<li>build(deps): bump <code>@types/node</code> from 20.12.7 to 20.12.10
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2544 ">#2544</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5620e9c6bd
"><code>5620e9c</code></a>
[chore] Release 12.2.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605 ">#2605</a>)</li>
<li><a
href="f6f7cb9650
"><code>f6f7cb9</code></a>
build(deps): bump uuid from 9.0.1 to 10.0.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599 ">#2599</a>)</li>
<li><a
href="b890182e73
"><code>b890182</code></a>
fix: Replace <code>farmhash</code> with <code>farmhash-modern</code> (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603 ">#2603</a>)</li>
<li><a
href="5f0f253301
"><code>5f0f253</code></a>
fix: Make ADC + human account work with firebase-admin (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553 ">#2553</a>)</li>
<li><a
href="fdde8c3a6f
"><code>fdde8c3</code></a>
build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593 ">#2593</a>)</li>
<li><a
href="07855bfd77
"><code>07855bf</code></a>
build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595 ">#2595</a>)</li>
<li><a
href="54405804a8
"><code>5440580</code></a>
build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592 ">#2592</a>)</li>
<li><a
href="5f01f63da5
"><code>5f01f63</code></a>
build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to 4.17.5
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594 ">#2594</a>)</li>
<li><a
href="4070f5bf41
"><code>4070f5b</code></a>
build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0 to
7.8.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583 ">#2583</a>)</li>
<li><a
href="07cfca83d8
"><code>07cfca8</code></a>
build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585 ">#2585</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/firebase/firebase-admin-node/compare/v10.2.0...v12.2.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `firebase-functions` from 3.21.0 to 3.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/firebase/firebase-functions/releases ">firebase-functions's
releases</a>.</em></p>
<blockquote>
<h2>v3.24.1</h2>
<ul>
<li>Fix reference docs for performance monitoring.</li>
<li>Fix bug where function configuration wil null values couldn't be
deployed. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1246 ">#1246</a>)</li>
</ul>
<h2>v3.24.0</h2>
<ul>
<li>Add performance monitoring triggers to v2 alerts (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1223 ">#1223</a>).</li>
</ul>
<h2>v3.23.0</h2>
<ul>
<li>Fixes a bug that disallowed setting customClaims and/or
sessionClaims in blocking functions (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1199 ">#1199</a>).</li>
<li>Add v2 Schedule Triggers (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1177 ">#1177</a>).</li>
</ul>
<h2>v3.22.0</h2>
<ul>
<li>Adds RTDB Triggers for v2 functions (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1127 ">#1127</a>)</li>
<li>Adds support for Firebase Admin SDK v11 (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1151 ">#1151</a>)</li>
<li>Fixes bug where emulated task queue function required auth header
(<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1154 ">#1154</a>)</li>
</ul>
<h2>v3.21.2</h2>
<ul>
<li>Fixes bug where <code>toJSON</code> was not defined in
<code>UserRecord</code> (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1125 ">#1125</a>).</li>
</ul>
<h2>v3.21.1</h2>
<ul>
<li>Add debug feature to enable cors option for v2 onRequest and onCall
handlers. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1099 ">#1099</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e4bda7d683
"><code>e4bda7d</code></a>
3.24.1</li>
<li><a
href="3c5392dfee
"><code>3c5392d</code></a>
Hide documentation for in-app feedback (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1245 ">#1245</a>)</li>
<li><a
href="cc6e28e6ed
"><code>cc6e28e</code></a>
Fix bug where function configuration with null couldn't be deployed. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1246 ">#1246</a>)</li>
<li><a
href="cf27ac6b0b
"><code>cf27ac6</code></a>
Adding required --project flag to v2 docgen script. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1239 ">#1239</a>)</li>
<li><a
href="1ac04adba9
"><code>1ac04ad</code></a>
fix tsdoc comments (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1240 ">#1240</a>)</li>
<li><a
href="bd0fcbc595
"><code>bd0fcbc</code></a>
[firebase-release] Removed change log and reset repo after 3.24.0
release</li>
<li><a
href="e191af7148
"><code>e191af7</code></a>
3.24.0</li>
<li><a
href="b93e397b32
"><code>b93e397</code></a>
Don't delete fields on a non-breaking change release (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1238 ">#1238</a>)</li>
<li><a
href="65e66a2138
"><code>65e66a2</code></a>
Converting alert type and app id to camel case in the CloudEvent (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1236 ">#1236</a>)</li>
<li><a
href="c18e832d92
"><code>c18e832</code></a>
Adds performance monitoring triggers to v2 alerts (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1223 ">#1223</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/firebase/firebase-functions/compare/v3.21.0...v3.24.1 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
dependabot[bot]
7137067a15
chore(deps): bump express from 4.18.1 to 4.19.2 in /functions ( #501 )
...
