Skip to content

build(deps): bump protobufjs, firebase-admin and firebase-functions in /functions/functions#1007

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/functions/functions/multi-f7a34bac3d
Open

build(deps): bump protobufjs, firebase-admin and firebase-functions in /functions/functions#1007
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/functions/functions/multi-f7a34bac3d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps protobufjs to 7.5.8 and updates ancestor dependencies protobufjs, firebase-admin and firebase-functions. These dependencies need to be updated together.

Updates protobufjs from 7.2.4 to 7.5.8

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

7.5.1 (2025-05-08)

Bug Fixes

  • optimize regressions from editions implementations (#2066) (6406d4c)
  • reserved field inside group blocks fail parsing (#2058) (56782bf)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.


Updates firebase-admin from 11.11.0 to 13.9.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v13.9.0

New Features

  • feat(remote-config): add optional exposurePercent field to ExperimentValue (#3096)

Miscellaneous

  • [chore] Release 13.9.0 (#3129)
  • chore: Deprecate support for Node.js 20 (#3128)
  • build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
  • build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
  • build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
  • build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
  • build(deps): bump axios in /.github/actions/send-email (#3123)
  • build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)

Firebase Admin Node.js SDK v13.8.0

New Features

  • feat(pnv): Add support for Phone Number Verification (#3101)
  • feat(fcm): Add bandwidthConstrainedOk and restrictedSatelliteOk (#2994)

Miscellaneous

  • [chore] Release 13.8.0 (#3109)
  • chore(deps): bump node-forge to 1.4.0 (#3108)
  • build(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 (#3090)
  • build(deps-dev): bump lodash and @​microsoft/api-extractor (#3106)
  • build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 (#3095)
  • build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 (#3093)
  • build(deps): bump fast-xml-parser from 5.3.7 to 5.4.1 (#3087)

Firebase Admin Node.js SDK v13.7.0

New Features

  • feat(rc): Support Rollout, Personalization, and Experiment values (#3046)

Bug Fixes

  • fix: upgrade @​google-cloud/storage@​7.19.0 (#3071)

Miscellaneous

  • [chore] Release 13.7.0 (#3081)
  • build(deps-dev): bump @​types/lodash from 4.17.18 to 4.17.24 (#3083)
  • build(deps-dev): bump @​typescript-eslint/eslint-plugin (#3086)
  • build(deps): bump node-forge from 1.3.2 to 1.3.3 (#3085)

... (truncated)

Commits
  • 0efb21f [chore] Release 13.9.0 (#3129)
  • 363a302 chore: Deprecate support for Node.js 20 (#3128)
  • b28b921 build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
  • 5933705 build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
  • ce3b9e0 build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
  • e891a3c build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
  • 92003fc feat(remote-config): add optional exposurePercent field to ExperimentValue (#...
  • 8b9b7a7 build(deps): bump axios in /.github/actions/send-email (#3123)
  • e310a72 build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)
  • ff4c94d [chore] Release 13.8.0 (#3109)
  • Additional commits viewable in compare view

Updates firebase-functions from 4.5.0 to 4.9.0

Release notes

Sourced from firebase-functions's releases.

v4.9.0

  • Add new 2nd gen Firestore auth context triggers. (#1519)

v4.8.2

Fix bug with CORS options for an array of one string (#1544)

v4.8.1

Fix bug where 1st gen functions eventually fail with stack too deep (#1540) Make simple CORS options static for improved debugability (#1536)

v4.8.0

Add onInit callback function for global variable initialization (#1531)

v4.7.0

  • Fixes access on deeply nested, nonexistent property. (#1432)
  • Add IteratedDataSnapshot interface to match with firebase admin v12 (#1517).
  • Make bucket parameterizeable in storage functions (#1518)
  • Introduce helper library for select and multi-select input (#1518)

v4.6.0

  • Wrap 2nd gen onCall functions with trace context. (#1491)
  • Bump peer depdencies for firebase-admin to support 12.0.0. (#1509)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump protobufjs, firebase-admin and firebase-functions
a1d7a17 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) to 7.5.8 and updates ancestor dependencies [protobufjs](https://github.com/protobufjs/protobuf.js), [firebase-admin](https://github.com/firebase/firebase-admin-node) and [firebase-functions](https://github.com/firebase/firebase-functions). These dependencies need to be updated together.


Updates `protobufjs` from 7.2.4 to 7.5.8
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.2.4...protobufjs-v7.5.8)

Updates `firebase-admin` from 11.11.0 to 13.9.0
- [Release notes](https://github.com/firebase/firebase-admin-node/releases)
- [Changelog](https://github.com/firebase/firebase-admin-node/blob/main/CHANGELOG.md)
- [Commits](firebase/firebase-admin-node@v11.11.0...v13.9.0)

Updates `firebase-functions` from 4.5.0 to 4.9.0
- [Release notes](https://github.com/firebase/firebase-functions/releases)
- [Commits](firebase/firebase-functions@v4.5.0...v4.9.0)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.5.8
  dependency-type: indirect
- dependency-name: firebase-admin
  dependency-version: 13.9.0
  dependency-type: direct:production
- dependency-name: firebase-functions
  dependency-version: 4.9.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
@dependabot dependabot Bot mentioned this pull request May 12, 2026
Closed
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
@wiz-9635d3485b
Copy link
Copy Markdown

wiz-9635d3485b Bot commented May 12, 2026

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities -
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total -

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants