chore(deps): update dependency firebase-tools to v13 [security] (release/core-contracts/10) - autoclosed

renovate[bot] commented 2 weeks ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
firebase-tools	`9.20.0` -> `13.6.0`

Firebase vulnerable to CRSF attack

CVE-2024-4128 / GHSA-rcm2-22f3-pqv3 / GO-2024-2808

More information

#### Details This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or [commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0](https://togithub.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0). #### Severity - CVSS Score: 2.6 / 10 (Low) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-4128](https://nvd.nist.gov/vuln/detail/CVE-2024-4128) - [https://github.com/firebase/firebase-tools/pull/6944](https://togithub.com/firebase/firebase-tools/pull/6944) - [https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0](https://togithub.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0) - [https://github.com/firebase/firebase-tools](https://togithub.com/firebase/firebase-tools) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-rcm2-22f3-pqv3) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

Release Notes

firebase/firebase-tools (firebase-tools)

### [`v13.6.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.6.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.5.2...v13.6.0) - Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a `reset` endpoint for Datastore Mode. - Released PubSub Emulator 0.8.2. This version includes support for `no_wrapper` options. - Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. ([#6895](https://togithub.com/firebase/firebase-tools/issues/6895)) - Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads ([#6917](https://togithub.com/firebase/firebase-tools/issues/6917)) ### [`v13.5.2`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.5.2) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.5.1...v13.5.2) - Fix hosting rewrite deployment bug for skipped functions ([#6658](https://togithub.com/firebase/firebase-tools/issues/6658)). ### [`v13.5.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.5.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.5.0...v13.5.1) - Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. ([#6874](https://togithub.com/firebase/firebase-tools/issues/6874)) ### [`v13.5.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.5.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.4.1...v13.5.0) - Enable dynamic debugger port for functions + support for inspecting multiple codebases ([#6854](https://togithub.com/firebase/firebase-tools/issues/6854)) - Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. ([#6860](https://togithub.com/firebase/firebase-tools/issues/6860)) - Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk. - v2 scheduled functions with explicit service accounts trigger eventarc to use that service account ([#6858](https://togithub.com/firebase/firebase-tools/issues/6858)) - v2 event functions with explicit service accounts trigger eventarc to use that service account ([#6859](https://togithub.com/firebase/firebase-tools/issues/6859)) ### [`v13.4.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.4.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.4.0...v13.4.1) - Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode. - Fix demo projects + web frameworks with emulators ([#6737](https://togithub.com/firebase/firebase-tools/issues/6737)) - Fix Next.js static routes with server actions ([#6664](https://togithub.com/firebase/firebase-tools/issues/6664)) - Fixed an issue where `GOOGLE_CLOUD_QUOTA_PROJECT` was not correctly respected. ([#6801](https://togithub.com/firebase/firebase-tools/issues/6801)) - Make VPC egress settings in functions parameterizeable ([#6843](https://togithub.com/firebase/firebase-tools/issues/6843)) ### [`v13.4.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.4.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.3.1...v13.4.0) - Added new commands for managing Firestore backups and restoring databases. ([#6778](https://togithub.com/firebase/firebase-tools/issues/6778)) - Fixed quota attribution for Firebase Auth API calls. ([#6819](https://togithub.com/firebase/firebase-tools/issues/6819)) ### [`v13.3.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.3.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.3.0...v13.3.1) - Release Cloud Firestore emulator v1.19.1: - Adds support for Datastore Mode to the Firstore Emulator. Adds `--database-mode` flag to `gcloud emulator firestore start` command. Note that this is a preview feature and if you find any bugs, please file them here: . - Improve FAH onboarding flow to connect backends with SCMs ([#6764](https://togithub.com/firebase/firebase-tools/issues/6764)). - Fixed issue where GitHub actions would fail due to lack of permission. ([#6791](https://togithub.com/firebase/firebase-tools/issues/6791)) ### [`v13.3.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.3.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.2.1...v13.3.0) - Improved detection for when login has expired due to Google Cloud Session Control. ([#1846](https://togithub.com/firebase/firebase-tools/issues/1846)) - Added support for Python 3.12. ([#6679](https://togithub.com/firebase/firebase-tools/issues/6679)) - Fixed issues with internal utilities. ([#6754](https://togithub.com/firebase/firebase-tools/issues/6754)) - Fixed an issue where `firestore:delete` wouldn't target the emulator when expected. ([#6537](https://togithub.com/firebase/firebase-tools/issues/6537)) ### [`v13.2.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.2.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.2.0...v13.2.1) - Fixed an issue where `appdistribution:distribute` would always attempt to run tests. ([#6749](https://togithub.com/firebase/firebase-tools/issues/6749)) ### [`v13.2.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.2.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.1.0...v13.2.0) - Added rudimentary email enumeration protection for auth emulator. ([#6702](https://togithub.com/firebase/firebase-tools/issues/6702)) ### [`v13.1.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.1.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.0.3...v13.1.0) - Point v2 function target to entrypoint. ([#6698](https://togithub.com/firebase/firebase-tools/issues/6698)) - Fixed issue where Auth emulator sign in with Google only shows default tenant. ([#6683](https://togithub.com/firebase/firebase-tools/issues/6683)) - Prevent the use of pinTags + minInstances on the same function, as the features are not mutually compatible ([#6684](https://togithub.com/firebase/firebase-tools/issues/6684)) - Added force flag to delete backend ([#6635](https://togithub.com/firebase/firebase-tools/issues/6635)). - Use framework build target in Vite builds ([#6643](https://togithub.com/firebase/firebase-tools/issues/6643)). - Use framework build target in NODE_ENV for production Vite builds ([#6644](https://togithub.com/firebase/firebase-tools/issues/6644)) - Let framework handle public directory with emulator. ([#6674](https://togithub.com/firebase/firebase-tools/issues/6674)) - Dynamically import Vite to fix deprecated CJS build warning. ([#6660](https://togithub.com/firebase/firebase-tools/issues/6660)) - Fixed unsafe array spreads on Hosting deploys. ([#6712](https://togithub.com/firebase/firebase-tools/issues/6712)) ### [`v13.0.3`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.0.3) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.0.2...v13.0.3) - Fixed typo in Cloud storage bucket metadata location type. ([#6648](https://togithub.com/firebase/firebase-tools/issues/6648)) - Fixed an issue where including `export` in .env files caused parsing errors. ([#6629](https://togithub.com/firebase/firebase-tools/issues/6629)) ### [`v13.0.2`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.0.2) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.0.1...v13.0.2) - Fix Next.js dynamic and static OG images. ([#6592](https://togithub.com/firebase/firebase-tools/issues/6592)) - Address a regression introduced in 13.0.1 when emulating Vite applications. ([#6599](https://togithub.com/firebase/firebase-tools/issues/6599)) - Add RSC headers of Next.js app directory pages to Hosting headers. ([#6608](https://togithub.com/firebase/firebase-tools/issues/6608)) ### [`v13.0.