fix(deps): update all non-major dependencies#89
Open
renovate[bot] wants to merge 1 commit intomasterfrom
Open
Conversation
d0b1efb to
a8fd2f4
Compare
a8fd2f4 to
46fd3d0
Compare
5183031 to
6f78948
Compare
6175700 to
b0f7652
Compare
b0f7652 to
819a440
Compare
819a440 to
f73e9ec
Compare
f73e9ec to
5de54c7
Compare
5de54c7 to
237e6d1
Compare
237e6d1 to
5cc177d
Compare
5cc177d to
8347dd1
Compare
8347dd1 to
df7fec1
Compare
d439885 to
71617df
Compare
e0f7f08 to
96b38ed
Compare
44a91a1 to
81251f5
Compare
81251f5 to
6fc46af
Compare
990a497 to
b2c8ac0
Compare
6df433d to
2b66b7e
Compare
5f64faf to
134cd81
Compare
7df77c6 to
ebeb3c3
Compare
e4e7844 to
e0cbcf5
Compare
5699d77 to
ca75213
Compare
00c3127 to
6bcfa0c
Compare
10a2e9d to
fd2fa9d
Compare
fd2fa9d to
08f5807
Compare
50c2223 to
e1904b8
Compare
fb296a1 to
d557c5a
Compare
d557c5a to
e7bc037
Compare
e7bc037 to
0ee9669
Compare
0ee9669 to
a0eec70
Compare
08721c1 to
f80ae95
Compare
aaffeb6 to
68fb0dc
Compare
68fb0dc to
ca02a0d
Compare
ca02a0d to
17c6c6e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^7.11.0→^7.11.6^3.4.1→^3.7.5^13.29.2→^13.35.120→20.20.016→16.20.220→20.20.020.x→20.20.0^8.19.0→^8.19.4^3.17.4→^3.19.3Release Notes
googleapis/nodejs-firestore (@google-cloud/firestore)
v7.11.6Compare Source
Bug Fixes
v7.11.5Compare Source
Bug Fixes
v7.11.4Compare Source
Bug Fixes
v7.11.3Compare Source
Bug Fixes
v7.11.2Compare Source
Bug Fixes
v7.11.1Compare Source
Bug Fixes
firebase/firebase-tools (firebase-tools)
v13.35.1Compare Source
v13.35.0Compare Source
firebase.json. (#8314)ext:installused POSIX file seperators on Windows machines. (#8326)firebase loginwould not be correctly provided to the Data Connect emulator.firebase init dataconnectconnector.yamltemplate.v13.34.0Compare Source
siteinfirebase.json. (#8295)dataconnect:sql:setup. (#8150)IntandInt64scalars to correctly validate theint32andint64ranges, respectively.pnpmproperly uses thelinkfunctionality.v13.33.0Compare Source
apps:initfails to detect the output directory when it was run in a directory whereappwas the only module.LOG_EXECUTION_ID=trueby default for Cloud Functions (2nd gen) to improve debugging by displaying execution IDs in logs. (#8276)undefinedto be passed when callingmutate.moduleResolutionis set tobundler.FirebaseErrorwasn't being passed intoUseMutationOptions.v13.32.0Compare Source
VSCODE_CWDcheck to address issues running in VSCode environments. (#7471)apps:initthrows an error upon app creation.deploy --only._metadata.distancefield to vector similarity search resultsauthandrequest.authwhen the request is unauthenticated{ __angular?: true }breaks type inference in the generated Web SDKv13.31.2Compare Source
--importpath was incorrectly resolved for the Data Connect emulator. (#8219)FirebaseErrorimport. (#8232)v13.31.1Compare Source
firebase init dataconnectwould crash on React-based web apps.firebaseget a "missing import" error.v13.31.0Compare Source
v1betaAPI tov1API.apps:initunder experimental flag (appsinit) that automatically detects what SDK to download and places the file in the corresponding place.appdistribution:testers:listraising an error when a tester is not part of any group. (#8191)v1Data Connect API in the emulator@checkto also be evaluated for admin auth@redactfieldsv13.30.0Compare Source
*.firebasestorage.appnot being recognized as a valid Storage bucket name. (#8152)v13.29.3Compare Source
.env.*files for web frameworks in Windows (#8086)nodejs/node (node)
v20.20.0: 2026-01-13, Version 20.20.0 'Iron' (LTS), @marco-ippolitoCompare Source
This is a security release.
