Bump protobufjs, @firebase/rules-unit-testing and firebase in /unit-test-security-rules-v9

[dependabot]

Bumps protobufjs to 7.5.8 and updates ancestor dependencies protobufjs, @firebase/rules-unit-testing and firebase. These dependencies need to be updated together.

Updates protobufjs from 7.2.4 to 7.5.8

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

• fix: do not allow setting __proto__ in Message constructor (#2126)
• fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

• ensure that types are always resolved (#2068) (4b51cb2)

7.5.1 (2025-05-08)

Bug Fixes

• optimize regressions from editions implementations (#2066) (6406d4c)
• reserved field inside group blocks fail parsing (#2058) (56782bf)

... (truncated)

Commits

• d7035f9 chore: release protobufjs-v7.x (#2248)
• 54b593f fix: Backport parser hardening to 7.x (#2245)
• e88fcea chore: release protobufjs-v7.x (#2239)
• cc7d595 fix: Restore first-match namespace lookup (#2236)
• 3abc9b5 chore: release protobufjs-v7.x (#2190)
• a0bf2df fix: Update CLI peer dependency (7.x) (#2189)
• 2189e5b chore: release protobufjs-v7.x (#2174)
• 75392ea fix: Backport input hardening and CLI fixes to 7.x (#2173)
• 8af8d7c chore(ci): Fix 7.x release please configuration (#2169)
• e92ca42 chore(ci): Enable release-please for 7.x (#2166)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Updates @firebase/rules-unit-testing from 2.0.7 to 5.0.1

Release notes

Sourced from @​firebase/rules-unit-testing's releases.

4.5.2

Fixes

• Fixed a regression where the react-native property was missing from the firebase package.json
• Fixed a regression where the value of firebase.SDK_VERSION wasn't properly being populated.

4.5.1

Features

Shipped individual modules for the following packages:

• @firebase/app
• @firebase/auth
• @firebase/database
• @firebase/firestore
• @firebase/messaging
• @firebase/polyfill
• @firebase/storage
• @firebase/util

4.5.0

Features

• Added support for Cloud Firestore. For more information, see the following resources:
  • Blog post
  • Web getting started guide
  • Reference Documentation

4.4.0

Features

• Released multi-resource support for database #159

Fixes

• Fixed issue with null initialization in externs #160

4.3.0

Features

• Added client side localization for email actions (password reset, email verification, etc), phone authentication SMS messages, OAuth flows and reCAPTCHA verification.
• Added the ability to pass a continue URL/state when triggering a password reset/email verification which gives a user the ability to go back to the app after completion. In addition, added support for the ability to open these links directly from a mobile app instead of a web flow using Firebase Dynamic Links.

Fixes

• Fixed issue with IE10 auth state synchronization across tabs

4.2.0

Features

... (truncated)

Changelog

Sourced from @​firebase/rules-unit-testing's changelog.

5.0.1

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

5.0.0

Minor Changes

• 25b60fd #9128 - Update node "engines" version to a minimum of Node 20.

Patch Changes

• Updated dependencies [a4ccd25, 5200f7b, 6ab4e13, 91fa484, e59cd7d, cb19688, d91169f, ec5f374, 25b60fd]:
  • firebase@12.0.0

4.0.1

Patch Changes

• b80711925 #8604 - Upgrade to TypeScript 5.5.4

4.0.0

Patch Changes

• 479226bf3 #8475 - Remove ES5 bundles. The minimum required ES version is now ES2017.

• 479226bf3 #8475 - Removed dependency on undici and node-fetch in our node bundles, replacing them with the native fetch implementation.

• Updated dependencies [479226bf3, 479226bf3, b942e9e6e]:

  • firebase@11.0.0

3.0.4

Patch Changes

• d752e8096 #8298 - Upgrade firebase-admin to 11.11.1

3.0.3

Patch Changes

• ab883d016 #8237 - Bump all packages so staging works.

3.0.2

Patch Changes

... (truncated)

Commits

• 1adfd64 Version Packages (#9923)
• 62ae2e2 chore: Update picomatch and rollup-plugin-typescript2 (#9892)
• 8e384c9 chore: Combine a group of dependabot security updates (#9883)
• 31fcb5c chore: Update a group of dependabot merges (#9875)
• c9c083f build(deps): bump fast-xml-parser (#9607)
• 1b9593b build(deps): bump minimatch in /packages/rules-unit-testing/functions (#9595)
• d7c311a build(deps): bump lodash in /packages/rules-unit-testing/functions (#9463)
• 52c8579 Version Packages (#9165)
• 25b60fd chore!: update engines.node to minimum of 20 (#9128)
• 2f92a74 Update dependencies in packages and repo-scripts (#8729)
• Additional commits viewable in compare view

Updates firebase from 9.23.0 to 12.13.0

Release notes

Sourced from firebase's releases.

firebase@12.13.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.12.0

Minor Changes

• ffa39f6 #9795 - Added LiveSession.resumeSession() to allow resuming a previous LiveSession. Also added contextWindowCompression feature.

• 86dc0db #9819 - Added support for ImageConfig (aspect ratio and size). Expanded FinishReason values to include all currently available values provided by the models.

• 345c5f6 #9458 - AI Logic : Feature : Added support for Grounding with Google Maps.

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

• Updated dependencies [8e384c9]:

• @​firebase/app-check-interop-types@​0.3.4

• @​firebase/component@​0.7.3

• @​firebase/logger@​0.5.1

• @​firebase/util@​1.15.1

@​firebase/data-connect@​0.7.0

Minor Changes

• 714b41d #9905 - Hardened the Firebase SQL Connect streaming transport with intelligent reconnection, query de-duplication, and resume optimizations.

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

• Updated dependencies [8e384c9]:

• @​firebase/auth-interop-types@​0.2.5

• @​firebase/component@​0.7.3

• @​firebase/logger@​0.5.1

• @​firebase/util@​1.15.1

firebase@12.13.0

Minor Changes

• ffa39f6 #9795 - Added LiveSession.resumeSession() to allow resuming a previous LiveSession. Also added contextWindowCompression feature.

• 714b41d #9905 - Hardened the Firebase SQL Connect streaming transport with intelligent reconnection, query de-duplication, and resume optimizations.

... (truncated)

Commits

• 1adfd64 Version Packages (#9923)
• 50d5b6a Merge main into release
• 714b41d feat(data-connect): add de-duplication, resume, and intelligent reconnection ...
• f80895f Merge main into release
• 330a387 chore: migrate test functions to v2 (#9910)
• 3b87134 build(deps): bump axios from 1.13.5 to 1.15.2 (#9860)
• 402b1f0 fix(firestore): Assertion ID: ca9 (pendingResponses less than 0) caused by ta...
• 86dc0db feat(ai): ImageConfig and FinishReasons (#9819)
• 62ae2e2 chore: Update picomatch and rollup-plugin-typescript2 (#9892)
• 96e81ff feat(firestore): Added search stage support for languageCode, offset, limit, ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.