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.0.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v13.0.0...v13.0.1) - Fix bug where deploying Firestore function resulted in redudant API calls to the Firestore API ([#6583](https://togithub.com/firebase/firebase-tools/issues/6583)). - Fix an issue preventing Vite applications from being emulated on Windows. ([#6411](https://togithub.com/firebase/firebase-tools/issues/6411)) - Addressed an issue preventing Astro applications from being deployed from Windows. ([#5709](https://togithub.com/firebase/firebase-tools/issues/5709)) - Fixed an issue preventing Angular apps using ng-deploy from being emulated or deployed. ([#6584](https://togithub.com/firebase/firebase-tools/issues/6584)) - Warn if a Web Framework is outside a well known version range on deploy/emulate. ([#6562](https://togithub.com/firebase/firebase-tools/issues/6562)) - Use Web Framework's well known version range in `firebase init hosting`. ([#6562](https://togithub.com/firebase/firebase-tools/issues/6562)) - Permit use of more SSR regions in Web Frameworks deploys. ([#6086](https://togithub.com/firebase/firebase-tools/issues/6086)) - Limit Web Framework's generated Cloud Function name to 23 characters, fixing deploys for some. ([#6260](https://togithub.com/firebase/firebase-tools/issues/6260)) - Allow Nuxt as an option during `firebase init hosting`. ([#6309](https://togithub.com/firebase/firebase-tools/issues/6309)) ### [`v13.0.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v13.0.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.9.1...v13.0.0) - Breaking: dropped support for running the CLI on Node.js v16. - Breaking: Refactored `functions:shell` to remove dependency on deprecated `request` module. - As part of this change, removed support for some rarely used features of `request`. - Breaking: Removed deprecated `ext:dev:publish` command. Use `ext:dev:upload` instead. - Added support for running the CLI on Node.js v20. - Switched Storage deployment to use GetDefaultBucket endpoint to fetch default Storage bucket. ([#6467](https://togithub.com/firebase/firebase-tools/issues/6467)) - Fixed an issue with emulating blocking functions when using multiple codebases ([#6504](https://togithub.com/firebase/firebase-tools/issues/6504)). - Added force flag call-out for bypassing prompts ([#6506](https://togithub.com/firebase/firebase-tools/issues/6506)). - Added the ability to deploy Angular apps using [the new application-builder](https://angular.dev/tools/cli/esbuild). ([#6480](https://togithub.com/firebase/firebase-tools/issues/6480)) - Fixed an issue where `--non-interactive` flag is not respected in Firestore indexes deploys. ([#6539](https://togithub.com/firebase/firebase-tools/issues/6539)) - Fixed an issue where `login:use` would not work outside of a Firebase project directory. ([#6526](https://togithub.com/firebase/firebase-tools/issues/6526)) - Prevent app router static `not-found` requiring a Cloud Function in Next.js deployments. ([#6558](https://togithub.com/firebase/firebase-tools/issues/6558)) - Use only site id from site name in list versions API. ([#6565](https://togithub.com/firebase/firebase-tools/issues/6565)) ### [`v12.9.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.9.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.9.0...v12.9.1) - Fixes issue where initializing Hosting fails when selecting a project. ([#6527](https://togithub.com/firebase/firebase-tools/issues/6527)) ### [`v12.9.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.9.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.8.1...v12.9.0) - Revert enabling preferRest by default to avoid performance degradations for some users ([#6520](https://togithub.com/firebase/firebase-tools/issues/6520)). - Fix blocking functions in the emulator when using multiple codebases ([#6504](https://togithub.com/firebase/firebase-tools/issues/6504)). - Add force flag call-out for bypassing prompts ([#6506](https://togithub.com/firebase/firebase-tools/issues/6506)). - Fixed an issue where the functions emulator did not respect the `--log-verbosity` flag ([#2859](https://togithub.com/firebase/firebase-tools/issues/2859)). - Add the ability to look for the default Hosting site via Hosting's API. - Add logic to create a Hosting site when one is not available in a project. - Add checks for the default Hosting site when one is assumed to exist. ### [`v12.8.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.8.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.8.0...v12.8.1) - Fixed 2 bugs (unintended database mode changes and disabling of PITR or delete-protection) when updating Firestore databases ([#6478](https://togithub.com/firebase/firebase-tools/issues/6478)) ### [`v12.8.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.8.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.7.0...v12.8.0) - Enable [preferRest](https://firebase.google.com/docs/reference/admin/node/firebase-admin.firestore.firestoresettings.md#firestoresettingspreferrest) option by default for Firestore functions. ([#6147](https://togithub.com/firebase/firebase-tools/issues/6147)) - Fixed a bug where re-deploying 2nd Gen Firestore function failed after updating secrets. ([#6456](https://togithub.com/firebase/firebase-tools/issues/6456)) - Fixed a bug where similarly-named Hosting channels would cause issues when updating authorized domains. ([#6356](https://togithub.com/firebase/firebase-tools/issues/6356)) ### [`v12.7.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.7.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.6.2...v12.7.0) - Fix type mismatch for parametrized function region. ([#6205](https://togithub.com/firebase/firebase-tools/issues/6205)) - Ignore `FIRESTORE_EMULATOR_HOST` environment variable on functions deploy. ([#6442](https://togithub.com/firebase/firebase-tools/issues/6442)) - Added support for enabling, disabling, and displaying Point In Time Recovery enablement state on Firestore databases ([#6388](https://togithub.com/firebase/firebase-tools/issues/6388)) - Added a `--verbosity` flag to `emulators:*` commands that limits what logs are printed ([#2859](https://togithub.com/firebase/firebase-tools/issues/2859)) - Fixed an issue where params would not be resolved when used to set VPC connector during functions deployment ([#6327](https://togithub.com/firebase/firebase-tools/issues/6327)) ### [`v12.6.2`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.6.2) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.6.1...v12.6.2) - Fixed an issue with deploying multilevel grouped functions containing v2 functions. ([#6419](https://togithub.com/firebase/firebase-tools/issues/6419)) - Fixed an issue where functions deployment required a new permission. ### [`v12.6.