Bump tough-cookie and firebase-tools

[dependabot[bot]]

Removes tough-cookie. It's no longer used after updating ancestor dependency firebase-tools. These dependencies need to be updated together.

Removes tough-cookie

Updates firebase-tools from 12.4.8 to 13.3.0

Release notes

Sourced from firebase-tools's releases.

v13.3.0

• Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
• Added support for Python 3.12. (#6679)
• Fixed issues with internal utilities. (#6754)
• Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

• Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

• Added rudimentary email enumeration protection for auth emulator. (#6702)

v13.1.0

• Point v2 function target to entrypoint. (#6698)
• Fixed issue where Auth emulator sign in with Google only shows default tenant. (#6683)
• Prevent the use of pinTags + minInstances on the same function, as the features are not mutually compatible (#6684)
• Added force flag to delete backend (#6635).
• Use framework build target in Vite builds (#6643).
• Use framework build target in NODE_ENV for production Vite builds (#6644)
• Let framework handle public directory with emulator. (#6674)
• Dynamically import Vite to fix deprecated CJS build warning. (#6660)
• Fixed unsafe array spreads on Hosting deploys. (#6712)

v13.0.3

• Fixed typo in Cloud storage bucket metadata location type. (#6648)
• Fixed an issue where including export in .env files caused parsing errors. (#6629)

v13.0.2

• Fix Next.js dynamic and static OG images. (#6592)
• Address a regression introduced in 13.0.1 when emulating Vite applications. (#6599)
• Add RSC headers of Next.js app directory pages to Hosting headers. (#6608)

v13.0.1

• Fix bug where deploying Firestore function resulted in redudant API calls to the Firestore API (#6583).
• Fix an issue preventing Vite applications from being emulated on Windows. (#6411)
• Addressed an issue preventing Astro applications from being deployed from Windows. (#5709)
• Fixed an issue preventing Angular apps using ng-deploy from being emulated or deployed. (#6584)
• Warn if a Web Framework is outside a well known version range on deploy/emulate. (#6562)
• Use Web Framework's well known version range in firebase init hosting. (#6562)
• Permit use of more SSR regions in Web Frameworks deploys. (#6086)
• Limit Web Framework's generated Cloud Function name to 23 characters, fixing deploys for some. (#6260)
• Allow Nuxt as an option during firebase init hosting. (#6309)

v13.0.0

• Breaking: dropped support for running the CLI on Node.js v16.
• Breaking: Refactored functions:shell to remove dependency on deprecated request module.
  • As part of this change, removed support for some rarely used features of request.
• Breaking: Removed deprecated ext:dev:publish command. Use ext:dev:upload instead.
• Breaking: Functions deployment no longer deploys functions directory if there is no functions config in firebase.json. (#6450)
• Added support for running the CLI on Node.js v20.

... (truncated)

Commits

• 3f954a1 13.3.0
• ffe8dda Bump the patch group with 29 updates (#6747)
• cca81a9 Improved detection for expiry auth due to Cloud Session Control (#6771)
• 9cf6921 Fixed an issue where firestore:delete would not use the emulator when it sh...
• b513b0d Change FAH experiment name (#6770)
• 9648350 silence the turtles (#6769)
• d9ffda8 fixes issue when listing no turtles (#6768)
• 7485a81 Fix e2e tests not working with latest VScode version (#6746)
• d1624ff Add support for Python 3.12 (#6679)
• f584799 Fix Deep* types in metaprogramming. Simplify API libraries (#6728)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GoogleChromeLabs/web-vitals-report/network/alerts).