Bumps [express](https://github.com/expressjs/express ) from 4.18.1 to
4.19.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases ">express's
releases</a>.</em></p>
<blockquote>
<h2>4.19.2</h2>
<h2>What's Changed</h2>
<ul>
<li><a
href="0b746953c4
">Improved
fix for open redirect allow list bypass</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.19.1...4.19.2 ">https://github.com/expressjs/express/compare/4.19.1...4.19.2 </a></p>
<h2>4.19.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix ci after location patch by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5552 ">expressjs/express#5552</a></li>
<li>fixed un-edited version in history.md for 4.19.0 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5556 ">expressjs/express#5556</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.19.0...4.19.1 ">https://github.com/expressjs/express/compare/4.19.0...4.19.1 </a></p>
<h2>4.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix typo in release date by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5527 ">expressjs/express#5527</a></li>
<li>docs: nominating <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> to be
project captian by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5511 ">expressjs/express#5511</a></li>
<li>docs: loosen TC activity rules by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5510 ">expressjs/express#5510</a></li>
<li>Add note on how to update docs for new release by <a
href="https://github.com/crandmck "><code>@crandmck</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5541 ">expressjs/express#5541</a></li>
<li><a
href="660ccf5fa3
">Prevent
open redirect allow list bypass due to encodeurl</a></li>
<li>Release 4.19.0 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5551 ">expressjs/express#5551</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/crandmck "><code>@crandmck</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5541 ">expressjs/express#5541</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.18.3...4.19.0 ">https://github.com/expressjs/express/compare/4.18.3...4.19.0 </a></p>
<h2>4.18.3</h2>
<h2>Main Changes</h2>
<ul>
<li>Fix routing requests without method</li>
<li>deps: body-parser@1.20.2
<ul>
<li>Fix strict json error message on Node.js 19+</li>
<li>deps: content-type@~1.0.5</li>
<li>deps: raw-body@2.5.2</li>
</ul>
</li>
</ul>
<h2>Other Changes</h2>
<ul>
<li>Use https: protocol instead of deprecated git: protocol by <a
href="https://github.com/vcsjones "><code>@vcsjones</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5032 ">expressjs/express#5032</a></li>
<li>build: Node.js@16.18 and Node.js@18.12 by <a
href="https://github.com/abenhamdine "><code>@abenhamdine</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5034 ">expressjs/express#5034</a></li>
<li>ci: update actions/checkout to v3 by <a
href="https://github.com/armujahid "><code>@armujahid</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5027 ">expressjs/express#5027</a></li>
<li>test: remove unused function arguments in params by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5124 ">expressjs/express#5124</a></li>
<li>Remove unused originalIndex from acceptParams by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5119 ">expressjs/express#5119</a></li>
<li>Fixed typos by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5117 ">expressjs/express#5117</a></li>