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.6.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.6.0...v12.6.1) - Fixed an issue where the functions service account option was not treated as a param ([#6389](https://togithub.com/firebase/firebase-tools/issues/6389)). - Fixed an issue with deploying function groups containing v2 functions. ([#6408](https://togithub.com/firebase/firebase-tools/issues/6408)) - Use GetDefaultBucket endpoint to fetch Storage Default Bucket. ### [`v12.6.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.6.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.5.4...v12.6.0) - Improve performance and reliability when deploying multiple 2nd gen functions using single builds. ([#6376](https://togithub.com/firebase/firebase-tools/issues/6376)) - Fixed an issue where `emulators:export` did not check if the target folder is empty. ([#6313](https://togithub.com/firebase/firebase-tools/issues/6313)) - Fixed an issue where retry could not be set for event triggered functions. ([#6391](https://togithub.com/firebase/firebase-tools/issues/6391)) - Fixed "Could not find the next executable" on Next.js deployments ([#6372](https://togithub.com/firebase/firebase-tools/issues/6372)) - Fixed issues caused by breaking changes in Next >=v13.5.0. ([#6382](https://togithub.com/firebase/firebase-tools/issues/6382)) ### [`v12.5.4`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.5.4) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.5.3...v12.5.4) - Released Firestore emulator v1.18.2. - Removed nano precision in timestamp used in Firestore emulator ([#5893](https://togithub.com/firebase/firebase-tools/issues/5893)) - Fixed a bug where query behaves differently from production. - Fixed an issue where very long command outputs would be cut off. ([#3286](https://togithub.com/firebase/firebase-tools/issues/3286)) ### [`v12.5.3`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.5.3) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.5.2...v12.5.3) - Fixed an issue where builds from https://firebase.tools could not run commands that spawn `npm`. ([#6132](https://togithub.com/firebase/firebase-tools/issues/6132)) - Fixed an issue where `--non-interactive` and `--force` were not respected in some extension deploys. ([#6321](https://togithub.com/firebase/firebase-tools/issues/6321)) - Fixed the regex in extensions changelog parser to lazy match the version prefix to allow matching higher versions ([#6326](https://togithub.com/firebase/firebase-tools/issues/6326)) ### [`v12.5.2`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.5.2) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.5.1...v12.5.2) - Fixed an issue causing unexpected behavior and errors on functions deploy. ([#6290](https://togithub.com/firebase/firebase-tools/issues/6290)) ### [`v12.5.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.5.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.5.0...v12.5.1) - Fix issue with mixed v1 and v2 functions deployments. ([#6293](https://togithub.com/firebase/firebase-tools/issues/6293)) ### [`v12.5.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.5.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.8...v12.5.0) - Fixed issue where the Extensions emulator would error when emualting local extensions with no params. ([#6271](https://togithub.com/firebase/firebase-tools/issues/6271)) - Improved performance and reliability when deploying multiple 2nd gen functions using single builds. ([#6275](https://togithub.com/firebase/firebase-tools/issues/6275)) - Fix bundle next.config.js ([#6287](https://togithub.com/firebase/firebase-tools/issues/6287)) ### [`v12.4.8`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.8) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.7...v12.4.8) - Increased functions emulator HTTPS body size limit to 32mb to match production. ([#6201](https://togithub.com/firebase/firebase-tools/issues/6201)) - Fixed Astro web framework bug when loading configuration for version `2.9.7` and above. ([#6213](https://togithub.com/firebase/firebase-tools/issues/6213)) - Increase Next.js config bundle timeout to 60 seconds. ([#6214](https://togithub.com/firebase/firebase-tools/issues/6214)) ### [`v12.4.7`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.7) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.6...v12.4.7) - Improve error message raised when `firebase init hosting:github` fails due to max number of keys limit for a service account. ([#6145](https://togithub.com/firebase/firebase-tools/issues/6145)) - Fixed bug where `functions:secrets:\*` family of commands did not work when Firebase CLI is authenticated via GOOGLE_APPLICATION_CREDENTIALS ([#6190](https://togithub.com/firebase/firebase-tools/issues/6190)) - Fixed bug where some extension instance updates would default to the wrong location. ### [`v12.4.6`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.6) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.5...v12.4.6) - Fixed an issue where extension instances could not be deployed when authenticated as a service account ([#6060](https://togithub.com/firebase/firebase-tools/issues/6060)). - Fixed `glob` usage in Next.js utility function to detect images in `app` directory ([#6166](https://togithub.com/firebase/firebase-tools/issues/6166)) - Send experiments activated with `firebase experiments:enable` to the emulator suite UI ([#6169](https://togithub.com/firebase/firebase-tools/issues/6169)) ### [`v12.4.5`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.5) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.4...v12.4.5) - Fixed bug where `functions:secrets:set` didn't remove stale versions of a secret. ([#6080](https://togithub.com/firebase/firebase-tools/issues/6080)) - Fixed bug where `firebase deploy --only firestore:named-db` didn't update rules. ([#6129](https://togithub.com/firebase/firebase-tools/issues/6129)) - Fixed issue where Flutter Web is not detected as a web framework. ([#6085](https://togithub.com/firebase/firebase-tools/issues/6085)) - Added better messages for API permissions failures that direct the user to the URL to enable the API. ([#6130](https://togithub.com/firebase/firebase-tools/issues/6130)) - Fixed issue caused by adding type checks in [#5906](https://togithub.com/firebase/firebase-tools/issues/5906). - Fixed `next/image` component in app directory for Next.js > 13.4.9. ([#6143](https://togithub.com/firebase/firebase-tools/issues/6143)) - Fixed bug where Next.js Image Optimization in the app directory was not requiring a Cloud Function. ([#6143](https://togithub.com/firebase/firebase-tools/issues/6143)) - Fixed a transitive dependency on a vulnerable version of `vm2`. ([#6150](https://togithub.com/firebase/firebase-tools/issues/6150)) ### [`v12.4.4`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.4) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.3...v12.4.4) - Disables KeepAlive timeout when debugger is attached to the functions emulator. ([#6069](https://togithub.com/firebase/firebase-tools/issues/6069)) - Fixed an issue where `database:list` would have inaccurate