Notable Changes
lib:
lib,permission:
src:
src,lib:
tls:
Commits
8f9ba3f623] - deps: update c-ares to v1.34.6 (Node.js GitHub Bot) #6099797fc9b0eb7] - deps: update undici to 6.23.0 (Matteo Collina) nodejs-private/node-private#79214fbbb510c] - (CVE-2025-55132) lib: disable futimes when permission model is enabled (RafaelGSS) nodejs-private/node-private#8021febc48d5b] - (CVE-2025-59465) lib: add TLSSocket default error handler (RafaelGSS) nodejs-private/node-private#797494f62dc23] - (CVE-2025-55130) lib,permission: require full read and write to symlink APIs (RafaelGSS) nodejs-private/node-private#760d7a5c587c0] - (CVE-2025-59466) src: rethrow stack overflow exceptions in async_hooks (Matteo Collina) nodejs-private/node-private#77351f4de4b4a] - (CVE-2025-55131) src,lib: refactor unsafe buffer creation to remove zero-fill toggle (Сковорода Никита Андреевич) nodejs-private/node-private#75985f73e7057] - (CVE-2026-21637) tls: route callback exceptions through error handlers (Matteo Collina) nodejs-private/node-private#796v20.19.6: 2025-11-25, Version 20.19.6 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #58313Commits
0f644df42e] - build: fix 'implicit-function-declaration' on OpenHarmony platform (hqzing) #59547fba0025b9c] - build: usewindows-2025runner (Michaël Zasso) #596733456ec946d] - crypto: update root certificates to NSS 3.116 (Node.js GitHub Bot) #599566277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #595711788fb5f3d] - deps: update undici to 6.22.0 (Matteo Collina) #601125d61b55f24] - deps: update uvwasi to 0.0.23 (Node.js GitHub Bot) #597919f1e5e4637] - deps: update histogram to 0.11.9 (Node.js GitHub Bot) #59689d0edb01d25] - deps: update googletest toeb2d85e(Node.js GitHub Bot) #59335576242ff39] - deps: V8: cherry-picka0d0d4f(Ho Cheung) #60716a07a277020] - deps: update corepack to 0.34.1 (Node.js GitHub Bot) #60314fa5c5af8ce] - deps: update archs files for openssl-3.0.17 (Node.js GitHub Bot) #59134556113e2fc] - deps: upgrade openssl sources to openssl-3.0.17 (Node.js GitHub Bot) #59134cd1536ca90] - deps: update corepack to 0.34.0 (Node.js GitHub Bot) #59133acec79989e] - deps: V8: cherry-pick6b1b9bc(zhoumingtao) #59283e65b930aa7] - deps: V8: backport2e4c5cf(Michaël Zasso) #606541b75a601f7] - doc: fix typo on child_process.md (Angelo Gazzola) #60114a2bcb217c6] - doc: fix typo in section on microtask order (Tobias Nießen) #599322426d3f3ff] - doc: add security escalation policy (Ulises Gascón) #59806e7f6f04758] - doc: add Miles Guicent as triager (Miles Guicent) #59562e51ef3f48b] - doc: update install_tools.bat free disk space (Stefan Stojanovic) #595798a504d900a] - doc: fix missing link to the Error documentation in thehttppage (Alexander Makarenko) #590808c5c8aa71d] - doc: clarify experimental platform vulnerability policy (Matteo Collina) #59591109c4bff77] - doc: add security incident reponse plan (Rafael Gonzaga) #594704f004efdf3] - doc: add RafaelGSS as performance strategic lead (Rafael Gonzaga) #59445caa2db4bac] - doc: fix links in test.md (Vas Sudanagunta) #58876082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #5911319a66365d9] - doc: clarify DEP0194 scope (Antoine du Hamel) #58504db68cec4cb] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #583133b2368774f] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #58291960d05ad7d] - doc: add history entries to--input-typesection (Antoine du Hamel) #5817520616f1750] - http2: do not crash on mismatched ping buffer length (René) #601359eb94232c8] - lib: handle superscript variants on windows device (Rafael Gonzaga) #59261dc58b4e35f] - meta: move Michael to emeritus (Michael Dawson) #60070d943cfb260] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #60093de9a3aaf0f] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #60094b4b5d4a4d7] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #60096e5b4eee901] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #600907cb032c2c1] - meta: update devcontainer to the latest schema (Aviv Keller) #54347bb108191aa] - meta: callcreate-release-post.ymlpost release (Aviv Keller) #603662a11d50526] - module: correctly detect top-level await in ambiguous contexts (Shima Ryuhei) #58646144233b71a] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #60103409cb773a4] - repl: fix cpu overhead pasting big strings to the REPL (Ruben Bridgewater) #59857d1c9d80cac] - repl: