Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 18 updates #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 18 updates #144

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 17, 2025

Bumps the npm_and_yarn group with 5 updates in the /functions directory:

Package From To
ejs 3.1.6 3.1.10
express 4.17.1 4.21.2
@google-cloud/firestore 4.15.1 7.11.6
js-yaml 3.14.1 3.14.2
minimatch 3.0.4 3.1.2

Updates ejs from 3.1.6 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

Commits

Updates express from 4.17.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates @google-cloud/firestore from 4.15.1 to 7.11.6

Release notes

Sourced from @​google-cloud/firestore's releases.

v7.11.6

7.11.6 (2025-09-26)

Bug Fixes

  • Pool.ts: add even more logging (c508d1b)

v7.11.5

7.11.5 (2025-09-22)

Bug Fixes

  • Pool.ts: add more detailed logging for client garbage collection (#2420) (1bbca46)

v7.11.4

7.11.4 (2025-09-16)

Bug Fixes

  • Improve debug logging for the internal client pool. Added client IDs to debug log statements for client management. (99918f1)

v7.11.3

7.11.3 (2025-07-09)

Bug Fixes

  • Improve performance of the UTF-8 string comparison logic (#2380) (bc6a03e)

v7.11.2

7.11.2 (2025-06-19)

Bug Fixes

  • Firestore Client caching stub in bad state issue (#2365) (04ad0a4)

v7.11.1

7.11.1 (2025-05-02)

Bug Fixes

  • Aggregate query readtime bug (#2331) (9ac0394)
  • Bump default deadline on CreateDatabase and RestoreDatabase to 2 minutes (#2274) (d559080)
  • Close default BulkWriter upon terminate. (#2276) (1e714a8)
  • Correctly escape field paths with multiple backslashes or backticks (#2259) (#2261) (7056ba7)

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

7.11.6 (2025-09-26)

Bug Fixes

  • Pool.ts: add even more logging (c508d1b)

7.11.5 (2025-09-22)

Bug Fixes

  • Pool.ts: add more detailed logging for client garbage collection (#2420) (1bbca46)

7.11.4 (2025-09-16)

Bug Fixes

  • Improve debug logging for the internal client pool. Added client IDs to debug log statements for client management. (99918f1)

7.11.3 (2025-07-09)

Bug Fixes

  • Improve performance of the UTF-8 string comparison logic (#2380) (bc6a03e)

7.11.2 (2025-06-19)

Bug Fixes

  • Firestore Client caching stub in bad state issue (#2365) (04ad0a4)

7.11.1 (2025-05-02)

Bug Fixes

  • Aggregate query readtime bug (#2331) (9ac0394)
  • Bump default deadline on CreateDatabase and RestoreDatabase to 2 minutes (#2274) (d559080)
  • Close default BulkWriter upon terminate. (#2276) (1e714a8)
  • Correctly escape field paths with multiple backslashes or backticks (#2259) (#2261) (7056ba7)
  • Do not send page size with auto-paginate. Fixes warnings in listCollections and listDocuments. (#2336) (844b4ca)
  • Finalize fixing typings for headers in generator (#2287) (c6c85b6)
  • Prevent crashes if an inactive stream receives an error. (#2283) (f58fe79)
  • Remove unused "long" dependency from firestore proto (#2324) (5937b93)
  • Sort document reference by long type id (#2257) (3fd0de9)
  • Sort strings in UTF-8 encoded byte order (#2275) (a2950e0)

... (truncated)

Commits
  • 42b9f48 chore(main): release 7.11.6 (#2427)
  • c508d1b change: pool.ts: add even more logging (#2426)
  • 4a6aafa chore(main): release 7.11.5 (#2422)
  • 1bbca46 fix: pool.ts: add more detailed logging for client garbage collection (#2420)
  • 0ab21b3 chore(main): release 7.11.4 (#2418)
  • 99918f1 change: pool.ts: assign unique IDs to clients and include those IDs in log me...
  • c7ee682 chore: bump node 14 to node 18 in kokoro (#2417)
  • 1b97377 chore(main): release 7.11.3 (#2381)
  • bf61eaf docs: add an example to the detailed comment in compareUtf8Strings() (#2383)
  • bc6a03e fix: Improve performance of the UTF-8 string comparison logic (#2380)
  • Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.4.2 to 1.14.1