results. ([#6063](https://togithub.com/firebase/firebase-tools/issues/6063)) ### [`v12.4.3`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.3) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.2...v12.4.3) - Fixed incorrect links in `firebase open hosting` and `firebase open crash`. ([#6073](https://togithub.com/firebase/firebase-tools/issues/6073)) - Released Firebase Emulator UI v1.11.7, which includes preview support for multiple Firestore databases. ([#6079](https://togithub.com/firebase/firebase-tools/issues/6079)) ### [`v12.4.2`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.2) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.1...v12.4.2) - Run lifecycle hooks for specific functions. ([#6023](https://togithub.com/firebase/firebase-tools/issues/6023)) - Increased extension instance create poll timeout to 1h to match backend ([#5969](https://togithub.com/firebase/firebase-tools/issues/5969)). - Refactored `ext:install` to use the latest extension metadata. ([#5997](https://togithub.com/firebase/firebase-tools/issues/5997)) - Added descriptive error when repo is private or not found during `ext:dev:upload`. ([#6052](https://togithub.com/firebase/firebase-tools/issues/6052)) - Fixed issue where missing trigger warnings would be wrongly displayed when emulating extensions with HTTPS triggers. ([#6055](https://togithub.com/firebase/firebase-tools/issues/6055)) - Normalized extension root path before usage in `ext:dev:upload`. ([#6054](https://togithub.com/firebase/firebase-tools/issues/6054)) ### [`v12.4.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.4.0...v12.4.1) - Release Firestore emulator 1.18.1 which addes a emulator configuration to start with experimental mode ([#5942](https://togithub.com/firebase/firebase-tools/issues/5942)). - Run lifecycle hooks for specific codebases. ([#6011](https://togithub.com/firebase/firebase-tools/issues/6011)) - Fixed issue causing `firebase emulators:start` to crash in Next.js apps ([#6005](https://togithub.com/firebase/firebase-tools/issues/6005)) ### [`v12.4.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.4.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.3.1...v12.4.0) - Added `appdistribution:group:create` and `appdistribution:group:delete`. ([#5978](https://togithub.com/firebase/firebase-tools/issues/5978)) - Added `--group-alias` option to `appdistribution:testers:add` and `appdistribution:testers:remove`. ([#5978](https://togithub.com/firebase/firebase-tools/issues/5978)) - Fixed an issue where Storage rules could not be deployed to projects without a billing plan. ([#5955](https://togithub.com/firebase/firebase-tools/issues/5955)) ### [`v12.3.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.3.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.3.0...v12.3.1) - Delete and re-create v2 function on Cloud Run API quota exhaustion ([#5719](https://togithub.com/firebase/firebase-tools/issues/5719)). - firebase functions:secrets:\* ensure the secretmanager API is enabled ([#5918](https://togithub.com/firebase/firebase-tools/issues/5918)) ### [`v12.3.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.3.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.2.1...v12.3.0) - Fix a bug preventing web framework's dev-mode from working out-of-box with Firebase Authentication. ([#5894](https://togithub.com/firebase/firebase-tools/issues/5894)) - Address additional cases where we were attempting to deploy a framework's development bundle ([#5895](https://togithub.com/firebase/firebase-tools/issues/5895)) - NextJS rewrites should be prefixed with the basePath defined in next.config.js ([#5923](https://togithub.com/firebase/firebase-tools/issues/5923)) - Web Frameworks emulators will again respect existing Cloud Functions rewrites ([#5923](https://togithub.com/firebase/firebase-tools/issues/5923)) - Web Frameworks rewrites/redirects/headers will only prepend those in firebase.json if there's a baseUrl ([#5923](https://togithub.com/firebase/firebase-tools/issues/5923)) - Fixes issue where Authentication emulator creates a user if empty email and empty password is provided. ([#5639](https://togithub.com/firebase/firebase-tools/issues/5639)) - Improve error message raised when `--import` flag directory does not exist. ([#5851](https://togithub.com/firebase/firebase-tools/issues/5851)) - Switch `ext:dev:init` to default 'billingRequired' to true in `extension.yaml` - Remove `LOCATION` param from the `extensions.yaml` template for `ext:dev:init` - Support Astro hybrid rendering ([#5898](https://togithub.com/firebase/firebase-tools/issues/5898)) ### [`v12.2.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.2.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.2.0...v12.2.1) - Gracefully close rules runtime on storage emulator stop ([#4902](https://togithub.com/firebase/firebase-tools/issues/4902)) - Always assume build target of production when deploying a web framework, unless overridden ([#5892](https://togithub.com/firebase/firebase-tools/issues/5892)) ### [`v12.2.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.2.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.1.0...v12.2.0) - Update error message when function deploy fails due to quota. ([#5867](https://togithub.com/firebase/firebase-tools/issues/5867)) - Fixes RTDB emulator 127.0.0.1 namespace resolution bug. ([#5863](https://togithub.com/firebase/firebase-tools/issues/5863)) - Improves RTDB emulator to GCF emulator network reliability. ([#5863](https://togithub.com/firebase/firebase-tools/issues/5863)) - Allow for Angular developers to both target a PWA and leverage `serveOptimizedImages`. ([#5716](https://togithub.com/firebase/firebase-tools/issues/5716)) - Multi-page applications that are fully staticly rendered are no longer treated as PWAs. ([#5716](https://togithub.com/firebase/firebase-tools/issues/5716)) - Add fast dev-mode support for devlopers using Nuxt v2. ([#5716](https://togithub.com/firebase/firebase-tools/issues/5716)) - Respect `ssr: false` and `baseURL` when using Nuxt. ([#5716](https://togithub.com/firebase/firebase-tools/issues/5716)) - Fix bug where JS SDK auto-init was not working for Vite while in dev-mode ([#5610](https://togithub.com/firebase/firebase-tools/issues/5610)). - Respect `FIREBASE_FRAMEWORKS_BUILD_TARGET` environment variable to override the default build target ([#5572](https://togithub.com/firebase/firebase-tools/issues/5572)). - Improves cleanup process when reloading emulated functions in debug mode. ([#5878](https://togithub.com/firebase/firebase-tools/issues/5878)) - Allow Web Frameworks to target NodeJS v20. ([#5879](https://togithub.com/firebase/firebase-tools/issues/5879)) ### [`v12.1.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.1.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.0.1...v12.1.0) - Fixes an issue running `firebase emulators:start` when Python Cloud Functions directory path has spaces. ([#5854](https://togithub.com/firebase/firebase-tools/issues/5854)) - Add support for nodejs20 for Cloud Functions for Firebase. ([#5837](https://togithub.com/firebase/firebase-tools/issues/5837)) - Add Flutter Web as an option in "firebase init hosting" ([#5864](https://togithub.com/firebase/firebase-tools/issues/5864)) - Some failures while building Web Frameworks were not being caught ([#5864](https://togithub.com/firebase/firebase-tools/issues/5864)) ### [`v12.0.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.0.