add isValidParentheses check before wrap input (Xuguang Mei) #59607b8d145db2c] - src: fix order of CHECK_NOT_NULL/dereference (Tobias Nießen) #594872c8a73f95f] - src: remove duplicate assignment ofO_EXCLin node_constants.cc (Daniel Osvaldo R) #59049b1da374503] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #599934b4e38f497] - test: mark sea tests flaky on macOS x64 (Richard Lau) #60068cbf4fc34c3] - test: skip more sea tests on Linux ppc64le (Richard Lau) #597559543facad7] - test: mark test-inspector-network-fetch as flaky again (Joyee Cheung) #596404f858d22ac] - test: skip test-fs-cp* tests that are constantly failing on Windows (Joyee Cheung) #596373ec534dbe8] - test: skip sea tests on Linux ppc64le (Richard Lau) #59563a7a109f926] - test: fix typos (Lee Jiho) #59330fd9d43da46] - test: skip failing test on macOS 15.7+ (Antoine du Hamel) #60419bc3ffbd713] - test_runner: fix isSkipped check in junit (Sungwon) #594140cace96472] - test_runner: correct "already mocked" error punctuation placement (Jacob Smith) #5884076001f9480] - tools: remove unused actions frombuild-tarball.yml(Antoine du Hamel) #5978769904844bb] - tools: do not attempt to compress tgz archive (Antoine du Hamel) #59785a6e7adb173] - tools: fix return value of try_check_compiler (theanarkh) #594346443ad2da5] - tools: drop deprecatedmacos-13runner (Richard Lau) #6067945ec702ef7] - tools: fixtools/make-v8.shfor clang (Richard Lau) #59893393ff7226e] - util: fix numericSeparator with negative fractional numbers (sangwook) #593799e8beff0f4] - util: fix error's namespaced node_modules highlighting using inspect (Ruben Bridgewater) #59446v20.19.5: 2025-09-03, Version 20.19.5 'Iron' (LTS), @marco-ippolitoCompare Source
Notable Changes
f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #583554e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584993c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241Commits
ea20403467] - build: fix uvwasi pkgname (Antoine du Hamel) #58270c647aa4b30] - build: fix pointer compression builds (Joyee Cheung) #58171d2c5e609ae] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #5886784d5c4d244] - build: search for libnode.so in multiple places (Jan Staněk) #58213068c439552] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #58942edff105c34] - debugger: fix behavior of plain object exec in debugger repl (Dario Piotrowicz) #574980473e35b7f] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #586281218dbbea5] - deps: update zlib to 1.3.0.1-motley-780819f (Node.js GitHub Bot) #577680e3cd9ec00] - deps: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) #56655a194dd9bd4] - deps: update archs files for openssl-3.0.16 (Node.js GitHub Bot) #57335cc9b79ca70] - deps: upgrade openssl sources to quictls/openssl-3.0.16 (Node.js GitHub Bot) #5733582c46d5358] - deps: update cjs-module-lexer to 2.1.0 (Node.js GitHub Bot) #5718043e3f9b26b] - deps: update cjs-module-lexer to 2.0.0 (Michael Dawson) #5685591282ff16b] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #58566b76bca6f38] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #58711ae11481011] - deps: update acorn to 8.14.1 (Node.js GitHub Bot) #57382142d701201] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #58712fee082d684] - deps: update llhttp to 9.3.0 (Fedor Indutny) #58144c06f6f3f05] - dns: remove redundant code using common variable (Deokjin Kim) #57386cded8e7e77] - dns: fix parse memory leaky (theanarkh) #58973182ae67233] - dns: fix dns query cache implementation (Ethan Arrowood) #58404621b66a297] - doc: add review guidelines for collaborator nominations (Antoine du Hamel) #57449b1009b5b72] - doc: explicit mention arbitrary code execution as a vuln (Rafael Gonzaga) #57426f5b293ad48] - doc: add JonasBa to collaborators (Jonas Badalic) #583554e6ae787c6] - doc: add puskin to collaborators (Giovanni Bucci) #58308530473f479] - doc: add ovflowd back to core collaborators (Claudio W.) #5891138e8bbc131] - doc: add info on how project manages social media (Michael Dawson) #57318d06bb4dcc2] - doc: ping nodejs/tsc for each security pull request (Rafael Gonzaga) #57309d06db658fc] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #584998c3bc156ed] - doc: clarifypath.isAbsoluteis not path traversal mitigation (Eric Fortis) #57073e688410bda] - doc: fix rendering of DEP0174 description (David