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.14.1

  • Fix a regression of the settings used internally for HTTP/2 sessions (#3023)

@​grpc/grpc-js-xds 1.14.0

  • Implement RBAC support (gRFC A41) (#2939, #2945)
  • Add weighted_round_robin to LB policy registry (#3001) (currently experimental, enabled by the environment variable GRPC_EXPERIMENTAL_XDS_WRR_LB)
  • Add wrr_locality to LB policy registry (#3003)

@​grpc/grpc-js 1.14.0

Changelog

  • Add getAuthContext method to client and server call classes (more details can be found in gRFC L35) (#2920)
  • Implement custom backend metrics support (gRFC A51) (#2978, #2983, #2985, #2986, #2999)
  • Add getConnectionInfo method to the ServerInterceptingCall class (#2922)
  • Implement the weighted_round_robin load balancing policy (#2998)
  • Fix jitter behavior for client retries (#2960 contributed by @​ekscentrysytet)
  • Start connecting from a random index in the round_robin LB policy (#2979)
  • Send connection-level WINDOW_UPDATE at session start (#2971 contributed by @​KoenRijpstra)

Experimental API Changes

Added:

  • CHANNEL_ARGS_CONFIG_SELECTOR_KEY
  • StatusOr<T>
  • CallStream
  • statusOrFromValue
  • statusOrFromError

Modified:

  • ResolverListener#onSuccessfulResolution now has the signature (endpointList: StatusOr<Endpoint[]>, attributes: { [key: string]: unknown }, serviceConfig: StatusOr<ServiceConfig> | null, resolutionNote: string): boolean
  • LoadBalancer#updateAddressList now has the signature `updateAddressList(endpointList: StatusOr<Endpoint[]>,lbConfig: TypedLoadBalancingConfig, channelOptions: ChannelOptions, resolutionNote: string): boolean

@​grpc/grpc-js 1.13.4

  • Fix ability to set SNI with ssl_target_name_override option (#2956)

@​grpc/grpc-js 1.13.3

  • Disable Nagle's algorithm (#2936)
  • Avoid calling http2.getDefaultSettings (#2937)

@​grpc/grpc-js 1.13.2

  • Fix a bug that caused clients to be unable to connect through local proxies (#2933)

@​grpc/grpc-js 1.13.1

  • Fix a bug that caused the rejectUnauthorized channel credentials option to be handled incorrectly (#2926)
  • Fix a bug that caused the client to never send retries if any retryThrottling config was set (#2927)
  • Fix a bug that caused clients to incorrectly send retries if the feature was disabled by a channel option and a retry config was provided (#2927)

@​grpc/grpc-js-xds 1.13.0

... (truncated)

Commits
  • 425e7cb Merge pull request #3023 from murgatroid99/grpc-js_session_memory_fix
  • dcb2182 grpc-js: Re-add a couple of accidentally removed HTTP/2 session settings
  • 3dd281b Merge pull request #3014 from murgatroid99/grpc-js_v1.14_bump
  • 26c5fe4 grpc-js(-xds): Bump to 1.14.0 and update README
  • a432dbd Merge pull request #3009 from murgatroid99/grpc-js-xds_deexperimentalize_fede...
  • 67154af Merge pull request #3008 from murgatroid99/grpc-js-xds_client_wrr_interop_sup...
  • 82ee40c Merge pull request #3013 from murgatroid99/grpc-tools_mac_build_fix
  • 272851e grpc-tools: Fix Mac build by allowing lower CMake versions
  • 4267749 Merge pull request #3011 from murgatroid99/grpc-tools_windows_build_fix
  • 1314e67 grpc-tools: build: Fix Windows build by skipping installing NuGet
  • Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1

1.20.0

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates cookie from 0.4.0 to 0.4.1

Release notes

Sourced from cookie's releases.

0.4.1

  • Fix maxAge option to reject invalid values
Changelog

Sourced from cookie's changelog.