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v12.0.0...v12.0.1) - Fixes an issue in the EventArc emualtor where events missing optional fields would cause crashes. ([#5803](https://togithub.com/firebase/firebase-tools/issues/5803)) - Fixes an issue running `firebase emulators:start` and `firebase deploy` when Python Cloud Functions directory path has spaces. ([#5830](https://togithub.com/firebase/firebase-tools/issues/5830)) ### [`v12.0.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v12.0.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.30.0...v12.0.0) - **Breaking**: drops support for running the CLI on Node.js v14. - Adds `ext:dev:*` commands to publish and manage Extensions. For step-by-step instructions on how to publish your own Extensions, see https://firebase.google.com/docs/extensions/publishers/get-started. - Note: These commands were previously available to early access users behind an experiment flag. There are some breaking changes from the early access version of these commands. - `ext:dev:publish` has been renamed to `ext:dev:upload`. `ext:dev:upload` defaults to uploading extensions from GitHub instead of local source. - `ext:dev:publish` is deprecated and will be removed in version 13. - `ext:dev:delete`, `ext:dev:unpublish`, `ext:sources:create` and `ext:dev:emualtors:*` have been removed. - Support for Next.js i18n, basePath, and more advanced rewrites/redirects/headers ([#5788](https://togithub.com/firebase/firebase-tools/issues/5788)) - hosting.frameworksBackend now respects omit: true ([#5788](https://togithub.com/firebase/firebase-tools/issues/5788)) - Web Frameworks now memoizes framework builds for single builds across multiple hosting sites ([#5788](https://togithub.com/firebase/firebase-tools/issues/5788)) - Add support for Angular i18n and baseHref ([#5774](https://togithub.com/firebase/firebase-tools/issues/5774)) - Trip the backend requirement for Angular applications using ng-deploy w/serveOptimizedImages ([#5774](https://togithub.com/firebase/firebase-tools/issues/5774)) - Fixes a bug where the Storage emulator would not fall back to open rules for 'demo-' projects if `firebase.json` contained multiple storage targets ([#5170](https://togithub.com/firebase/firebase-tools/issues/5170)) - Updates `firebase init` function templates for TypeScript and Javascript to 2nd gen ([#5775](https://togithub.com/firebase/firebase-tools/issues/5775)) - Allow for atomic deployment of Hosting content & Functions rewrites via tag pinning ([#5753](https://togithub.com/firebase/firebase-tools/issues/5753)) ### [`v11.30.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.30.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.29.1...v11.30.0) - Added more helpful error messages for the Firebase Hosting GitHub Action ([#5749](https://togithub.com/firebase/firebase-tools/issues/5749)) - Upgrade Firestore emulator to 1.17.4 - Web Frameworks will no longer try to deploy unsupported versions of NodeJS to Cloud Functions ([#5733](https://togithub.com/firebase/firebase-tools/issues/5733)) - Fixes bug where emulators would not start correctly due to corrupted ZIP files. ([#5614](https://togithub.com/firebase/firebase-tools/issues/5614), [#5677](https://togithub.com/firebase/firebase-tools/issues/5677)) - Adding experimental support for deploying Flutter Web applications to Firebase Hosting ([#5332](https://togithub.com/firebase/firebase-tools/issues/5332)) - Release Emulator Suite UI v1.11.6 ([#5769](https://togithub.com/firebase/firebase-tools/issues/5769)) - Adds function emulator support for v2 firestore triggers ([#5685](https://togithub.com/firebase/firebase-tools/issues/5685)) - Improvements for developers using Next 13's app directory ([#5691](https://togithub.com/firebase/firebase-tools/issues/5691)) - Resolve timeouts when bundling Next.js applications for Cloud Functions ([#5691](https://togithub.com/firebase/firebase-tools/issues/5691)) - Fixes bug where the functions emulator would attempt to call to prod for 'demo-' projects ([#5170](https://togithub.com/firebase/firebase-tools/issues/5170)) - Address issues starting the Firebase Hosting emulator with some versions of Next.js ([#5781](https://togithub.com/firebase/firebase-tools/issues/5781)) - Fix regex page matcher for Next.js middlewares version 1 ([#5496](https://togithub.com/firebase/firebase-tools/issues/5496)) - Fixes bug where functions emulator broke when client request disconnects ([#5783](https://togithub.com/firebase/firebase-tools/issues/5783)) ### [`v11.29.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.29.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.29.0...v11.29.1) - Fixes a bug preventing local extension instances from being updated to uploaded versions. - Releases firestore emulator version 1.17.3 ### [`v11.29.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.29.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.28.0...v11.29.0) - Releases Firestore Emulator 1.17.2 - Propagates page token from ListDocumentsResponse to GetOrListDocumentsResponse in Firestore emulator. - Fixes an issue where Secret Manager secrets were tagged incorrectly ([#5704](https://togithub.com/firebase/firebase-tools/issues/5704)). - Fix bug where Custom Event channels weren't automatically crated on function deploys ([#5700](https://togithub.com/firebase/firebase-tools/issues/5700)) - Lift GCF 2nd gen naming restrictions ([#5690](https://togithub.com/firebase/firebase-tools/issues/5690)) - Fixes a bug where `ext:install` and `ext:configure` would error on extensions with no params. - Fixed an issue with Vite and Angular integrations using a obsolete NPM command ([#5710](https://togithub.com/firebase/firebase-tools/issues/5710)) ### [`v11.28.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.28.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.27.0...v11.28.0) - Adds new commands for provisioning and managing Firestore databases: ([#5616](https://togithub.com/firebase/firebase-tools/issues/5616)) - firestore:databases:list - firestore:databases:create - firestore:databases:get - firestore:databases:update - firestore:databases:delete - firestore:locations - Adds `extensions` as an option in `firebase init`. - Relaxed repo URI validation in ext:dev:publish ([#5698](https://togithub.com/firebase/firebase-tools/issues/5698)). - Enable Secret Manager API during ext:install/update for extensions that use secrets ([#5702](https://togithub.com/firebase/firebase-tools/issues/5702)). ### [`v11.27.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.27.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.26.0...v11.27.0) - Default emulators:start to use fast dev-mode for Nuxt3 applications ([#5551](https://togithub.com/firebase/firebase-tools/issues/5551)) - Fix broken Functions CLI experience for projects with incomplete GCF 2nd Gen functions ([#5684](https://togithub.com/firebase/firebase-tools/issues/5684)) - Disable GCF breaking change to automatically run npm build scripts as part of function deploy ([#5687](https://togithub.com/firebase/firebase-tools/issues/5687)) - Add experimental support for deploying Astro applications to Hosting ([#5527](https://togithub.com/firebase/firebase-tools/issues/5527)) ### [`v11.26.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.26.