<li>examples: remove unused params by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5113 ">expressjs/express#5113</a></li>
<li>fix: parameter str is not described in JSDoc by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5130 ">expressjs/express#5130</a></li>
<li>fix: typos in History.md by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5131 ">expressjs/express#5131</a></li>
<li>build : add Node.js@19.7 by <a
href="https://github.com/abenhamdine "><code>@abenhamdine</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5028 ">expressjs/express#5028</a></li>
<li>test: remove unused function arguments in params by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5137 ">expressjs/express#5137</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/master/History.md ">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.19.2 / 2024-03-25</h1>
<ul>
<li>Improved fix for open redirect allow list bypass</li>
</ul>
<h1>4.19.1 / 2024-03-20</h1>
<ul>
<li>Allow passing non-strings to res.location with new encoding handling
checks</li>
</ul>
<h1>4.19.0 / 2024-03-20</h1>
<ul>
<li>Prevent open redirect allow list bypass due to encodeurl</li>
<li>deps: cookie@0.6.0</li>
</ul>
<h1>4.18.3 / 2024-02-29</h1>
<ul>
<li>Fix routing requests without method</li>
<li>deps: body-parser@1.20.2
<ul>
<li>Fix strict json error message on Node.js 19+</li>
<li>deps: content-type@~1.0.5</li>
<li>deps: raw-body@2.5.2</li>
</ul>
</li>
<li>deps: cookie@0.6.0
<ul>
<li>Add <code>partitioned</code> option</li>
</ul>
</li>
</ul>
<h1>4.18.2 / 2022-10-08</h1>
<ul>
<li>Fix regression routing a large stack in a single route</li>
<li>deps: body-parser@1.20.1
<ul>
<li>deps: qs@6.11.0</li>
<li>perf: remove unnecessary object clone</li>
</ul>
</li>
<li>deps: qs@6.11.0</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="04bc62787b
"><code>04bc627</code></a>
4.19.2</li>
<li><a
href="da4d763ff6
"><code>da4d763</code></a>
Improved fix for open redirect allow list bypass</li>
<li><a
href="4f0f6cc67d
"><code>4f0f6cc</code></a>
4.19.1</li>
<li><a
href="a003cfab03
"><code>a003cfa</code></a>
Allow passing non-strings to res.location with new encoding handling
checks f...</li>
<li><a
href="a1fa90fcea
"><code>a1fa90f</code></a>
fixed un-edited version in history.md for 4.19.0</li>
<li><a
href="11f2b1db22
"><code>11f2b1d</code></a>
build: fix build due to inconsistent supertest behavior in older
versions</li>
<li><a
href="084e36506a
"><code>084e365</code></a>
4.19.0</li>
<li><a
href="0867302ddb
"><code>0867302</code></a>
Prevent open redirect allow list bypass due to encodeurl</li>
<li><a
href="567c9c665d
"><code>567c9c6</code></a>
Add note on how to update docs for new release (<a
href="https://redirect.github.com/expressjs/express/issues/5541 ">#5541</a>)</li>
<li><a
href="69a4cf2819
"><code>69a4cf2</code></a>
deps: cookie@0.6.0</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.18.1...4.19.2 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~wesleytodd ">wesleytodd</a>, a new releaser
for express since your current version.</p>
</details>
<br />
[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.18.1&new-version=4.19.2 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>
4 months ago
dependabot[bot]
ca4a79d462
chore(deps): bump jose from 2.0.5 to 2.0.7 in /functions ( #500 )
...
