Update dependency firebase-tools to v13 [SECURITY] #8607
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
11.30.0
->13.6.0
GitHub Vulnerability Alerts
CVE-2024-4128
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0.
Release Notes
firebase/firebase-tools (firebase-tools)
v13.6.0
Compare Source
reset
endpoint for Datastore Mode.no_wrapper
options.v13.5.2
Compare Source
v13.5.1
Compare Source
v13.5.0
Compare Source
v13.4.1
Compare Source
GOOGLE_CLOUD_QUOTA_PROJECT
was not correctly respected. (#6801)v13.4.0
Compare Source
v13.3.1
Compare Source
--database-mode
flag togcloud emulator firestore start
command. Notethat this is a preview feature and if you find any bugs, please file them
here: https://github.com/firebase/firebase-tools/issues.
v13.3.0
Compare Source
firestore:delete
wouldn't target the emulator when expected. (#6537)v13.2.1
Compare Source
appdistribution:distribute
would always attempt to run tests. (#6749)v13.2.0
Compare Source
v13.1.0
Compare Source
v13.0.3
Compare Source
export
in .env files caused parsing errors. (#6629)v13.0.2
Compare Source
v13.0.1
Compare Source
firebase init hosting
. (#6562)firebase init hosting
. (#6309)v13.0.0
Compare Source
functions:shell
to remove dependency on deprecatedrequest
module.request
.ext:dev:publish
command. Useext:dev:upload
instead.--non-interactive
flag is not respected in Firestore indexes deploys. (#6539)login:use
would not work outside of a Firebase project directory. (#6526)not-found
requiring a Cloud Function in Next.js deployments. (#6558)v12.9.1
Compare Source
v12.9.0
Compare Source
--log-verbosity
flag (#2859).v12.8.1
Compare Source
v12.8.0
Compare Source
v12.7.0
Compare Source
FIRESTORE_EMULATOR_HOST
environment variable on functions deploy. (#6442)--verbosity
flag toemulators:*
commands that limits what logs are printed (#2859)v12.6.2
Compare Source
v12.6.1
Compare Source
v12.6.0
Compare Source
emulators:export
did not check if the target folder is empty. (#6313)v12.5.4
Compare Source
v12.5.3
Compare Source
npm
. (#6132)--non-interactive
and--force
were not respected in some extension deploys. (#6321)v12.5.2
Compare Source
v12.5.1
Compare Source
v12.5.0
Compare Source
v12.4.8
Compare Source
2.9.7
and above. (#6213)v12.4.7
Compare Source
firebase init hosting:github
fails due to max number of keys limit for a service account. (#6145)functions:secrets:\*
family of commands did not work when Firebase CLI is authenticated via GOOGLE_APPLICATION_CREDENTIALS (#6190)v12.4.6
Compare Source
glob
usage in Next.js utility function to detect images inapp
directory (#6166)firebase experiments:enable
to the emulator suite UI (#6169)v12.4.5
Compare Source
functions:secrets:set
didn't remove stale versions of a secret. (#6080)firebase deploy --only firestore:named-db
didn't update rules. (#6129)next/image
component in app directory for Next.js > 13.4.9. (#6143)vm2
. (#6150)v12.4.4
Compare Source
database:list
would have inaccurate results. (#6063)v12.4.3
Compare Source
firebase open hosting
andfirebase open crash
. (#6073)v12.4.2
Compare Source
ext:install
to use the latest extension metadata. (#5997)ext:dev:upload
. (#6052)ext:dev:upload
. (#6054)v12.4.1
Compare Source
firebase emulators:start
to crash in Next.js apps (#6005)v12.4.0
Compare Source
appdistribution:group:create
andappdistribution:group:delete
. (#5978)--group-alias
option toappdistribution:testers:add
andappdistribution:testers:remove
. (#5978)v12.3.1
Compare Source
v12.3.0
Compare Source
--import
flag directory does not exist. (#5851)ext:dev:init
to default 'billingRequired' to true inextension.yaml
LOCATION
param from theextensions.yaml
template forext:dev:init
v12.2.1
Compare Source
v12.2.0
Compare Source
serveOptimizedImages
. (#5716)ssr: false
andbaseURL
when using Nuxt. (#5716)FIREBASE_FRAMEWORKS_BUILD_TARGET
environment variable to override the default build target (#5572).v12.1.0
Compare Source
firebase emulators:start
when Python Cloud Functions directory path has spaces. (#5854)v12.0.1
Compare Source
firebase emulators:start
andfirebase deploy
when Python Cloud Functions directory path has spaces. (#5830)v12.0.0
Compare Source
ext:dev:*
commands to publish and manage Extensions. For step-by-step instructions on how to publish your own Extensions, see https://firebase.google.com/docs/extensions/publishers/get-started.ext:dev:publish
has been renamed toext:dev:upload
.ext:dev:upload
defaults to uploading extensions from GitHub instead of local source.ext:dev:publish
is deprecated and will be removed in version 13.ext:dev:delete
,ext:dev:unpublish
,ext:sources:create
andext:dev:emualtors:*
have been removed.firebase.json
contained multiple storage targets (#5170)firebase init
function templates for TypeScript and Javascript to 2nd gen (#5775)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.