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.25.3...v11.26.0) - Fix bug where functions shell failed to invoke event triggered functions in debug mode. ([#5609](https://togithub.com/firebase/firebase-tools/issues/5609)) - Fixed bug with the web frameworks proxy that could see unexpected 404 errors while emulating. ([#5525](https://togithub.com/firebase/firebase-tools/issues/5525)) - Added experimental support for SvelteKit codebases. ([#5525](https://togithub.com/firebase/firebase-tools/issues/5525)) - Allow usage of Angular and Vite within an NPM workspace. ([#5640](https://togithub.com/firebase/firebase-tools/issues/5640)) - Force Vite to build the production bundle when deploying to Hosting. ([#5640](https://togithub.com/firebase/firebase-tools/issues/5640)) - Fix bug where eagerly initializing UA failed function deployment that imported firebase-tools as a library. ([#5666](https://togithub.com/firebase/firebase-tools/issues/5666)) - Added ability to publish extension versions directly from GitHub. ([#5160](https://togithub.com/firebase/firebase-tools/issues/5160)) ### [`v11.25.3`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.25.3) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.25.2...v11.25.3) - The hosting emulator integration with web frameworks now has improved support for HMR and dev-tools. ([#5582](https://togithub.com/firebase/firebase-tools/issues/5582)) - Fixes an issue where `init hosting:github` would hang if it could not access a repository's public key. ([#5317](https://togithub.com/firebase/firebase-tools/issues/5317)) - Release Firestore Emulator v1.16.2 which captures an HTTP1 header fix and requests monitor fix. - Release Emulator Suite UI v1.11.5 which addresses an issue where displaying over 10k documents was crashing the emulator. ([#5657](https://togithub.com/firebase/firebase-tools/issues/5657)) ### [`v11.25.2`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.25.2) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.25.1...v11.25.2) - Releases Cloud Firestore emulator v1.16.1, which adds support for read_time in ListCollectionIds. - Fixes auth:export with csv format for users with custom claims. ([#3319](https://togithub.com/firebase/firebase-tools/issues/3319)) ### [`v11.25.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.25.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.25.0...v11.25.1) - Fixes a missing dependency on `p-limit`. ([#5619](https://togithub.com/firebase/firebase-tools/issues/5619)) ### [`v11.25.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.25.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.24.1...v11.25.0) - Adds support for optional `--database` argument in Firestore commands ([#5548](https://togithub.com/firebase/firebase-tools/issues/5548)). - Adds multiple firestore database targets support in firebase.json ([#5548](https://togithub.com/firebase/firebase-tools/issues/5548)). - Removes call to Cloud Run API and set CPU & concurrency in GCF API instead. ([#5605](https://togithub.com/firebase/firebase-tools/issues/5605)) - Fixes function deploy retry after quota exceeded bug and increase backoff. ([#5601](https://togithub.com/firebase/firebase-tools/issues/5601)) - Fixes bug where EVENTARC_CLOUD_EVENT_SOURCE environment variable was correctly set for some functions. ([#5597](https://togithub.com/firebase/firebase-tools/issues/5597)) - Adds 2nd gen firestore triggers to firebase deploy ([#5592](https://togithub.com/firebase/firebase-tools/issues/5592)). - Adds Extension emulator support for system params. - Adds `database:import` command for non-atomic imports ([#5396](https://togithub.com/firebase/firebase-tools/issues/5396)). ### [`v11.24.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.24.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.24.0...v11.24.1) - Fixes an issue where `ext:dev:init` would fail due to a missing CHANGELOG.md file ([#5530](https://togithub.com/firebase/firebase-tools/issues/5530)). ### [`v11.24.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.24.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.23.1...v11.24.0) - Allow configuration of the Cloud Function generated for full-stack web frameworks ([#5504](https://togithub.com/firebase/firebase-tools/issues/5504)) - Fixes bug where passing `--port` flag in `functions:shell` does not set which port to emulate functions ([#5521](https://togithub.com/firebase/firebase-tools/issues/5521)) - Improve error message during deploy when given invalid hosting rewrite rule ([#5533](https://togithub.com/firebase/firebase-tools/issues/5533)) - Generate ESM-compatible SSR function for web frameworks ([#5540](https://togithub.com/firebase/firebase-tools/issues/5540)) - Fix bug emulators:exec script didn't populate FIREBASE_CONFIG environment variable ([#5544](https://togithub.com/firebase/firebase-tools/issues/5544)) ### [`v11.23.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.23.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.23.0...v11.23.1) - Fix bug where CLI couldn't discover functions for monorepo setups. ([#5518](https://togithub.com/firebase/firebase-tools/issues/5518)) - Fix bug where --inspect-functions flag always fails. [#5516](https://togithub.com/firebase/firebase-tools/issues/5516) ### [`v11.23.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.23.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.22.0...v11.23.0) - Fix storage download name issue [#5478](https://togithub.com/firebase/firebase-tools/issues/5478) - Refactor the way timeouts are enforced by the Functions Emulator ([#5464](https://togithub.com/firebase/firebase-tools/issues/5464)) - Fix bug where cloudevent emitted by various emulators didn't conform to spec ([#5466](https://togithub.com/firebase/firebase-tools/issues/5466)) - Upgrade the emulator suite UI to 1.11.3 to capture some bug fixes ([#5479](https://togithub.com/firebase/firebase-tools/issues/5479)) - Web frameworks deploys can once again bundle local NPM dependencies ([#5440](https://togithub.com/firebase/firebase-tools/issues/5440)) - Catches error when attempting to deploy without a project ([#5415](https://togithub.com/firebase/firebase-tools/issues/5415)) - Fixes a number of issues and outdated dependencies in templates for `init --only functions` and `ext:dev:init` - Adds integration tests and useful scripts to the extension directory created by `ext:dev:init`. - Support private network access (CORS-RFC1918) in Firestore Emulator ([#4227](https://togithub.com/firebase/firebase-tools/issues/4227)) - Fix some edge cases where Emulator UI cannot reach the emulators ([#912](https://togithub.com/firebase/firebase-tools/issues/912)) - Fix various accessibility and usability issues in Emulator UI. - Support .env when deploying a web framework ([#5501](https://togithub.com/firebase/firebase-tools/issues/5501)) - Fix various issues with "init hosting" and web frameworks ([#5500](https://togithub.com/firebase/firebase-tools/issues/5500)) - Fix Next.js deployments on Windows ([#5499](https://togithub.com/firebase/firebase-tools/issues/5499)) ### [`v11.22.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.22.