Bumps [jose](https://github.com/panva/jose ) from 2.0.5 to 2.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/releases ">jose's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.7</h2>
<h3>Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="02a65794f7
">02a6579</a>),
fixes <a
href="https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q ">CVE-2024-28176</a></li>
</ul>
<h2>v2.0.6</h2>
<h3>Fixes</h3>
<ul>
<li>limit default PBES2 alg's computational expense (<a
href="c1512be660
">c1512be</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/blob/v2.0.7/CHANGELOG.md ">jose's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/panva/jose/compare/v2.0.6...v2.0.7 ">2.0.7</a>
(2024-03-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="02a65794f7
">02a6579</a>)</li>
</ul>
<h2><a
href="https://github.com/panva/jose/compare/v2.0.5...v2.0.6 ">2.0.6</a>
(2022-09-01)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>limit default PBES2 alg's computational expense (<a
href="c1512be660
">c1512be</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0fbe2e68c7
"><code>0fbe2e6</code></a>
chore(release): 2.0.7</li>
<li><a
href="02a65794f7
"><code>02a6579</code></a>
fix: add a maxOutputLength option to zlib inflate</li>
<li><a
href="d1be83faa6
"><code>d1be83f</code></a>
chore(release): 2.0.6</li>
<li><a
href="c1512be660
"><code>c1512be</code></a>
fix: limit default PBES2 alg's computational expense</li>
<li>See full diff in <a
href="https://github.com/panva/jose/compare/v2.0.5...v2.0.7 ">compare
view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jose&package-manager=npm_and_yarn&previous-version=2.0.5&new-version=2.0.7 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>
4 months ago
Nils Reichardt
91965f8dd1
ci: update `actions/checkout` from v2 to v3 in our GitHub workflows ( #499 )
...
## Description
Node 12 is deprecated for GitHub Actions. This is the reason why we are
getting a warning from GitHub:
> Node.js 12 actions are deprecated. Please update the following actions
to use Node.js 16: actions/checkout@v2. For more information see:
https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ .
This PR updates `actions/checkout` from v2 to v3 which should fix the
problem.
## Type of Change
<!--- Put an `x` in all the boxes that apply: -->
- [ ] ✨ New feature (non-breaking change which adds functionality)
- [ ] 🛠️ Bug fix (non-breaking change which fixes an issue)
- [ ] ❌ Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] 🧹 Code refactor
- [x] ✅ Build configuration change
- [ ] 📝 Documentation
- [ ] 🗑️ Chore
Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>
4 months ago
Álvaro Stivi
1c6a3cde65
Flutter 3.22 ( #505 )
...
## Description
Updates dependencies in general for the code to be able to build with
the latest version of flutter and dart.
## Type of Change
- [ ] ✨ New feature (non-breaking change which adds functionality)
- [x] 🛠️ Bug fix (non-breaking change which fixes an issue)
- [x] ❌ Breaking change (fix or feature that would cause existing
functionality to change)
- [x] 🧹 Code refactor
- [x] ✅ Build configuration change
- [x] 📝 Documentation
- [x] 🗑️ Chore
4 months ago
Alejandro Santiago
0c21af0e2d
fix: made Ball a bullet ( #483 )
...
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Allison Ryan
b21e7f9e5f
refactor: migrate flutter forest to new bloc api ( #481 )
...
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Tom Arra
f04808dc36
ci: remove auto deploy to staging ( #482 )
3 years ago
Tom Arra
c41e41d66e
fix: update Firestore rules ( #469 )
...
* fix: udpate firestore rules
* updated initial check for specific characters
* Better Regex
* kick the bot
* remove space to rekick
* kick
3 years ago
Tom Arra
75a5cf7537
Revert "feat: better audio pool ( #461 )"
...
This reverts commit 5492cfaef2
.
3 years ago
Allison Ryan
86980a7035
fix: ball theming on mobile ( #462 )
3 years ago
Erick
5492cfaef2
feat: better audio pool ( #461 )
...
* feat: better audio pool
* cspell
* lint
* typo
* coverage
* Apply suggestions from code review
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* suggestions
* suggestions
* pr
* lint
* lint
* lint
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Allison Ryan
a73f464afe
refactor: increase animation cooldown ( #460 )
...
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Jochum van der Ploeg
937a18a207
fix: game controls are only allowed while the game is playing ( #459 )
...
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Allison Ryan
1ee4557855
fix: throttle dino audio ( #457 )
3 years ago
Allison Ryan
d2dd83ff66
fix: ball getting stuck under dino ( #454 )
...