0.4.1 / 2020-04-21

  • Fix maxAge option to reject invalid values
Commits

Updates semver from 5.7.1 to 7.7.3

Release notes

Sourced from semver's releases.

v7.7.3

7.7.3 (2025-10-06)

Bug Fixes

Chores

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

Chores

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.3 (2025-10-06)

Bug Fixes

Chores

7.7.2 (2025-05-12)

Bug Fixes

Chores

7.7.1 (2025-02-03)

Bug Fixes

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

... (truncated)

Commits
  • a25789b chore: release 7.7.3 (#812)
  • e37e0ca fix: faster paths for compare (#813)
  • 2471d75 fix: x-range build metadata support
  • 8f05c87 chore: bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#807)
  • d17aebf chore: bump @​npmcli/template-oss from 4.24.4 to 4.25.0 (#797)
  • 3b03e3b chore: bump @​npmcli/template-oss from 4.24.3 to 4.24.4 (#790)
  • 281055e chore: release 7.7.2 (#783)
  • fcafb61 fix: add missing 'use strict' directives (#780)
  • c760403 chore: template-oss-apply for workflow permissions (#784)
  • c99f336 fix: prerelease identifier starting with digits (#781)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for semver since your current version.


Updates jose from 2.0.5 to 4.15.9

Release notes

Sourced from jose's releases.

v4.15.9

Fixes

  • add sideEffects:false to nested ESM package.json files (17eef5f)

v4.15.7

Fixes

  • add a workerd package.json target (e36d69e)

v4.15.5

Fixes

v4.15.4

Fixes

v4.15.3

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

Fixes

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 18 u…
e78e2a1 
…pdates

Bumps the npm_and_yarn group with 5 updates in the /functions directory:

| Package | From | To |
| --- | --- | --- |
| [ejs](https://github.com/mde/ejs) | `3.1.6` | `3.1.10` |
| [express](https://github.com/expressjs/express) | `4.17.1` | `4.21.2` |
| [@google-cloud/firestore](https://github.com/googleapis/nodejs-firestore) | `4.15.1` | `7.11.6` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |



Updates `ejs` from 3.1.6 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.1.6...v3.1.10)

Updates `express` from 4.17.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.17.1...4.21.2)

Updates `@google-cloud/firestore` from 4.15.1 to 7.11.6
- [Release notes](https://github.com/googleapis/nodejs-firestore/releases)
- [Changelog](https://github.com/googleapis/nodejs-firestore/blob/main/CHANGELOG.md)
- [Commits](googleapis/nodejs-firestore@v4.15.1...v7.11.6)

Updates `@grpc/grpc-js` from 1.4.2 to 1.14.1
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected])

Updates `body-parser` from 1.19.0 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.19.0...1.20.3)

Updates `cookie` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Changelog](https://github.com/jshttp/cookie/blob/v0.4.1/HISTORY.md)
- [Commits](jshttp/cookie@v0.4.0...v0.4.1)

Updates `semver` from 5.7.1 to 7.7.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v7.7.3)

Updates `jose` from 2.0.5 to 4.15.9
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/v4.15.9/CHANGELOG.md)
- [Commits](panva/jose@v2.0.5...v4.15.9)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `jsonwebtoken` from 8.5.1 to 9.0.2
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.2)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `node-fetch` from 2.6.6 to 2.7.0
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.6...v2.7.0)

Updates `node-forge` from 0.10.0 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.10.0...v1.3.1)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `protobufjs` from 6.11.2 to 7.5.4
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@v6.11.2...protobufjs-v7.5.4)

Updates `qs` from 6.7.0 to 6.13.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.13.0)

Updates `send` from 0.17.1 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.17.1...0.19.0)

Updates `serve-static` from 1.14.1 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.14.1...v1.16.2)

---
updated-dependencies:
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@google-cloud/firestore"
  dependency-version: 7.11.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.14.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 7.7.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jose
  dependency-version: 4.15.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jsonwebtoken
  dependency-version: 9.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.3.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-version: 7.5.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.13.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 17, 2025

Assignees

The following users could not be added as assignees: AravindVNair99. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from aravindvnair99 as a code owner November 17, 2025 18:26
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 17, 2025
This was referenced Nov 17, 2025
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aravindvnair99 aravindvnair99 Awaiting requested review from aravindvnair99 aravindvnair99 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@aravindvnair99 aravindvnair99

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aravindvnair99