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.21.0...v11.22.0) - Refactors Functions Emulator. ([#5422](https://togithub.com/firebase/firebase-tools/issues/5422)) - Fixes race condition when discovering functions. ([#5444](https://togithub.com/firebase/firebase-tools/issues/5444)) - Added support for Nuxt 2 and Nuxt 3. ([#5321](https://togithub.com/firebase/firebase-tools/issues/5321)) - Fixes issue where `init firestore` was unecessarilly checking for default resource location. ([#5230](https://togithub.com/firebase/firebase-tools/issues/5230) and [#5452](https://togithub.com/firebase/firebase-tools/issues/5452)) - Pass `trailingSlash` from Next.js config to `firebase.json` ([#5445](https://togithub.com/firebase/firebase-tools/issues/5445)) - Don't use Next.js internal redirects for the backend test ([#5445](https://togithub.com/firebase/firebase-tools/issues/5445)) - Fix issue where pnpm support broke for function emulation and deployment. ([#5467](https://togithub.com/firebase/firebase-tools/issues/5467)) - Fix bug where .env.local files were not picked up during function emulation. ([#5477](https://togithub.com/firebase/firebase-tools/issues/5477)) ### [`v11.21.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.21.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.20.0...v11.21.0) - Fix bug where CLI was unable to deploy Firebase Functions in some monorepo setups ([#5391](https://togithub.com/firebase/firebase-tools/issues/5391)) - Upgrade Storage Rules Runtime to v1.1.3 to support ternary operators ([#5370](https://togithub.com/firebase/firebase-tools/issues/5370)) - Fixes an issue where already deployed functions with the same remote configuration do not get skipped ([#5354](https://togithub.com/firebase/firebase-tools/issues/5354)) - App Distribution: Links to new releases are now available. These links help you manage binaries and ensure that testers and other developers have the right release. ([#5405](https://togithub.com/firebase/firebase-tools/issues/5405)) ### [`v11.20.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.20.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.19.0...v11.20.0) - Fixes a bug in the pubsub emulator by forcing a shutdown if it didn't end cleanly. ([#5294](https://togithub.com/firebase/firebase-tools/issues/5294)) - Fixes an issue where dependencies for emulated Extensions would not be installed on Windows - thanks [@stfsy](https://togithub.com/stfsy)! ([#5372](https://togithub.com/firebase/firebase-tools/issues/5372)) - Adds emulator support for Extensions with schedule triggers - thanks [@stsfy](https://togithub.com/stsfy)! ([#5374](https://togithub.com/firebase/firebase-tools/issues/5374)) - Update the Emulator Suite UI to v1.11.2 to capture a set of accessibility improvements. ([#5394](https://togithub.com/firebase/firebase-tools/issues/5394)) - Fixes an issue in the Functions emulator where secret values were undefined after hot reload with the `--inspect-functions` flag. ([#5384](https://togithub.com/firebase/firebase-tools/issues/5384)) - Fixes a bug where functions:delete command did not recognize '-' as delimiter. ([#5290](https://togithub.com/firebase/firebase-tools/issues/5290)) - Reintroduces an updated Hosting emulator with i18n ([#4879](https://togithub.com/firebase/firebase-tools/issues/4879)) and Windows path ([#5133](https://togithub.com/firebase/firebase-tools/issues/5133)) fixes. ### [`v11.19.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.19.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.18.0...v11.19.0) - Support for string list typed parameters in functions deployment ([#5137](https://togithub.com/firebase/firebase-tools/issues/5137)) - Respect .npmrc in backends spun up for web frameworks ([#5235](https://togithub.com/firebase/firebase-tools/issues/5235)) - Remove esbuild dependency, instead bundle Next.js configuration on deploy with NPX ([#5336](https://togithub.com/firebase/firebase-tools/issues/5336)) - Add sharp NPM module to Cloud Functions when using Next.js Image Optimization ([#5238](https://togithub.com/firebase/firebase-tools/issues/5238)) - Adds user-defined env vars into the functions emulator ([#5330](https://togithub.com/firebase/firebase-tools/issues/5330)). - Support Next.js Middleware ([#5320](https://togithub.com/firebase/firebase-tools/issues/5320)) - Log the reason for a Cloud Function if needed in Next.js ([#5320](https://togithub.com/firebase/firebase-tools/issues/5320)) - Fixed service enablement when installing extensions with v2 functions ([#5338](https://togithub.com/firebase/firebase-tools/issues/5338)) - Fix bug where functions:shell command didn't connect to emulators running on other processes. ([#5269](https://togithub.com/firebase/firebase-tools/issues/5269)) - Fixed bug with Cross-Service Rules integration for Firestore documents containing nulls ([#5342](https://togithub.com/firebase/firebase-tools/issues/5342)) ### [`v11.18.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.18.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.17.0...v11.18.0) - Add support for Firestore TTL ([#5267](https://togithub.com/firebase/firebase-tools/issues/5267)) - Fix bug where secrets were not loaded when emulating functions with `--inpsect-functions`. ([#4605](https://togithub.com/firebase/firebase-tools/issues/4605)) - Handle Next.js rewrites/redirects/headers incompatible with `firebase.json` in Cloud Functions ([#5212](https://togithub.com/firebase/firebase-tools/issues/5212)) - Filter out Next.js prerendered routes that matches rewrites/redirects/headers rules from SSG content directory ([#5212](https://togithub.com/firebase/firebase-tools/issues/5212)) - Warn if a web framework's package.json contains anything other than the framework default build command. - Add support for nodejs18 for Cloud Functions for Firebase ([#5319](https://togithub.com/firebase/firebase-tools/issues/5319)) ### [`v11.17.0`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.17.0) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.16.1...v11.17.0) - Fix bug where disabling background triggers did nothing. ([#5221](https://togithub.com/firebase/firebase-tools/issues/5221)) - Fix bug in auth emulator where empty string should throw invalid email instead of missing email. ([#3898](https://togithub.com/firebase/firebase-tools/issues/3898)) - Fix bug in auth emulator in which createdAt was not set for signInWithIdp new users. ([#5203](https://togithub.com/firebase/firebase-tools/issues/5203)) - Add region warning for emulated database functions ([#5143](https://togithub.com/firebase/firebase-tools/issues/5143)) - Default to --no-localhost when calling login from Google Cloud Workstations - Support the x-goog-api-key header in auth emulator. ([#5249](https://togithub.com/firebase/firebase-tools/issues/5249)) - Fix bug in deploying web frameworks when a predeploy hook was configured in firebase.json ([#5199](https://togithub.com/firebase/firebase-tools/issues/5199)) - Fix bug where function deployments using --only filter sometimes failed deployments. ([#5280](https://togithub.com/firebase/firebase-tools/issues/5280)) - Fix bug where `ext:install` would sometimes fail if no version was specified. ([#5305](https://togithub.com/firebase/firebase-tools/issues/5305)) ### [`v11.16.1`](https://togithub.com/firebase/firebase-tools/releases/tag/v11.16.1) [Compare Source](https://togithub.com/firebase/firebase-tools/compare/v11.16.0...v11.16.1) - Updated the pubsub emulator to v0.7.1. - Updated some emulator download logic to pause after unzipping to avoid a file not found issue. - Fixes gzipped file handling in Storage Emulator. - Add support for object list using certain Admin SDKs ([#5208](https://togithub.com/firebase/firebase-tools/issues/5208)) - Fixes source token expiration issue b