* fix: ball going under dino
* chore: remove debug rendering
* chore: unused import
Co-authored-by: Alejandro Santiago <dev@alestiago.com>
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Alejandro Santiago
5007705e82
fix: enable auto-pulling for all devices ( #455 )
3 years ago
Allison Ryan
e90de8dedd
fix: zoom level for plunger ( #453 )
3 years ago
Alejandro Santiago
ad77839d3a
revert: changed `CameraFocusingBehavior` logic ( #451 )
...
* revert: changed CameraFocusingBehavior logic
* refactor: removed unnecessary type
Co-authored-by: Erick <erickzanardoo@gmail.com>
* fix: coverage
Co-authored-by: Erick <erickzanardoo@gmail.com>
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Allison Ryan
1c8813e039
feat: loop animatronics ( #452 )
...
* feat: loop animatronics
* chore: rename animationCooldown
* fix: appease cspell
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Erick
5431f2058a
feat: flipper sfx ( #449 )
...
* feat: flipper sfx
* lint
* Apply suggestions from code review
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* pr
* lint
* Update packages/pinball_audio/lib/src/pinball_audio.dart
Co-authored-by: Alejandro Santiago <dev@alestiago.com>
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
Co-authored-by: Alejandro Santiago <dev@alestiago.com>
3 years ago
Allison Ryan
855e93ec56
feat: flutter forest reset ( #448 )
...
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Rui Miguel Alonso
32e3e8d641
fix: `SpaceshipRamp` logic ( #416 )
...
* feat: added behaviors for arrow
* feat: arrow behaviors
* refactor: changed ramp behaviors to new flame bloc
* feat: reset and blinking on ramp
* fix: added behaviors to ramp and some tests
* test: coverage
* refactor: spaceship ramp sandbox
* chore: clean prints
* refactor: unnecessary test methods
* chore: removed unused files
* refactor: remove arrow blinking from this pr
* test: coverage
* refactor: ramp bonus listen when refactored
* refactor: moved FlameBlocProvider inside SpaceshipRamp
* refactor: moved FlameBlocProvider inside SpaceshipRamp and refactor tests
* chore: removed tests failures
* test: removed golden tests for spaceship
* chore: failure tests images
* test: refactor test
* test: coverage
* Update test/game/components/android_acres/behaviors/ramp_progress_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_reset_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_shot_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_reset_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update packages/pinball_components/test/src/components/spaceship_ramp/cubit/spaceship_ramp_state_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_progress_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_progress_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_progress_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_progress_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update test/game/components/android_acres/behaviors/ramp_progress_behavior_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* refactor: flamebloclistenable
* Update packages/pinball_components/test/src/components/spaceship_ramp/cubit/spaceship_ramp_cubit_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* Update packages/pinball_components/test/src/components/spaceship_ramp/spaceship_ramp_test.dart
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
* refactor: changed listenWhen conditions
* chore: formatting
* test: coverage
* test: multiblocprovider
* Update packages/pinball_components/lib/src/components/spaceship_ramp/cubit/spaceship_ramp_cubit.dart
Co-authored-by: Alejandro Santiago <dev@alestiago.com>
* Update packages/pinball_components/lib/src/components/spaceship_ramp/cubit/spaceship_ramp_state.dart
Co-authored-by: Alejandro Santiago <dev@alestiago.com>
* test: refactored tests
* refactor: max multiplier
* test: fixed error in test
* refactor: removed trailing commas
* test: used ensureAdd
* test: awaited zero duration to trigger next event loop
* test: triggered next event loop
* test: triggered next event loop
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
Co-authored-by: Alejandro Santiago <dev@alestiago.com>
3 years ago
Allison Ryan
394e1fe724
fix: revert to invisible ink wells ( #447 )
3 years ago
Jochum van der Ploeg
98ac639493
fix: handle game resizing ( #446 )
...