Sanders) #56835e6a0c6a0fa] - doc: add missing assert return types (Colin Ihrig) #57219026b3cab6a] - doc: add 1ilsang to triage team (1ilsang) #571833c6206cac9] - doc: add @geeksilva97 to collaborators (Edy Silva) #57241ef3a4675c7] - doc: fix web.libera.chat link in pull-requests.md (Samuel Bronson) #570761db42b76f7] - doc: remove buffered flag from performance hooks examples (Pavel Romanov) #52607b73a1356ce] - doc: addmodule namespace objectlinks (Dario Piotrowicz) #5709309368db20f] - doc: disambiguate pseudo-code statement (Dario Piotrowicz) #570922c3dc569a1] - doc: fix wrong articles used to address modules (Dario Piotrowicz) #57090cd8259cb4e] - doc:modules.md: fixdistancedefinition (Alexander “weej” Jones) #570467b0ea9ab2d] - doc: fix wrong verb form (Dario Piotrowicz) #5709114fcfc242b] - doc: add a note aboutrequire('../common')in testing documentation (Aditi) #56953bc7d18b6ea] - doc: recommend writing tests in new files and including comments (Joyee Cheung) #57028acd4d7f269] - doc: improve documentation on argument validation (Aditi) #569544cd6b3ca73] - doc: buffer: fix typo onBuffer.copyBytesFrom(offsetoption (tpoisseau) #5701501220607f2] - doc: update cleanup to trust on vuln db automation (Rafael Gonzaga) #5700477a0505a32] - doc: update post sec release process (Rafael Gonzaga) #5690777dbcfce5f] - doc: add section about using npx with permission model (Rafael Gonzaga) #5653973e51407b7] - doc: remove RedYetiDev from triagers team (Aviv Keller) #559479a36cbb792] - doc: fix relative path mention in --allow-fs (Rafael Gonzaga) #5579104d9c5baeb] - doc: add scroll margin to links (Roman Reiss) #58982959a67f6ff] - doc: make Stability labels not sticky in Stability index (Livia Medeiros) #582918757a5532f] - doc: update release key for aduh95 (Antoine du Hamel) #588776fa0626327] - doc,src,test: fix typos (Noritaka Kobayashi) #584779991788e4a] - http: coerce content-length to number (Marco Ippolito) #57458ff5cf8a428] - http2: fix check forframe->hd.type(hanguanqiang) #576442f333b6c51] - lib: optimizeprepareStackTraceon builtin frames (Chengzhong Wu) #56299cdf985071f] - lib: suppress source map lookup exceptions (Chengzhong Wu) #56299faa08b14ed] - lib: fixup incorrect argument order in assertEncoding (James M Snell) #57177a683cd1232] - meta: add IlyasShabi to collaborators (Ilyas Shabi) #58916b145bb28aa] - meta: bump codecov/codecov-action from 5.4.2 to 5.4.3 (dependabot[bot]) #585512c59789001] - meta: bump ossf/scorecard-action from 2.4.1 to 2.4.2 (dependabot[bot]) #585504095337e96] - meta: bump rtCamp/action-slack-notify from 2.3.2 to 2.3.3 (dependabot[bot]) #58108631fed8e39] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #584567d2f7180b6] - meta: bump codecov/codecov-action from 5.4.0 to 5.4.2 (dependabot[bot]) #581101558551ea5] - meta: bump actions/download-artifact from 4.2.1 to 4.3.0 (dependabot[bot]) #58106e1f12fe737] - meta: ignore mailmap changes in linux ci (Jonas Badalic) #583561b78eb1313] - meta: bump actions/setup-node from 4.3.0 to 4.4.0 (dependabot[bot]) #581112b8449c39a] - meta: bump actions/setup-python from 5.5.0 to 5.6.0 (dependabot[bot]) #58107833b70bbc5] - meta: allow penetration testing on live system with prior authorization (Matteo Collina) #57966c6a88561f5] - meta: bump actions/setup-python from 5.4.0 to 5.5.0 (dependabot[bot]) #577189046ef4fb3] - meta: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (dependabot[bot]) #5771746388a4e2a] - meta: bump actions/cache from 4.2.2 to 4.2.3 (dependabot[bot]) #57715d3970685bd] - meta: bump actions/setup-node from 4.2.0 to 4.3.0 (dependabot[bot]) #5771447004ef37f] - meta: bump actions/upload-artifact from 4.6.1 to 4.6.2 (dependabot[bot]) #577134abe83ec03] - meta: add some clarification to the nomination process (James M Snell) #5750345e9b88363] - meta: remove collaborator self-nomination (Rich Trott) #57537d10949b7d8] - meta: edit collaborator nomination process (Antoine du Hamel) #57483704562fb7a] - meta: move ovflowd to emeritus (Claudio W.) #574433f981b8537] - meta: bump codecov/codecov-action from 5.3.1 to 5.4.0 (dependabot[bot]) #572577e1ff7b332] - meta: bump ossf/scorecard-action from 2.4.0 to 2.4.1 (dependabot[bot]) #572538d4ec412b9] - meta: move RaisinTen back to collaborators, triagers and SEA champion (Darshan Sen) [#57292](Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.