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

socket-security[bot] commented 2 weeks ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@isaacs/cliui@8.0.2	None	`+7`	184 kB	isaacs
npm/@jsdoc/salty@0.2.8	None	`0`	26.7 kB	hegemonic
npm/@npmcli/agent@2.2.2	environment, network	`+3`	101 kB	npm-cli-ops
npm/@opentelemetry/semantic-conventions@1.3.1	None	`0`	590 kB	dyladan
npm/@pkgjs/parseargs@0.11.0	None	`0`	74.2 kB	oss-bot
npm/@pnpm/config.env-replace@1.1.0	None	`0`	15.2 kB	zkochan
npm/@pnpm/network.ca-file@1.0.2	Transitive: environment, filesystem	`+1`	45.5 kB	zkochan
npm/@pnpm/npm-conf@2.2.2	environment, filesystem	`0`	28.3 kB	zkochan
npm/@tootallnate/quickjs-emscripten@0.23.0	filesystem, network	`0`	1.73 MB	tootallnate
npm/@types/linkify-it@5.0.0	None	`0`	14.1 kB	types
npm/@types/markdown-it@14.1.1	None	`+1`	78.5 kB	types
npm/async-lock@1.3.2	None	`0`	17.2 kB	rogierschouten
npm/basic-ftp@5.0.5	filesystem, network	`0`	136 kB	patrickjuchli
npm/catharsis@0.9.0	filesystem	`0`	318 kB	hegemonic
npm/csv-parse@5.5.6	None	`0`	1.41 MB	david
npm/data-uri-to-buffer@6.0.2	None	`0`	16.8 kB	tootallnate
npm/deep-equal-in-any-order@2.0.6	None	`+2`	80.8 kB	oprogramador
npm/degenerator@5.0.1	None	`+1`	136 kB	tootallnate
npm/exegesis-express@4.0.0	Transitive: environment, eval, filesystem, shell	`+18`	5.97 MB	jwalton
npm/exponential-backoff@3.1.1	None	`0`	37.3 kB	sssayegh
npm/firebase-tools@13.6.0	environment, filesystem, network Transitive: eval, shell, unsafe	`+201`	45.7 MB	google-wombot
npm/ip-address@9.0.5	None	`+2`	264 kB	beaugunderson
npm/stream-chain@2.2.5	None	`0`	39 kB	elazutkin
npm/uc.micro@2.1.0	None	`0`	13.3 kB	vitaly

🚮 Removed packages: npm/@opentelemetry/semantic-conventions@1.12.0, npm/@types/archiver@5.3.2, npm/@types/readdir-glob@1.1.1, npm/as-array@1.0.0, npm/binary@0.3.0, npm/boxen@4.2.0, npm/buffer-indexof-polyfill@1.0.2, npm/buffers@0.1.1, npm/chainsaw@0.1.0, npm/cli-color@1.4.0, npm/compare-semver@1.1.0, npm/csv-streamify@3.0.4, npm/data-uri-to-buffer@3.0.1, npm/degenerator@3.0.3, npm/duplexer2@0.1.4, npm/es6-weak-map@2.0.3, npm/event-emitter@0.3.5, npm/exegesis-express@2.0.1, npm/exit-code@1.0.2, npm/firebase-tools@9.20.0, npm/is-promise@2.2.2, npm/latest-version@5.1.0, npm/lru-queue@0.1.0, npm/marked@0.7.0, npm/memoizee@0.4.15, npm/timers-ext@0.1.7, npm/traverse@0.3.9

View full report↗︎

socket-security[bot] commented 2 weeks ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Native code	npm/re2@1.21.3	Location: Package overview	`packages/phone-number-privacy/combiner/package.json` `packages/phone-number-privacy/monitor/package.json`	🚫

View full report↗︎

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/re2@1.21.3

celo-org / celo-monorepo