* fix: handle game resizing
* Update lib/game/behaviors/camera_focusing_behavior.dart
Co-authored-by: Erick <erickzanardoo@gmail.com>
Co-authored-by: Erick <erickzanardoo@gmail.com>
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
3 years ago
Erick
5e8ac20d37
feat: throttle assets loading for more stability ( #443 )
...
* feat: throttle assets loading for more stability
* lint
* coveragE
* chore: remove instances of e
Co-authored-by: Allison Ryan <allisonryan0002@gmail.com>
3 years ago
Allison Ryan
4ad59a795a
chore: fix sandbox and asset cache loading ( #445 )
3 years ago
Alejandro Santiago
973375a9b3
refactor: implemented `FlipperMovingBehavior` ( #444 )
3 years ago
Alejandro Santiago
0ac9cb3140
fix: replaying resets game state ( #441 )
...
* feat: added replay functionality
* feat: resetting google word bonus
* Merge remote-tracking branch 'origin' into feat/replay-functionality
* test: tested Replay overlay
* docs: fixed typo
* test: renamed test
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
3 years ago
Allison Ryan
032618020e
fix: android bonus animation ( #442 )
3 years ago
Elizabeth Gaston
0d52fcd72a
chore: Update text for sharing to social media ( #429 )
...
* chore: Update text for sharing to social media
* Update app_en.arb
* Adding line break
Co-authored-by: Allison Ryan <77211884+allisonryan0002@users.noreply.github.com>
3 years ago
Jorge Coca
03c4728372
fix: open source link not opening on mobile ( #440 )
3 years ago
Jorge Coca
43ceb0db32
fix: await firebase init and anonymous auth ( #439 )
3 years ago
Alejandro Santiago
461471b01f
refactor: implemented `Plunger` behaviors ( #434 )
...
* feat: defined Plunger behaviors
* refactor: removed ComponentController
* refactor: implementing plunger behaviors
* feat: tested plunger behaviors
* feat: applied Plunger behaviours depending on platfotm
* refactor: fixed typos
* test: updated tap
* refactor: removed key_testers
* refactor: PR typos
* test: added strength assertions
* test: updated goldens
* refactor: renamed methods
* refactor: fixed typo
* refactor: removed dead file
3 years ago
Jorge Coca
11c076c386
revert: mobile backgrounds load on mobile ( #437 )
3 years ago
Allison Ryan
06c29d925b
chore: remove ink well fill ( #432 )
...
* refactor: remove ink well fill
* refactor: use gesture detector
3 years ago
Allison Ryan
1e804694ff
feat: google letter animation sequence ( #431 )
...
Co-authored-by: Tom Arra <tarra3@gmail.com>
3 years ago
Jorge Coca
326265c640
perf: compress new app backgrounds ( #435 )
3 years ago
Allison Ryan
43beb3db39
feat: add rollover sounds ( #430 )
...
* feat: rollover sounds
* style: trailing comma
3 years ago
Jorge Coca
bac790db95
fix: share links open in mobile ( #428 )
3 years ago
Erick
bab088faea
feat: setting background music to 60% for better tuning ( #424 )
...
* feat: setting background music to 60% for better tuning
* better code
3 years ago
Allison Ryan
37f35dc60f
feat: google bonus ball and multiball sync ( #425 )
3 years ago
Tom Arra
e97806bb8d
fix: update repo name ( #427 )
3 years ago
Tom Arra
ad62079c56
fix: use real url ( #426 )
3 years ago
Allison Ryan
5bc02eb570
fix: disable backgrounds on mobile ( #411 )
...
* fix: disable backgrounds on mobile
* refactor: inject platform helper
* refactor: make platformHelper public
* fix: suggestion
3 years ago
Allison Ryan
a20c2141e5
fix: commas in share score ( #423 )
3 years ago
Erick
1316712383
fix: prevent overlapping background music ( #422 )
...
* fix: prevent overlaping background music
* coverage
3 years ago